cookbook 'r1337-sshconfig', '~> 0.1.6'
r1337-sshconfig (7) Versions 0.1.6 Follow0
Configure OpenSSH with standard or hardened settings
cookbook 'r1337-sshconfig', '~> 0.1.6', :supermarket
knife supermarket install r1337-sshconfig
knife supermarket download r1337-sshconfig
Chef Cookbook - SSH Configuration
This Chef cookbook will configure SSH on Linux servers to be compliant with Route 1337 security policies. There are a few versions of the configuration depending on the recipe that is chosen
SSH Config Recipes
- standardssh.rb is the standard recipe suitable for use on internal LANs or where networks are trusted to be secured
- hardenedssh.rb is a recipe for use in DMZs or other networks where sophisticated attacks are either expected, or where more stringent policies exist
Changes Performed
- Configures OpenSSH server with custom security settings depending on recipe selected.
- Ensures OpenSSH is installed, configured and enabled/running
Requirements
- Chef (Tested on Chef 13.6.4)
- Linux chef-clients (Tested on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, and CentOS 7.2 but kitchen will let you test anything you want)
- The openssh cookbook from Chef Supermarket
Installation Tips
- We personally use Berks to install this into Chef servers, because it will grab the dependencies for you as well.
- You must set the attribute ['r1337-sshconfig']['sshpolicy'] to
hardened
if you want something stronger than the default. For most people the default is fine.
Limitations
- None so far :)
Known Issues
- None so far :)
Use Cases
Configuring SSH as part of a base security requirement
Donate To Support These Vagrant Boxes
Route 1337, LLC operates entirely on donations. If you find these scripts useful, please consider contacting us about how to donate.
Thank you for your support!
Dependent cookbooks
openssh >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
SSH Configuration - Changelog
A list of all the changes made to this cookbook
Version 0.1.6
- Removing stale cryptocurrency wallets from donation section of README
Version 0.1.5
- Added testing to verify Ubuntu 18.04 support
- Documentation fixes
Version 0.1.4
- metadata.rb has been changed to set 13.6.4 as the minimum chef-client version instead of the only version
Version 0.1.3
- Kitchen is now locked to testing on the version of Chef we use in production
Version 0.1.2
- Bringing documentation in line with Chef Supermarket Foodcritic expectations
Version 0.1.1
- Set
AllowTcpForwarding no
on the Hardened configuration
Version 0.1.0
- Initial Release
Collaborator Number Metric
0.1.6 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.6 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.6 passed this metric
No Binaries Metric
0.1.6 passed this metric
Testing File Metric
0.1.6 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.6 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.6 failed this metric
0.1.6 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.6 passed this metric
No Binaries Metric
0.1.6 passed this metric
Testing File Metric
0.1.6 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.6 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.6 passed this metric
0.1.6 passed this metric
Testing File Metric
0.1.6 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.6 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.6 failed this metric
0.1.6 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number