cookbook 'sanitize', '= 0.1.0', :supermarket
Sanitizes system by providing a sane default configuration
cookbook 'sanitize', '= 0.1.0'
knife supermarket install sanitize
knife supermarket download sanitize
This cookbook aims to normalize setup of a fresh server and set sane defaults for global settings, and work with various initial environments (tested on EC2 images, Hetzner "minimal" installations, and debootstrap-created LXC images). At the moment it supports only Ubuntu, Debian support is planned.
This cookbook is developed on GitHub at https://github.com/3ofcoins/chef-cookbook-sanitize
sanitize.iptables-- if false, does not install and configure iptables; defaults to true.
recipe[sanitize] in your run list after your user accounts
are created and sudo and ssh is configured.
This is the default "base settings" setup. It should be called after shell user accounts and sudo are configured, as it locks default login user and direct root access.
- Locks system password for
rootuser (assumes that only sudo is used to elevate privileges)
- Ensure all FHS-provided directories exist by creating some that
have been found missing on some of the installation (namely,
- Sets locale to
en_US.UTF-8, generates this locale, sets time zone to UTC
- Changes mode of
0600-- readable only for root, as it may contain sensitive data
- Deletes annoying
- Installs vim and sets it as a default system editor
- Installs and configures iptables, opens SSH port (optional, but enabled by default)
can-hascommand as a symlink to
Plans for future, in no particular order:
- Depend on and include
openssh-server; configure SSH known hosts, provide sane SSH server and client configuration defaults
- Provide hooks (definitions / LWRP / library) for other cookbooks for commonly used facilities, such as opening up common ports, "backend" http service, SSL keys management, maybe some other "library" functions like helpers for encrypted data bags
|iptables >= 0.0.0|
|build-essential >= 0.0.0|
|apt >= 0.0.0|
There are no cookbooks that are contingent upon this one.