diff --git a/providers/etcresolv.rb b/providers/etcresolv.rb new file mode 100644 index 0000000..fc45be8 --- /dev/null +++ b/providers/etcresolv.rb @@ -0,0 +1,129 @@ +# +# Copyright 2015-2016, Benoit Creau +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Amended by Ian Bellinfantie +# Contact ibellinfantie@sbm.com.sa +# +# just copied the etchosts and made the etcresolv +# uses the namerslv command instead of the namerslv command +# + +use_inline_resources + +# support whyrun +def whyrun_supported? + true +end + +# load current resource name to detremine type of resolv.conf change +def load_current_resource + @current_resource = Chef::Resource::AixEtcresolv.new(@new_resource.name) + # entry types could be domain, search, nameserver, options + @current_resource.exists = false + # set command for all entries for /etc/resolv.conf + namerslv = shell_out("namerslv -s | grep #{@new_resource.address}") + if !namerslv.error? + namerslv_array = namerslv.stdout.split(' ') + Chef::Log.debug('etcresolv: resource exists') + @current_resource.exists = true + else + Chef::Log.debug('etcresolv: resource does not exists') + end + + # If resource exists , load values into a hash + if @current_resource.exists + Chef::Log.debug('etcresolv: resource exists loading attributes') + @current_resource.name(namerslv_array[0]) + Chef::Log.debug("etcresolv: current resource name: #{namerslv_array[0]}") + @current_resource.address(namerslv_array[1]) + Chef::Log.debug("etcresolv: current resource address: #{namerslv_array[1]}") + puts "#{namerslv_array[0]} #{namerslv_array[1]}" + end +end + + +# add +action :add do + unless @current_resource.exists + # add entry if it exists + if @new_resource.name =~ /nameserver/ + #An ip address has been given + namerslv_add_s = "namerslv -a -i #{@new_resource.address} " + elsif @new_resource.name =~ /search/ + # A search domain_name has been given + namerslv_add_s = "namerslv -a -S #{@new_resource.address} " + elsif @new_resource.name =~ /domain/ + # A domain name has been given + namerslv_add_s = "namerslv -a -D #{@new_resource.address} " + else + puts " Don't know what has been given" + end + converge_by("namerslv: add #{@new_resource.address} in /etc/resolv.conf file") do + Chef::Log.debug("etcresolv: running #{namerslv_add_s}") + shell_out!(namerslv_add_s) + end + end +end + +# delete +action :delete do + if @current_resource.exists + # delete entry if it exists + if @new_resource.name =~ /nameserver/ + #An ip address has been given for nameserver + namerslv_del_s = "namerslv -d -i #{@new_resource.address} " + elsif @new_resource.name =~ /domain/ + # A domain name has been given + namerslv_del_s = "namerslv -d -n " + else + puts " Option not supported" + end + converge_by("namerslv: delete #{@new_resource.address} in /etc/resolv.conf file") do + Chef::Log.debug("etcresolv: running #{namerslv_del_s}") + shell_out!(namerslv_del_s) + end + end +end + +# change +action :change do + if @current_resource.exists + # determine which type to change + if @new_resource.name =~ /nameserver/ + #An ip address has been given for nameserver + namerslv_change_s = "namerslv -d -i #{@new_resource.address} ; namerslv -a -i #{@new_resource.new_address}" + elsif @new_resource.name =~ /domain/ + # A domain name has been given + namerslv_change_s = "namerslv -d -n ; namerslv -a -D #{@new_resource.new_address}" + else + puts " Option not supported" + end + converge_by("namerslv: delete #{@new_resource.address} in /etc/resolv.conf file") do + Chef::Log.debug("etcresolv: running #{namerslv_change_s}") + shell_out!(namerslv_change_s) + end + end +end + +# delete_all +action :delete_all do + if @current_resource.exists + namerslv_del_all_s = "namerslv -X" + converge_by('etcresolv: removing all entries') do + Chef::Log.debug("etcresolv: running #{namerslv_del_all_s}") + shell_out!(namerslv_del_all_s) + end + end +end diff --git a/providers/userlimits.rb b/providers/userlimits.rb new file mode 100644 index 0000000..faf03e7 --- /dev/null +++ b/providers/userlimits.rb @@ -0,0 +1,125 @@ +# +# Copyright 2015-2016, Benoit Creau +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Amended by Ian Bellinfantie +# Contact ibellinfantie@sbm.com.sa +# +# there should only be one line in /etc/netsvc.conf +# so either add or delete the line +# + +use_inline_resources + +# support whyrun +def whyrun_supported? + true +end + +# load current resource name to detremine type of resolv.conf change +def load_current_resource + @current_resource = Chef::Resource::AixUserlimits.new(@new_resource.name) + # entry types could be domain, search, nameserver, options + @current_resource.exists = false + # set command for all entries for /etc/security/limits + user_limits = shell_out("cat /etc/security/limits | grep -v \\* | grep -wp default | grep -v default | sed \'\/^\\s*\$\/d\' | xargs | sed \'s\/=\/:\/g\' | tr -s \' \' \':\' | perl -pe \'chomp\'") + if !user_limits.error? + user_limits_array = user_limits.stdout.split(':') + Chef::Log.debug('userlimits: resource exists') + @current_resource.exists = true + else + Chef::Log.debug('userlimits: resource does not exists') + end + + # If resource exists , load values into a hash + if @current_resource.exists + Chef::Log.debug('userlimits: resource exists loading attributes') + @current_resource.name(@new_resource.name) + Chef::Log.debug("userlimits: current resource name: #{@current_resource.name}") + + @current_resource.fsize(user_limits_array[1]) + @current_resource.core(user_limits_array[3]) + @current_resource.cpu(user_limits_array[5]) + @current_resource.data(user_limits_array[7]) + @current_resource.rss(user_limits_array[9]) + @current_resource.stack(user_limits_array[11]) + @current_resource.nofiles(user_limits_array[13]) + Chef::Log.debug("userlimits: current resource fsize: #{user_limits_array[1]}") + Chef::Log.debug("userlimits: current resource core: #{user_limits_array[3]}") + Chef::Log.debug("userlimits: current resource cpu: #{user_limits_array[5]}") + Chef::Log.debug("userlimits: current resource data: #{user_limits_array[7]}") + Chef::Log.debug("userlimits: current resource rss: #{user_limits_array[9]}") + Chef::Log.debug("userlimits: current resource stack: #{user_limits_array[11]}") + Chef::Log.debug("userlimits: current resource nofiles: #{user_limits_array[13]}") + + + if @new_resource.fsize.nil? + @new_resource.fsize(@current_resource.fsize) + end + if @new_resource.core.nil? + @new_resource.core(@current_resource.core) + end + if @new_resource.cpu.nil? + @new_resource.cpu(@current_resource.cpu) + end + if @new_resource.data.nil? + @new_resource.data(@current_resource.data) + end + if @new_resource.rss.nil? + @new_resource.rss(@current_resource.rss) + end + if @new_resource.stack.nil? + @new_resource.stack(@current_resource.stack) + end + if @new_resource.nofiles.nil? + @new_resource.nofiles(@current_resource.nofiles) + end + end +end + + + +# change the default settings for user limits -- using default instaed of #{@new_resource.name} to ensure only +# the default settings are changed. +action :change do + + if @new_resource.fsize != @current_resource.fsize || @new_resource.core != @current_resource.core || @new_resource.cpu != @current_resource.cpu || @new_resource.data != @current_resource.data || @new_resource.rss != @current_resource.rss || @new_resource.stack != @current_resource.stack || @new_resource.nofiles != @current_resource.nofiles + change = true + + nfs = @new_resource.fsize + nco = @new_resource.core + ncp = @new_resource.cpu + nda = @new_resource.data + nrs = @new_resource.rss + nst = @new_resource.stack + nno = @new_resource.nofiles + cfs = @current_resource.fsize + cco = @current_resource.core + ccp = @current_resource.cpu + cda = @current_resource.data + crs = @current_resource.rss + cst = @current_resource.stack + cno = @current_resource.nofiles + + if change + userlimits_change_s = "cat /etc/security/limits|sed -n \'1h;1\!H;\${x;/default:/ s/fsize = #{cfs}/fsize = #{nfs}/g;p;}\'|sed -n \'1h;1\!H;\${x;/default:/ s/core = #{cco}/core = #{nco}/g;p;}\'|sed -n \'1h;1\!H;\${x;/default:/ s/cpu = #{ccp}/cpu = #{ncp}/g;p;}\'|sed -n \'1h;1\!H;\${x;/default:/ s/data = #{cda}/data = #{nda}/g;p;}\'|sed -n \'1h;1\!H;\${x;/default:/ s/rss = #{crs}/rss = #{nrs}/g;p;}\'|sed -n \'1h;1\!H;\${x;/default:/ s/stack = #{cst}/stack = #{nst}/g;p;}\'|sed -n \'1h;1\!H;\${x;/default:/ s/nofiles = #{cno}/nofiles = #{nno}/g;p;}\' >/etc/security/limits" + converge_by("userlimits: change #{@new_resource.name} in /etc/security/limits file") do + Chef::Log.debug("userlimits: running #{userlimits_change_s}") + shell_out!(userlimits_change_s) + end + else + change = false + end + end + end diff --git a/providers/usersec.rb b/providers/usersec.rb new file mode 100644 index 0000000..77a9f00 --- /dev/null +++ b/providers/usersec.rb @@ -0,0 +1,135 @@ +# +# Copyright 2015-2016, Benoit Creau +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Amended by Ian Bellinfantie +# Contact ibellinfantie@sbm.com.sa +# + + +use_inline_resources + +# support whyrun +def whyrun_supported? + true +end + +# load current resource name to detremine type of resolv.conf change +def load_current_resource + @current_resource = Chef::Resource::AixUsersec.new(@new_resource.name) + # entry types could be domain, search, nameserver, options + @current_resource.exists = false + # set command for all entries for /etc/security/limits + user_sec = shell_out("for attr in umask pwdwarntime loginretries histexpire histsize minage maxage maxexpired minalpha minother minlen mindiff maxrepeats ; do lssec -c -f /etc/security/user -s default -a $attr ; done | xargs | sed \'s/default://g\' | sed \'s/\\#name://g\' | perl -pe \'chomp\'") + if !user_sec.error? + user_sec_array = user_sec.stdout.split(' ') + Chef::Log.debug('usersec: resource exists') + @current_resource.exists = true + else + Chef::Log.debug('usersec: resource does not exists') + end + + # If resource exists , load values into a hash + if @current_resource.exists + Chef::Log.debug('usersec: resource exists loading attributes') + @current_resource.name(@new_resource.name) + Chef::Log.debug("usersec: current resource name: #{@current_resource.name}") + @current_resource.umask(user_sec_array[1]) + @current_resource.pwdwarntime(user_sec_array[3]) + @current_resource.loginretries(user_sec_array[5]) + @current_resource.histexpire(user_sec_array[7]) + @current_resource.histsize(user_sec_array[9]) + @current_resource.minage(user_sec_array[11]) + @current_resource.maxage(user_sec_array[13]) + @current_resource.maxexpired(user_sec_array[15]) + @current_resource.minalpha(user_sec_array[17]) + @current_resource.minother(user_sec_array[19]) + @current_resource.minlen(user_sec_array[21]) + @current_resource.mindiff(user_sec_array[23]) + @current_resource.maxrepeats(user_sec_array[25]) + Chef::Log.debug("user_sec: current resource umask: #{user_sec_array[1]}") + Chef::Log.debug("user_sec: current resource pwdwarntime: #{user_sec_array[3]}") + Chef::Log.debug("user_sec: current resource loginretries: #{user_sec_array[5]}") + Chef::Log.debug("user_sec: current resource histexpire: #{user_sec_array[7]}") + Chef::Log.debug("user_sec: current resource histsize: #{user_sec_array[9]}") + Chef::Log.debug("user_sec: current resource minage: #{user_sec_array[11]}") + Chef::Log.debug("user_sec: current resource maxage: #{user_sec_array[13]}") + Chef::Log.debug("user_sec: current resource maxexpired: #{user_sec_array[15]}") + Chef::Log.debug("user_sec: current resource minalpha: #{user_sec_array[17]}") + Chef::Log.debug("user_sec: current resource minother: #{user_sec_array[19]}") + Chef::Log.debug("user_sec: current resource minlen: #{user_sec_array[21]}") + Chef::Log.debug("user_sec: current resource mindiff: #{user_sec_array[23]}") + Chef::Log.debug("user_sec: current resource maxrepeats: #{user_sec_array[25]}") + if @new_resource.umask.nil? + @new_resource.umask(@current_resource.umask) + end + if @new_resource.pwdwarntime.nil? + @new_resource.pwdwarntime(@current_resource.pwdwarntime) + end + if @new_resource.loginretries.nil? + @new_resource.loginretries(@current_resource.loginretries) + end + if @new_resource.histexpire.nil? + @new_resource.histexpire(@current_resource.histexpire) + end + if @new_resource.histsize.nil? + @new_resource.histsize(@current_resource.histsize) + end + if @new_resource.minage.nil? + @new_resource.minage(@current_resource.minage) + end + if @new_resource.maxage.nil? + @new_resource.maxage(@current_resource.maxage) + end + if @new_resource.maxexpired.nil? + @new_resource.maxexpired(@current_resource.maxexpired) + end + if @new_resource.minalpha.nil? + @new_resource.minalpha(@current_resource.minalpha) + end + if @new_resource.minother.nil? + @new_resource.minother(@current_resource.minother) + end + if @new_resource.minlen.nil? + @new_resource.minlen(@current_resource.minlen) + end + if @new_resource.mindiff.nil? + @new_resource.mindiff(@current_resource.mindiff) + end + if @new_resource.maxrepeats.nil? + @new_resource.maxrepeats(@current_resource.maxrepeats) + end + end +end + + + +# +action :change do + if @current_resource.exists + change = false + # check if we have changed values for any attribute + if @new_resource.umask != @current_resource.umask || @new_resource.pwdwarntime != @current_resource.pwdwarntime || @new_resource.loginretries != @current_resource.loginretries || @new_resource.histexpire != @current_resource.histexpire || @new_resource.histsize != @current_resource.histsize || @new_resource.minage != @current_resource.minage || @new_resource.maxage != @current_resource.maxage || @new_resource.maxexpired != @current_resource.maxexpired || @new_resource.minalpha != @current_resource.minalpha || @new_resource.minother != @current_resource.minother || @new_resource.minlen != @current_resource.minlen || @new_resource.mindiff != @current_resource.mindiff || @new_resource.maxrepeats != @current_resource.maxrepeats + change = true + + if change + usersec_change_s = "chsec -f /etc/security/user -s default -a umask=#{@new_resource.umask} ; chsec -f /etc/security/user -s default -a pwdwarntime=#{@new_resource.pwdwarntime} ; chsec -f /etc/security/user -s default -a loginretries=#{@new_resource.loginretries} ; chsec -f /etc/security/user -s default -a histexpire=#{@new_resource.histexpire}; chsec -f /etc/security/user -s default -a histsize=#{@new_resource.histsize} ; chsec -f /etc/security/user -s default -a minage=#{@new_resource.minage} ; chsec -f /etc/security/user -s default -a maxage=#{@new_resource.maxage} ; chsec -f /etc/security/user -s default -a maxexpired=#{@new_resource.maxexpired} ; chsec -f /etc/security/user -s default -a minalpha=#{@new_resource.minalpha} ; chsec -f /etc/security/user -s default -a minother=#{@new_resource.minother} ; chsec -f /etc/security/user -s default -a minlen=#{@new_resource.minlen} ; chsec -f /etc/security/user -s default -a mindiff=#{@new_resource.mindiff} ; chsec -f /etc/security/user -s default -a maxrepeats=#{@new_resource.maxrepeats} " + converge_by("usersec: change #{@new_resource.name} in /etc/security/user file") do + Chef::Log.debug("usersec: running #{usersec_change_s}") + shell_out!(usersec_change_s) + end + end + end + end +end diff --git a/resources/etcresolv.rb b/resources/etcresolv.rb new file mode 100644 index 0000000..d04f22b --- /dev/null +++ b/resources/etcresolv.rb @@ -0,0 +1,31 @@ +# +# Copyright 2015-2016, Benoit Creau +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Amended by Ian Bellinfantie +# Contact ibellinfantie@sbm.com.sa +# +# just copied the etchosts and made the etcresolv +# uses the namerslv command instead of the namerslv command +# +# uses the options for IBM command namerslv +# does not cater for options. + +actions :add, :delete, :delete_all, :change +default_action :add +attr_accessor :exists + +attribute :name, name_attribute: true, kind_of: String # type of /etc/resolv.conf entry e.g. domain, search, nameserver +attribute :address, kind_of: String # Address in domain name or ip address , search option etc... +attribute :new_address, kind_of: String # value to chnge to diff --git a/resources/userlimits.rb b/resources/userlimits.rb new file mode 100644 index 0000000..4b32797 --- /dev/null +++ b/resources/userlimits.rb @@ -0,0 +1,35 @@ +# +# Copyright 2015-2016, Benoit Creau +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Amended by Ian Bellinfantie +# Contact ibellinfantie@sbm.com.sa +# +# just copied the etchosts and made the etcresolv +# uses the namerslv command instead of the namerslv command +# +# makes changes for the deafult or a particular username + +actions :change +default_action :change +attr_accessor :exists + +attribute :name, name_attribute: true, kind_of: String # will always be default... leaving users to specific application builds +attribute :fsize, kind_of: String # attributes for user limits +attribute :core, kind_of: String +attribute :cpu, kind_of: String +attribute :data, kind_of: String +attribute :rss, kind_of: String +attribute :stack, kind_of: String +attribute :nofiles, kind_of: String diff --git a/resources/usersec.rb b/resources/usersec.rb new file mode 100644 index 0000000..f9de3d3 --- /dev/null +++ b/resources/usersec.rb @@ -0,0 +1,41 @@ +# +# Copyright 2015-2016, Benoit Creau +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Amended by Ian Bellinfantie +# Contact ibellinfantie@sbm.com.sa +# +# just copied the etchosts and made the etcresolv +# uses the namerslv command instead of the namerslv command +# +# makes changes for the deafult or a particular username + +actions :change +default_action :change +attr_accessor :exists + +attribute :name, name_attribute: true, kind_of: String # will always be default... leaving users to specific application builds +attribute :umask, kind_of: String # attributes for user limits +attribute :pwdwarntime, kind_of: String +attribute :loginretries, kind_of: String +attribute :histexpire, kind_of: String +attribute :histsize, kind_of: String +attribute :minage, kind_of: String +attribute :maxage, kind_of: String +attribute :maxexpired, kind_of: String +attribute :minalpha, kind_of: String +attribute :minother, kind_of: String +attribute :minlen, kind_of: String +attribute :mindiff, kind_of: String +attribute :maxrepeats, kind_of: String