Initial commit

Berksfile

@@ -0,0 +1,6 @@
+source "https://supermarket.chef.io"
+
+metadata
+
+cookbook "yum", "~> 3.10.0"
+

Berksfile.lock

@@ -0,0 +1,10 @@
+DEPENDENCIES
+  yum (~> 3.10.0)
+  yum-ossec
+    path: .
+    metadata: true
+
+GRAPH
+  yum (3.10.0)
+  yum-ossec (0.1.0)
+    yum (>= 3.2.0)

CHANGELOG.md

@@ -0,0 +1,5 @@
+# yum-ossec Cookbook CHANGELOG
+This file is used to list changes made in each version of the yum-ossec cookbook.
+
+## v0.1.0
+initial release

README.md

@@ -0,0 +1,87 @@
+# yum-ossec Cookbook
+
+The yum-ossec cookbook takes over management of the default repositoryids that ship with CentOS systems. It allows attribute manipulation of `atomic`
+
+## Requirements
+### Platforms
+- RHEL/CentOS and derivatives
+
+### Chef
+- Chef 11+
+
+### Cookbooks
+- yum version 3.2.0 or higher
+
+## Attributes
+The following attributes are set by default
+
+```ruby
+default['yum']['atomic']['repositoryid'] = 'atomic'
+default['yum']['atomic']['enabled'] = true
+default['yum']['atomic']['managed'] = true
+default['yum']['atomic']['gpgkey'] = 'https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt https://www.atomicorp.com/RPM-GPG-KEY.art.txt'
+default['yum']['atomic']['gpgcheck'] = true
+default['yum']['atomic']['priority'] = 5
+default['yum']['atomic']['description'] = 'CentOS / Red Hat Enterprise Linux $releasever - atomicrocketturtle.com'
+default['yum']['atomic']['mirrorlist'] = 'http://updates.atomicorp.com/channels/mirrorlist/atomic/centos-$releasever-$basearch'
+```
+
+## Recipes
+- default - Walks through node attributes and feeds a yum_resource
+- parameters. The following is an example a resource generated by the
+- recipe during compilation.
+
+```ruby
+  yum_repository 'atomic' do
+    mirrorlist 'http://updates.atomicorp.com/channels/mirrorlist/atomic/centos-$releasever-$basearch'
+    description 'CentOS / Red Hat Enterprise Linux $releasever - atomicrocketturtle.com'
+    enabled true
+    gpgcheck true
+    priority 5
+    gpgkey 'https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt https://www.atomicorp.com/RPM-GPG-KEY.art.txt'
+  end
+```
+
+## Usage Example
+To disable the `atomic` repository through a Role or Environment definition
+
+```
+default_attributes(
+  'yum' => {
+    'atomic' => {
+      'enabled' => false
+    }
+  }
+)
+```
+
+## More Examples
+Point the base and debuginfo repositories at an internally hosted server.
+
+```
+node.default['yum']['atomic']['enabled'] = true
+node.default['yum']['atomic']['mirrorlist'] = nil
+node.default['yum']['atomic']['baseurl'] = 'https://internal.example.com/centos/6/os/x86_64'
+node.default['yum']['atomic']['sslverify'] = false
+
+include_recipe 'yum-ossec'
+```
+
+## License & Authors
+**Author:** Eric Renfro (<psi-jack@linux-help.org>)
+
+**Copyright:** 2016, Linux-Help.org.
+
+```
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```

attributes/atomic.rb

@@ -0,0 +1,13 @@
+default['yum']['atomic']['repositoryid'] = 'atomic'
+default['yum']['atomic']['enabled'] = true
+default['yum']['atomic']['managed'] = true
+default['yum']['atomic']['gpgkey'] = 'https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt https://www.atomicorp.com/RPM-GPG-KEY.art.txt'
+default['yum']['atomic']['gpgcheck'] = true
+default['yum']['atomic']['priority'] = 5
+
+case node['platform_family']
+when 'rhel'
+    default['yum']['atomic']['description'] = 'CentOS / Red Hat Enterprise Linux $releasever - atomicrocketturtle.com'
+    default['yum']['atomic']['mirrorlist'] = "http://updates.atomicorp.com/channels/mirrorlist/atomic/centos-$releasever-$basearch"
+end
+

attributes/default.rb

@@ -0,0 +1 @@
+default['yum-ossec']['repositories'] = %w(atomic)

metadata.rb

@@ -0,0 +1,16 @@
+name             'yum-ossec'
+maintainer       'Eric Renfro'
+maintainer_email 'psi-jack@linux-help.org'
+license          'Apache 2.0'
+description      'Installs and configures the Official OSSEC Repository'
+long_description ''
+version          '0.1.1'
+issues_url       'http://gogs.home.ld/Linux-Help/cookbook-yum-ossec/issues'
+source_url       'http://gogs.home.ld/Linux-Help/cookbook-yum-ossec'
+
+%w{ centos redhat oracle scientific }.each do |os|
+	supports os, '>= 5.0.0'
+end
+
+depends 'yum', '>= 3.2'
+

recipes/default.rb

@@ -0,0 +1,50 @@
+#
+# Author:: Eric Renfro (<psi-jack@linux-help.org>)
+# Recipe:: yum-ossec::default
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+node['yum-ossec']['repositories'].each do |repo|
+  next unless node['yum'][repo]['managed']
+
+  yum_repository repo do
+    description node['yum'][repo]['description'] unless node['yum'][repo]['description'].nil?
+    baseurl node['yum'][repo]['baseurl'] unless node['yum'][repo]['baseurl'].nil?
+    mirrorlist node['yum'][repo]['mirrorlist'] unless node['yum'][repo]['mirrorlist'].nil?
+    gpgcheck node['yum'][repo]['gpgcheck'] unless node['yum'][repo]['gpgcheck'].nil?
+    gpgkey node['yum'][repo]['gpgkey'] unless node['yum'][repo]['gpgkey'].nil?
+    enabled node['yum'][repo]['enabled'] unless node['yum'][repo]['enabled'].nil?
+    cost node['yum'][repo]['cost'] unless node['yum'][repo]['cost'].nil?
+    exclude node['yum'][repo]['exclude'] unless node['yum'][repo]['exclude'].nil?
+    enablegroups node['yum'][repo]['enablegroups'] unless node['yum'][repo]['enablegroups'].nil?
+    failovermethod node['yum'][repo]['failovermethod'] unless node['yum'][repo]['failovermethod'].nil?
+    http_caching node['yum'][repo]['http_caching'] unless node['yum'][repo]['http_caching'].nil?
+    include_config node['yum'][repo]['include_config'] unless node['yum'][repo]['include_config'].nil?
+    includepkgs node['yum'][repo]['includepkgs'] unless node['yum'][repo]['includepkgs'].nil?
+    keepalive node['yum'][repo]['keepalive'] unless node['yum'][repo]['keepalive'].nil?
+    max_retries node['yum'][repo]['max_retries'] unless node['yum'][repo]['max_retries'].nil?
+    metadata_expire node['yum'][repo]['metadata_expire'] unless node['yum'][repo]['metadata_expire'].nil?
+    mirror_expire node['yum'][repo]['mirror_expire'] unless node['yum'][repo]['mirror_expire'].nil?
+    priority node['yum'][repo]['priority'] unless node['yum'][repo]['priority'].nil?
+    proxy node['yum'][repo]['proxy'] unless node['yum'][repo]['proxy'].nil?
+    proxy_username node['yum'][repo]['proxy_username'] unless node['yum'][repo]['proxy_username'].nil?
+    proxy_password node['yum'][repo]['proxy_password'] unless node['yum'][repo]['proxy_password'].nil?
+    repositoryid node['yum'][repo]['repositoryid'] unless node['yum'][repo]['repositoryid'].nil?
+    sslcacert node['yum'][repo]['sslcacert'] unless node['yum'][repo]['sslcacert'].nil?
+    sslclientcert node['yum'][repo]['sslclientcert'] unless node['yum'][repo]['sslclientcert'].nil?
+    sslclientkey node['yum'][repo]['sslclientkey'] unless node['yum'][repo]['sslclientkey'].nil?
+    sslverify node['yum'][repo]['sslverify'] unless node['yum'][repo]['sslverify'].nil?
+    timeout node['yum'][repo]['timeout'] unless node['yum'][repo]['timeout'].nil?
+    action :create
+  end
+end