check_mode_777

gistfile1.rb

#
# Cookbook Name:: ascii_check_mode_777
# Recipe:: default
#
# Copyright 2013, ARKEA
#
# All rights reserved - Do Not Redistribute
#


#ascii:recette:systems:os

local_res_uid_0 = 0

#dependencies 
chef_gem "rake" do
  action :install
end

chef_gem "rake-compiler" do
  action :install
end

chef_gem "rspec" do
  action :install
end

chef_gem "rubygems-tasks" do
  action :install
end

## need gcc gcc-c++


# before gem install check ffi
chef_gem "ffi" do
  action :install
end

# gem install to determine file system mount type
chef_gem "sys-filesystem" do
  action :install
end

ruby_block "ascii_check_chkconfig" do
    block do
		require 'sys-filesystem'
		require 'pp'
		include 'Sys'
		#recupere donnee data bag
		data_bag_dir = data_bag_item('ascii',"#{node.chef_environment}")

		#split repertoire
		directories = data_bag_dir["linux.Dir_Check_777"]
		dir_split=directories.split(%r{;\s*}) #=> ["/root", "/opt", "/u", "/home", "/etc"]

		dir_split.each do |dir|
			if File.directory?(dir) and File.mount_type(dir) == ntfs  # si le repertoire existe, selectionnne seulement le type ext3				
				Dir.glob(dir+"/**/*.*").each do |file| # split la liste des dossiers et fichiers
					s = File.stat(file)  # stats des fichiers lus
					if s.mode == 0100777 or s.mode == 0000777  # si chmod = 777
						Chef::Log.info("Warning bad permissions on file : #{file}")
						local_res_uid_0 +=1
					elsif s.gid == "nogroup" or s.uid == "nouser" 
						Chef::Log.info("Warning bad owner on file : #{file}")
						local_res_uid_0 +=1
					#else 
						#Chef::Log.info("File security OK for : #{file}")
					end
				end
			else
					Chef::Log.info("Directory #{dir} doesn't exists")
			end
		end
node.normal[:security][:unix][:perms][:nb_file_in_777]="#{local_res_uid_0}"
	end
    action :create 
end