srinivasmohan

#!/bin/sh
#Patch bash for CVE-2014-6271 - For non-lts distro versions.
mkdir -p /usr/local/src && cd /usr/local/src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
tar zxvf bash-4.3.tar.gz
#Get patches
for i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
cd bash-4.3
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done
./configure && make && make install

srinivasmohan

#!/bin/dash
export DEBDIR="/tmp/bashdebs"
[ -d $DEBDIR ] && rm -fr $DEBDIR
rm -f /tmp/bashdebs.tgz
cd /tmp/ && wget --quiet http://s3.amazonaws.com/com.versal.sysops/shellsock/bashdebs.tgz && tar zxvf bashdebs.tgz
cd $DEBDIR && sudo /usr/bin/dpkg -i *.deb 2>&1 1>/dev/null
#Test after update
bashver=`/usr/bin/dpkg -l bash | tail -1 | awk '{print $3}'`
echo "Host `hostname`, post update, with Bash $bashver"
rm -f echo && env -i X='() { (a)=>\' bash -c 'echo id'; cat echo

srinivasmohan

#Run this from your Knife folder with "knife exec /pathto/knife_status.rb"
stats=Array.new
sizes=[0,0,0]
TimeFormat="%F %R"
Sep='|'

nodes.all do |thisnode|
  checkintime=Time.at(thisnode['ohai_time']).to_i
  rubyver = thisnode['languages']['ruby']['version']
  recipes = thisnode.run_list.expand(thisnode.chef_environment).recipes.join(",")

srinivasmohan

#Knife invocations supply FQDN as the node name at creation time and this becomes hostname( option -N)

execute "Configure Hostname" do
  command "hostname --file /etc/hostname"
  action :nothing
end

#Ensure the hostname of the system is set to knife provided node name
file "/etc/hostname" do
  content node.name

srinivasmohan

net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0

srinivasmohan

#Base ipsec.conf for openswan
#See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle.
version 2.0 # conforms to second version of ipsec.conf specification
config setup
  nat_traversal=yes
  oe=off
  protostack=netkey
  #klipsdebug=all
  #plutodebug=all
include /etc/ipsec.d/*.conf

srinivasmohan

#See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle.
#This is the config for the US-East Openswan. For the west side openswan config, swap the left and right values accordingly.
conn eastwest
  authby=secret
  auto=start
  type=tunnel
  #Left is "this" side
  left=172.18.0.254
  leftid=4.5.6.7
  leftsubnet=172.18.0.0/16

srinivasmohan

1.2.3.4 4.5.6.7: PSK 'REPLACE_WITH_A_COMPLEX_HARD_TO_GUESS_STRING'
4.5.6.7 1.2.3.4: PSK 'REPLACE_WITH_A_COMPLEX_HARD_TO_GUESS_STRING'

srinivasmohan

#Admin stats - Make admin stats available on http://haproxyservername:8080/statspath/ for user admin
# Assuming port 8080 is free on your haproxy.cfg, add this block to make stats available.
listen  admin_stats 0.0.0.0:8080
        mode            http
        stats uri       /statspath
        stats realm     Global\ statistics
        stats auth      admin:SOMEPASSWORD

srinivasmohan

cookbook_file "/var/chef-package-cache/glusterfs_3.2.1-1_amd64.deb" do
    source "glusterfs_3.2.1-1_amd64.deb"
    owner "root"
    group "root"
    mode "0444"
end

#The following did'nt work.
dpkg_package "glusterfs" do
    case node[:platform]