This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#Patch bash for CVE-2014-6271 - For non-lts distro versions. | |
mkdir -p /usr/local/src && cd /usr/local/src | |
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz | |
tar zxvf bash-4.3.tar.gz | |
#Get patches | |
for i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done | |
cd bash-4.3 | |
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done | |
./configure && make && make install |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/dash | |
export DEBDIR="/tmp/bashdebs" | |
[ -d $DEBDIR ] && rm -fr $DEBDIR | |
rm -f /tmp/bashdebs.tgz | |
cd /tmp/ && wget --quiet http://s3.amazonaws.com/com.versal.sysops/shellsock/bashdebs.tgz && tar zxvf bashdebs.tgz | |
cd $DEBDIR && sudo /usr/bin/dpkg -i *.deb 2>&1 1>/dev/null | |
#Test after update | |
bashver=`/usr/bin/dpkg -l bash | tail -1 | awk '{print $3}'` | |
echo "Host `hostname`, post update, with Bash $bashver" | |
rm -f echo && env -i X='() { (a)=>\' bash -c 'echo id'; cat echo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Run this from your Knife folder with "knife exec /pathto/knife_status.rb" | |
stats=Array.new | |
sizes=[0,0,0] | |
TimeFormat="%F %R" | |
Sep='|' | |
nodes.all do |thisnode| | |
checkintime=Time.at(thisnode['ohai_time']).to_i | |
rubyver = thisnode['languages']['ruby']['version'] | |
recipes = thisnode.run_list.expand(thisnode.chef_environment).recipes.join(",") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Knife invocations supply FQDN as the node name at creation time and this becomes hostname( option -N) | |
execute "Configure Hostname" do | |
command "hostname --file /etc/hostname" | |
action :nothing | |
end | |
#Ensure the hostname of the system is set to knife provided node name | |
file "/etc/hostname" do | |
content node.name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
net.ipv4.ip_forward=1 | |
net.ipv4.conf.all.accept_redirects = 0 | |
net.ipv4.conf.all.send_redirects = 0 | |
net.ipv4.conf.default.send_redirects = 0 | |
net.ipv4.conf.eth0.send_redirects = 0 | |
net.ipv4.conf.default.accept_redirects = 0 | |
net.ipv4.conf.eth0.accept_redirects = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Base ipsec.conf for openswan | |
#See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle. | |
version 2.0 # conforms to second version of ipsec.conf specification | |
config setup | |
nat_traversal=yes | |
oe=off | |
protostack=netkey | |
#klipsdebug=all | |
#plutodebug=all | |
include /etc/ipsec.d/*.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle. | |
#This is the config for the US-East Openswan. For the west side openswan config, swap the left and right values accordingly. | |
conn eastwest | |
authby=secret | |
auto=start | |
type=tunnel | |
#Left is "this" side | |
left=172.18.0.254 | |
leftid=4.5.6.7 | |
leftsubnet=172.18.0.0/16 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1.2.3.4 4.5.6.7: PSK 'REPLACE_WITH_A_COMPLEX_HARD_TO_GUESS_STRING' | |
4.5.6.7 1.2.3.4: PSK 'REPLACE_WITH_A_COMPLEX_HARD_TO_GUESS_STRING' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Admin stats - Make admin stats available on http://haproxyservername:8080/statspath/ for user admin | |
# Assuming port 8080 is free on your haproxy.cfg, add this block to make stats available. | |
listen admin_stats 0.0.0.0:8080 | |
mode http | |
stats uri /statspath | |
stats realm Global\ statistics | |
stats auth admin:SOMEPASSWORD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cookbook_file "/var/chef-package-cache/glusterfs_3.2.1-1_amd64.deb" do | |
source "glusterfs_3.2.1-1_amd64.deb" | |
owner "root" | |
group "root" | |
mode "0444" | |
end | |
#The following did'nt work. | |
dpkg_package "glusterfs" do | |
case node[:platform] |
OlderNewer