ops / cfe-server · Commits

Commit ade90ebc3c692afd7ff0804be066b131e36c365d

Authored by nollieheel
Committed by Earth Ugat
1 parent 2ac0afa0

Version v0.1.0. Initial release.

Inline Side-by-side
Showing 20 changed files with 529 additions and 9 deletions
@@ -18,3 +18,4 @@ bin/* @@ -18,3 +18,4 @@ bin/*
18 18
19 .kitchen/ 19 .kitchen/
20 .kitchen.local.yml 20 .kitchen.local.yml
  21 +.chef
1 source "https://supermarket.chef.io" 1 source "https://supermarket.chef.io"
2 2
3 metadata 3 metadata
  4 +
  5 +cookbook 'cfe-users', git: 'https://gitlab.chromedia.com/ops/cfe-users.git', tag: 'v0.1.0'
  6 +cookbook 'cfe-mariadb', git: 'https://gitlab.chromedia.com/ops/cfe-mariadb.git', tag: 'v0.5.0'
  7 +cookbook 'backup-file2s3', git: 'https://gitlab.chromedia.com/ops/backup-file2s3.git', tag: 'v0.3.3'
  8 +cookbook 'cfe-nginx-php-fpm', git: 'https://gitlab.chromedia.com/ops/cfe-nginx-php-fpm.git', tag: 'v0.5.1'
  9 +cookbook 'cfe-simple-iptables', git: 'https://gitlab.chromedia.com/ops/cfe-simple-iptables.git', tag: 'v0.1.0'
  10 +
  11 +cookbook 'cookbook-letsencrypt', git: 'https://github.com/nollieheel/cookbook-letsencrypt.git', tag: 'v0.2.0'
  12 +cookbook 'cookbook-phpmyadmin', git: 'https://github.com/nollieheel/cookbook-phpmyadmin.git', tag: 'v0.1.0'
  13 +cookbook 'cookbook-updater', git: 'https://github.com/nollieheel/cookbook-updater.git', tag: 'v0.2.0'
  14 +cookbook 'cookbook-zabbix', git: 'https://github.com/nollieheel/cookbook-zabbix.git', tag: 'v1.0.1'
1 -## 0.1.0 - 2016-12-02 1 +## 0.1.0 - 2016-12-06
2 ### Added 2 ### Added
3 - Initial release of cfe-server cookbook. 3 - Initial release of cfe-server cookbook.
4 4
1 # cfe-server-cookbook 1 # cfe-server-cookbook
2 2
3 -TODO: Enter the cookbook description here. 3 +Integrates the common cookbooks used for most (staging) servers.
4 4
5 ## Supported Platforms 5 ## Supported Platforms
6 6
7 -TODO: List your supported platforms. 7 +Tested on Ubuntu 14.04.
8 8
9 ## Attributes 9 ## Attributes
10 10
@@ -16,9 +16,9 @@ TODO: List your supported platforms. @@ -16,9 +16,9 @@ TODO: List your supported platforms.
16 <th>Default</th> 16 <th>Default</th>
17 </tr> 17 </tr>
18 <tr> 18 <tr>
19 - <td><tt>['cfe-server']['bacon']</tt></td> 19 + <td><tt>['cfe-server']['']</tt></td>
20 <td>Boolean</td> 20 <td>Boolean</td>
21 - <td>whether to include bacon</td> 21 + <td>Description</td>
22 <td><tt>true</tt></td> 22 <td><tt>true</tt></td>
23 </tr> 23 </tr>
24 </table> 24 </table>
@@ -27,7 +27,7 @@ TODO: List your supported platforms. @@ -27,7 +27,7 @@ TODO: List your supported platforms.
27 27
28 ### cfe-server::default 28 ### cfe-server::default
29 29
30 -Include `cfe-server` in your node's `run_list`: 30 +Enter proper attributes for the different wrapped cookbooks, including this one. Then include `cfe-server` in your node's `run_list`:
31 31
32 ```json 32 ```json
33 { 33 {
  1 +#
  2 +# Author:: Earth U (<sysadmin @ chromedia.com>)
  3 +# Cookbook Name:: cfe-server
  4 +# Attribute:: default
  5 +#
  6 +# Copyright 2016, Chromedia Far East, Inc.
  7 +#
  8 +# Licensed under the Apache License, Version 2.0 (the "License");
  9 +# you may not use this file except in compliance with the License.
  10 +# You may obtain a copy of the License at
  11 +#
  12 +# http://www.apache.org/licenses/LICENSE-2.0
  13 +#
  14 +# Unless required by applicable law or agreed to in writing, software
  15 +# distributed under the License is distributed on an "AS IS" BASIS,
  16 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 +# See the License for the specific language governing permissions and
  18 +# limitations under the License.
  19 +#
  20 +
  21 +cb = 'cfe-server'
  22 +
  23 +default[cb]['db']['mariadb']['install'] = false
  24 +default[cb]['db']['include_mongodb'] = true
  25 +
  26 +default[cb]['filesystem']['swapfile'] = false
  27 +default[cb]['filesystem']['swapsize'] = '2G'
  28 +default[cb]['filesystem']['perms'] = [
  29 +# {
  30 +# :path => '/path',
  31 +# :owner => nil, # Optional
  32 +# :group => nil, # Optional
  33 +# :mode => nil # Optional
  34 +# }
  35 +]
  36 +default[cb]['filesystem']['symlinks'] = {
  37 +# '/link/name' => '/target/path'
  38 +}
  39 +
  40 +default[cb]['tls']['include_letsencrypt'] = true
  41 +
  42 +default[cb]['app']['include_postfix'] = true
  43 +default[cb]['app']['include_php'] = true
  44 +default[cb]['app']['include_pma'] = false
  45 +
  46 +default[cb]['app']['composer']['project_paths'] = [
  47 +# '/composer/proj/path/to/install'
  48 +]
  49 +
  50 +default[cb]['misc']['cronjobs'] = [
  51 +# {
  52 +# :name => 'arbitrary_name_of_cronjob',
  53 +# :command => 'command to perform',
  54 +# :sched => '0 0 * * *',
  55 +# :mailto => '""',
  56 +# :enable => true
  57 +# }
  58 +]
  59 +default[cb]['misc']['logrotatejobs'] = [
  60 +# {
  61 +# :name => 'arbitrary_name_of_job', # a filename, no spaces
  62 +# :path => '/path/to/rotate/*.log',
  63 +# :options => %w{ weekly rotate\ 12 missingok compress notifempty },
  64 +# :enable => true
  65 +# }
  66 +]
  67 +
  68 +default[cb]['misc']['logrotate']['conf_dir'] = '/etc/logrotate.d'
  69 +default[cb]['misc']['sshd']['ports'] = [ 22, 8765 ]
  70 +default[cb]['misc']['sshd']['conf_path'] = '/etc/ssh/sshd_config'
  71 +
  72 +default[cb]['web']['include_nginx'] = true
  1 +{
  2 + "comment": "Test User",
  3 + "shell": "/bin/bash",
  4 + "groups": [
  5 + "test",
  6 + "devs",
  7 + "adm",
  8 + "plugdev",
  9 + "netdev"
  10 + ],
  11 + "ssh_keys": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCx7fx78WXwHhrB3BGUVyrw2XONh/qE6waU/8/0aZ6bkBSGu2z2GnkXI6JSfAuAO7spBHlXJZRtwTV5VuJx4n28zmQpTksGjS8xP/a1vphwwVkABomempxY97V4PBJqpWSzCoHG2zmotARcwBKJcwQd4FFE7vngrBk9SxczyWer26rMkY8SyjUFQm2o8dPuZuaY8rHqK9QUw1YJg3rSDd6qfi2dlunAc8fbTdDnZ5hjgmlrfyFLgoP31Ix0OVL9ogFYE//tV9CjHbwV2wKCJEI57rXJ/AMX4ZTTR6L6ljoKDxis9QiJwae/x0J+fi8EADtaLrbdZ0y5nu4/UtSURVXt cfe_stg_20161109",
  12 + "id": "test"
  13 +}
  1 +{
  2 + "comment": "Chromedia SysAdmin",
  3 + "shell": "/bin/bash",
  4 + "groups": [
  5 + "cfe",
  6 + "sysadmins",
  7 + "adm",
  8 + "plugdev",
  9 + "netdev"
  10 + ],
  11 + "ssh_keys": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCx7fx78WXwHhrB3BGUVyrw2XONh/qE6waU/8/0aZ6bkBSGu2z2GnkXI6JSfAuAO7spBHlXJZRtwTV5VuJx4n28zmQpTksGjS8xP/a1vphwwVkABomempxY97V4PBJqpWSzCoHG2zmotARcwBKJcwQd4FFE7vngrBk9SxczyWer26rMkY8SyjUFQm2o8dPuZuaY8rHqK9QUw1YJg3rSDd6qfi2dlunAc8fbTdDnZ5hjgmlrfyFLgoP31Ix0OVL9ogFYE//tV9CjHbwV2wKCJEI57rXJ/AMX4ZTTR6L6ljoKDxis9QiJwae/x0J+fi8EADtaLrbdZ0y5nu4/UtSURVXt cfe_stg_20161109",
  12 + "id": "cfe"
  13 +}
@@ -6,4 +6,19 @@ description 'Simplifies setting up common Linux servers.' @@ -6,4 +6,19 @@ description 'Simplifies setting up common Linux servers.'
6 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 6 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
7 version '0.1.0' 7 version '0.1.0'
8 8
  9 +%w{
  10 + cfe-users cfe-mariadb
  11 + backup-file2s3 cfe-nginx-php-fpm
  12 + cfe-simple-iptables
  13 +
  14 + cookbook-letsencrypt cookbook-phpmyadmin
  15 + cookbook-updater cookbook-zabbix
  16 +}.each do |cb|
  17 + depends cb
  18 +end
  19 +
  20 +depends 'mongodb3', '~> 5.2.0'
  21 +depends 'composer', '~> 2.5.2'
  22 +depends 'cron', '~> 1.7.6'
  23 +
9 supports 'ubuntu', '>= 14.04' 24 supports 'ubuntu', '>= 14.04'
  1 +#
  2 +# Author:: Earth U (<sysadmin @ chromedia.com>)
  3 +# Cookbook Name:: cfe-server
  4 +# Recipes:: app
  5 +#
  6 +# Copyright 2016, Chromedia Far East, Inc.
  7 +#
  8 +# Licensed under the Apache License, Version 2.0 (the "License");
  9 +# you may not use this file except in compliance with the License.
  10 +# You may obtain a copy of the License at
  11 +#
  12 +# http://www.apache.org/licenses/LICENSE-2.0
  13 +#
  14 +# Unless required by applicable law or agreed to in writing, software
  15 +# distributed under the License is distributed on an "AS IS" BASIS,
  16 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 +# See the License for the specific language governing permissions and
  18 +# limitations under the License.
  19 +#
  20 +
  21 +if node[cookbook_name]['app']['include_postfix']
  22 + include_recipe 'cfe-nginx-php-fpm::postfix'
  23 +end
  24 +
  25 +if node[cookbook_name]['app']['include_php']
  26 + node.default['composer']['php_recipe'] = 'cfe-nginx-php-fpm::php-fpm'
  27 + package 'unzip'
  28 + include_recipe 'composer'
  29 +
  30 + node[cookbook_name]['app']['composer']['project_paths'].each do |xpath|
  31 + composer_project(xpath) { quiet false }
  32 + end
  33 +end
  34 +
  35 +if node[cookbook_name]['app']['include_pma']
  36 + include_recipe 'cookbook-phpmyadmin'
  37 +end
  1 +#
  2 +# Author:: Earth U (<sysadmin @ chromedia.com>)
  3 +# Cookbook Name:: cfe-server
  4 +# Recipes:: db
  5 +#
  6 +# Copyright 2016, Chromedia Far East, Inc.
  7 +#
  8 +# Licensed under the Apache License, Version 2.0 (the "License");
  9 +# you may not use this file except in compliance with the License.
  10 +# You may obtain a copy of the License at
  11 +#
  12 +# http://www.apache.org/licenses/LICENSE-2.0
  13 +#
  14 +# Unless required by applicable law or agreed to in writing, software
  15 +# distributed under the License is distributed on an "AS IS" BASIS,
  16 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 +# See the License for the specific language governing permissions and
  18 +# limitations under the License.
  19 +#
  20 +
  21 +if node[cookbook_name]['db']['mariadb']['install']
  22 + include_recipe 'cfe-mariadb'
  23 +else
  24 + include_recipe 'mariadb::client'
  25 + include_recipe 'cfe-mariadb::schema'
  26 +end
  27 +
  28 +include_recipe 'cfe-mariadb::reload_from_s3'
  29 +include_recipe 'cfe-mariadb::backup2s3'
  30 +
  31 +if node[cookbook_name]['db']['include_mongodb']
  32 + include_recipe 'mongodb3'
  33 +end
1 # 1 #
  2 +# Author:: Earth U (<sysadmin @ chromedia.com>)
2 # Cookbook Name:: cfe-server 3 # Cookbook Name:: cfe-server
3 -# Recipe:: default 4 +# Recipes:: default
4 # 5 #
5 -# Copyright (C) 2016 YOUR_NAME 6 +# Copyright 2016, Chromedia Far East, Inc.
6 # 7 #
7 -# All rights reserved - Do Not Redistribute 8 +# Licensed under the Apache License, Version 2.0 (the "License");
  9 +# you may not use this file except in compliance with the License.
  10 +# You may obtain a copy of the License at
8 # 11 #
  12 +# http://www.apache.org/licenses/LICENSE-2.0
  13 +#
  14 +# Unless required by applicable law or agreed to in writing, software
  15 +# distributed under the License is distributed on an "AS IS" BASIS,
  16 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 +# See the License for the specific language governing permissions and
  18 +# limitations under the License.
  19 +#
  20 +
  21 +include_recipe "#{cookbook_name}::os"
  22 +include_recipe "#{cookbook_name}::db"
  23 +include_recipe "#{cookbook_name}::filesystem"
  24 +include_recipe "#{cookbook_name}::tls"
  25 +include_recipe "#{cookbook_name}::app"
  26 +include_recipe "#{cookbook_name}::misc"
  27 +include_recipe "#{cookbook_name}::web"
  1 +#
  2 +# Author:: Earth U (<sysadmin @ chromedia.com>)
  3 +# Cookbook Name:: cfe-server
  4 +# Recipes:: filesystem
  5 +#
  6 +# Copyright 2016, Chromedia Far East, Inc.
  7 +#
  8 +# Licensed under the Apache License, Version 2.0 (the "License");
  9 +# you may not use this file except in compliance with the License.
  10 +# You may obtain a copy of the License at
  11 +#
  12 +# http://www.apache.org/licenses/LICENSE-2.0
  13 +#
  14 +# Unless required by applicable law or agreed to in writing, software
  15 +# distributed under the License is distributed on an "AS IS" BASIS,
  16 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 +# See the License for the specific language governing permissions and
  18 +# limitations under the License.
  19 +#
  20 +
  21 +swapfile = node[cookbook_name]['filesystem']['swapfile']
  22 +bash 'enable_swap' do
  23 + code <<-EOF.gsub(/^\s+/, '')
  24 + set -e
  25 + if [[ ! -f #{swapfile} ]] ; then
  26 + fallocate -l #{node[cookbook_name]['filesystem']['swapsize']} #{swapfile}
  27 + chmod 600 #{swapfile}
  28 + mkswap #{swapfile}
  29 + swapon #{swapfile}
  30 + echo "#{swapfile} none swap sw 0 0" >> /etc/fstab
  31 + fi
  32 + EOF
  33 + only_if { swapfile }
  34 +end
  35 +
  36 +if node['backup-file2s3']['backups']
  37 + node['backup-file2s3']['backups'].each do |xback|
  38 + xback[:paths].each do |xpath|
  39 +
  40 + # Each path spec can have the following additional attributes:
  41 + # {
  42 + # :extract => true, # Default: true
  43 + # :ex_creates => 'filename', # Relative to path.
  44 + # :ex_priv_key => nil # Default is a node attribute
  45 + # }
  46 + unless xpath.has_key?(:extract) && xpath[:extract] == false
  47 + tdir = ::File.dirname(xpath[:path])
  48 + crea = "#{xpath[:path]}/#{xpath[:ex_creates]}"
  49 + encr = xpath[:bak_encrypted]
  50 + pkey = xpath.has_key?(:ex_priv_key) ? xpath[:ex_priv_key] : nil
  51 +
  52 + aws_tar_extract xpath[:bak_filename] do
  53 + target_dir tdir
  54 + creates crea
  55 + encrypted encr
  56 + priv_key pkey
  57 + end
  58 + end
  59 +
  60 + end
  61 + end
  62 +end
  63 +
  64 +include_recipe 'backup-file2s3'
  65 +
  66 +node[cookbook_name]['filesystem']['perms'].each do |perm|
  67 + if perm[:owner] && perm[:group]
  68 + execute "chown -R #{perm[:owner]}:#{perm[:group]} #{perm[:path]}"
  69 + elsif perm[:owner]
  70 + execute "chown -R #{perm[:owner]} #{perm[:path]}"
  71 + elsif perm[:group]
  72 + execute "chown -R #{perm[:group]} #{perm[:path]}"
  73 + end
  74 +
  75 + if perm[:mode]
  76 + execute "chmod -R #{perm[:mode]} #{perm[:path]}"
  77 + end
  78 +end
  79 +
  80 +node[cookbook_name]['filesystem']['symlinks'].each do |xfrom, xto|
  81 + directory(::File.dirname(xfrom)) { recursive true }
  82 + link(xfrom) { to xto }
  83 +end
  1 +#
  2 +# Author:: Earth U (<sysadmin @ chromedia.com>)
  3 +# Cookbook Name:: cfe-server
  4 +# Recipes:: misc
  5 +#
  6 +# Copyright 2016, Chromedia Far East, Inc.
  7 +#
  8 +# Licensed under the Apache License, Version 2.0 (the "License");
  9 +# you may not use this file except in compliance with the License.
  10 +# You may obtain a copy of the License at
  11 +#
  12 +# http://www.apache.org/licenses/LICENSE-2.0
  13 +#
  14 +# Unless required by applicable law or agreed to in writing, software
  15 +# distributed under the License is distributed on an "AS IS" BASIS,
  16 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 +# See the License for the specific language governing permissions and
  18 +# limitations under the License.
  19 +#
  20 +
  21 +node[cookbook_name]['misc']['cronjobs'].each do |cjob|
  22 + sched = cjob[:sched].split(' ')
  23 + is_enable = cjob.has_key?(:enable) ? cjob[:enable] : true
  24 + cron_d cjob[:name] do
  25 + command cjob[:command]
  26 + minute sched[0]
  27 + hour sched[1]
  28 + day sched[2]
  29 + month sched[3]
  30 + weekday sched[4]
  31 + mailto cjob[:mailto]
  32 + path '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin'
  33 + action( is_enable ? :create : :delete )
  34 + end
  35 +end
  36 +
  37 +package 'logrotate'
  38 +
  39 +node[cookbook_name]['misc']['logrotatejobs'].each do |ljob|
  40 + jname = "#{node[cookbook_name]['misc']['logrotate']['conf_dir']}/"\
  41 + "#{ljob[:name]}"
  42 + is_enable = ljob.has_key?(:enable) ? ljob[:enable] : true
  43 + template jname do
  44 + source 'logrotate.erb'
  45 + variables(
  46 + :path => ljob[:path],
  47 + :options => ljob[:options]
  48 + )
  49 + action( is_enable ? :create : :delete )
  50 + end
  51 +end
  52 +
  53 +template node[cookbook_name]['misc']['sshd']['conf_path'] do
  54 + mode 0644
  55 + variables(
  56 + :ports => node[cookbook_name]['misc']['sshd']['ports']
  57 + )
  58 +end
  1 +#
  2 +# Author:: Earth U (<sysadmin @ chromedia.com>)
  3 +# Cookbook Name:: cfe-server
  4 +# Recipes:: os
  5 +#
  6 +# Copyright 2016, Chromedia Far East, Inc.
  7 +#
  8 +# Licensed under the Apache License, Version 2.0 (the "License");
  9 +# you may not use this file except in compliance with the License.
  10 +# You may obtain a copy of the License at
  11 +#
  12 +# http://www.apache.org/licenses/LICENSE-2.0
  13 +#
  14 +# Unless required by applicable law or agreed to in writing, software
  15 +# distributed under the License is distributed on an "AS IS" BASIS,
  16 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 +# See the License for the specific language governing permissions and
  18 +# limitations under the License.
  19 +#
  20 +
  21 +include_recipe 'cookbook-updater::onetime'
  22 +include_recipe 'cookbook-updater::packages'
  23 +include_recipe 'cfe-users'
  1 +#
  2 +# Author:: Earth U (<sysadmin @ chromedia.com>)
  3 +# Cookbook Name:: cfe-server
  4 +# Recipes:: tls
  5 +#
  6 +# Copyright 2016, Chromedia Far East, Inc.
  7 +#
  8 +# Licensed under the Apache License, Version 2.0 (the "License");
  9 +# you may not use this file except in compliance with the License.
  10 +# You may obtain a copy of the License at
  11 +#
  12 +# http://www.apache.org/licenses/LICENSE-2.0
  13 +#
  14 +# Unless required by applicable law or agreed to in writing, software
  15 +# distributed under the License is distributed on an "AS IS" BASIS,
  16 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 +# See the License for the specific language governing permissions and
  18 +# limitations under the License.
  19 +#
  20 +
  21 +if node[cookbook_name]['tls']['include_letsencrypt']
  22 + include_recipe 'cookbook-letsencrypt'
  23 +end
  1 +#
  2 +# Author:: Earth U (<sysadmin @ chromedia.com>)
  3 +# Cookbook Name:: cfe-server
  4 +# Recipes:: web
  5 +#
  6 +# Copyright 2016, Chromedia Far East, Inc.
  7 +#
  8 +# Licensed under the Apache License, Version 2.0 (the "License");
  9 +# you may not use this file except in compliance with the License.
  10 +# You may obtain a copy of the License at
  11 +#
  12 +# http://www.apache.org/licenses/LICENSE-2.0
  13 +#
  14 +# Unless required by applicable law or agreed to in writing, software
  15 +# distributed under the License is distributed on an "AS IS" BASIS,
  16 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 +# See the License for the specific language governing permissions and
  18 +# limitations under the License.
  19 +#
  20 +
  21 +if node[cookbook_name]['web']['include_nginx']
  22 + include_recipe 'cfe-nginx-php-fpm::nginx'
  23 +end
  1 +<%= @path %> {
  2 +<% @options.each do |str| -%>
  3 + <%= str %>
  4 +<% end -%>
  5 +}
  1 +# Package generated configuration file
  2 +# See the sshd_config(5) manpage for details
  3 +
  4 +# What ports, IPs and protocols we listen for
  5 +<% @ports.each do |port| -%>
  6 +Port <%= port %>
  7 +<% end -%>
  8 +
  9 +# Use these options to restrict which interfaces/protocols sshd will bind to
  10 +#ListenAddress ::
  11 +#ListenAddress 0.0.0.0
  12 +Protocol 2
  13 +# HostKeys for protocol version 2
  14 +HostKey /etc/ssh/ssh_host_rsa_key
  15 +HostKey /etc/ssh/ssh_host_dsa_key
  16 +HostKey /etc/ssh/ssh_host_ecdsa_key
  17 +HostKey /etc/ssh/ssh_host_ed25519_key
  18 +#Privilege Separation is turned on for security
  19 +UsePrivilegeSeparation yes
  20 +
  21 +# Lifetime and size of ephemeral version 1 server key
  22 +KeyRegenerationInterval 3600
  23 +ServerKeyBits 1024
  24 +
  25 +# Logging
  26 +SyslogFacility AUTH
  27 +LogLevel INFO
  28 +
  29 +# Authentication:
  30 +LoginGraceTime 120
  31 +PermitRootLogin no
  32 +StrictModes yes
  33 +
  34 +RSAAuthentication yes
  35 +PubkeyAuthentication yes
  36 +#AuthorizedKeysFile %h/.ssh/authorized_keys
  37 +
  38 +# Don't read the user's ~/.rhosts and ~/.shosts files
  39 +IgnoreRhosts yes
  40 +# For this to work you will also need host keys in /etc/ssh_known_hosts
  41 +RhostsRSAAuthentication no
  42 +# similar for protocol version 2
  43 +HostbasedAuthentication no
  44 +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  45 +#IgnoreUserKnownHosts yes
  46 +
  47 +# To enable empty passwords, change to yes (NOT RECOMMENDED)
  48 +PermitEmptyPasswords no
  49 +
  50 +# Change to yes to enable challenge-response passwords (beware issues with
  51 +# some PAM modules and threads)
  52 +ChallengeResponseAuthentication no
  53 +
  54 +# Change to no to disable tunnelled clear text passwords
  55 +PasswordAuthentication no
  56 +
  57 +# Kerberos options
  58 +#KerberosAuthentication no
  59 +#KerberosGetAFSToken no
  60 +#KerberosOrLocalPasswd yes
  61 +#KerberosTicketCleanup yes
  62 +
  63 +# GSSAPI options
  64 +#GSSAPIAuthentication no
  65 +#GSSAPICleanupCredentials yes
  66 +
  67 +X11Forwarding no
  68 +X11DisplayOffset 10
  69 +PrintMotd no
  70 +PrintLastLog yes
  71 +TCPKeepAlive yes
  72 +#UseLogin no
  73 +
  74 +#MaxStartups 10:30:60
  75 +#Banner /etc/issue.net
  76 +
  77 +# Allow client to pass locale environment variables
  78 +AcceptEnv LANG LC_*
  79 +
  80 +Subsystem sftp internal-sftp
  81 +
  82 +# Set this to 'yes' to enable PAM authentication, account processing,
  83 +# and session processing. If this is enabled, PAM authentication will
  84 +# be allowed through the ChallengeResponseAuthentication and
  85 +# PasswordAuthentication. Depending on your PAM configuration,
  86 +# PAM authentication via ChallengeResponseAuthentication may bypass
  87 +# the setting of "PermitRootLogin without-password".
  88 +# If you just want the PAM account and session checks to run without
  89 +# PAM authentication, then enable this but set PasswordAuthentication
  90 +# and ChallengeResponseAuthentication to 'no'.
  91 +UsePAM yes