Build chef LWRP and manage OpenSSH server banner with Chef

ByEugenio Marzo

Sep 1, 2014

Hi guys,
in this article we will se how to build a small LWRP Chef cookbook..The final result will be:

ssh_banner_banner “banner” do
banner_file _banner_file
sshd_config_file node[‘ssh_banner’][‘sshd_config_file’]
paranoic_mode true
action :create
notifies :restart, “service[sshd]”
end


If “paranoic mode” is true, chef will change configuration file and restart sshd, but after 20 seconds (by default) it will do a rollback of configuration

You can try it use Vagrant and Virtualbox..

1. clone git repo from github:

  git clone https://github.com/EugenioMarzo/cookbook-ssh-banner.git

2. show the new banner to copy:

 cat files/default/chef_ssh_banner

3. start vagrant virtual machine:

  vagrant up

4. once the deploy is completed:

Screen Shot 2014-09-01 at 16

Let’s see how to create a simple LWRP:

1. Declare variables in resources/banner.rb

actions :create, :delete

default_action :create

attribute :sshd_config_file, :kind_of => String

attribute :banner_file, :kind_of => String

attribute :paranoic_mode

2. create an action in providers/banner.rb.. Let’s see the :delete function :

action :delete do
#check if ssh banner file is present
check_banner_file new_resource.banner_file
#check if paranoic mode is enabled
paranoic_mode

if ::File.open(new_resource.sshd_config_file).grep(/Banner\ .*/).size >= 1
Chef::Log.info(“Deleting SSH Banner..”)
execute ” sed -i s/Banner\\\ .*//g #{new_resource.sshd_config_file}”

#the next function will inform that the state is changed, an action has been done. This is important because after this will be executed a notify action like a sshd restart

new_resource.updated_by_last_action(true)
else
Chef::Log.info(“SSH Banner not found … doing nothing..”)
new_resource.updated_by_last_action(false)

end

end

3. use it in a recipe.. Delete a banner:

ssh_banner_banner “banner” do
banner_file _banner_file
sshd_config_file node[‘ssh_banner’][‘sshd_config_file’]
paranoic_mode false
action :delete
notifies :restart, “service[sshd]”
end

4. for adding a banner use:

ssh_banner_banner “banner” do
banner_file _banner_file
sshd_config_file node[‘ssh_banner’][‘sshd_config_file’]
paranoic_mode false
action :create
notifies :restart, “service[sshd]”
end