If you start with chef for the first time, we advise you to use a virtual machine for testing.
- Install ChefDK client
We recommend to use Chef client in production environments instead of the ChefDK
apt-get install -y wget
wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chefdk_0.3.5-1_amd64.deb
dpkg -i chefdk_0.3.5-1_amd64.deb- Download the chef cookbook
apt-get install git
git clone https://github.com/TelekomLabs/chef-os-hardening.git chef-os-hardening- Download cookbook dependences with Berkshelf
cd chef-os-hardening
berks vendor ../cookbooks
cd ..
mv chef-os-hardening/ cookbooks/os-hardening-
Create
solo.rbThis file is used to specify the configuration details for chef-solo. So create a
solo.rbthat include thecookbook_path.
cat > solo.rb <<EOF
root = File.absolute_path(File.dirname(__FILE__))
node_name "localhost"
file_cache_path root
cookbook_path [ root + '/cookbooks', root + '/site-cookbooks' ]
EOF-
Create
solo.jsonChef-solo does not interact with the Chef Server. Consequently, node-specific attributes must be located in a JSON file on the target system. Create the following
solo.json.
cat > solo.json <<EOF
{
"security" : {"suid_sgid": {
"remove_from_unknown" : true,
"system_whitelist" : []
}
},
"run_list":[
"recipe[os-hardening]"
]
}
EOF- Verify structure
# tree -L 2
.
|-- cookbooks
| |-- apt
| |-- ohai
| |-- os-hardening
| |-- sysctl
| `-- yum
|-- solo.json
`-- solo.rb- Run chef-solo
chef-solo -c solo.rb -j solo.json