RE: How can I improve this cookbook?


#1

On your security assumption - first of all, all security depends on the value of what you have to protect. If all you have on your server farm is your own G-rated vacation photos, your security needs are going to be different from if you are managing, say, health care or banking information or top-secret military info.

That said, even if you are behind a firewall, security should still be a concern. The key is defense in depth. Firewalls protect against one particular type of threat - and even then, the firewall can be misconfigured.

A firewall will not protect you against things such as:

  • Rogue software (viruses) running behind your firewall.

  • Rogue employees (insider threats are usually a bigger problem than outside hackers!)

  • Information accidentally leaked - say, somebody accidentally posting sensitive information to Facebook or a mailing list.

  • A well-meaning employee who knows just enough to be dangerous trying to help by “fixing” a chef cookbook for you.

Firewalls are great - and important - security devices. Think of it as a tool, one of many you should have in your kit. If you were to build a house, you wouldn’t just use a hammer and think you’d end up with a quality building? Security is the same.

Kevin Keane

The NetTech

http://www.4nettech.com

Our values: Privacy, Liberty, Justice

See https://www.4nettech.com/corp/the-nettech-values.html

-----Original message-----
From: Jim Fluke james.fluke@colostate.edu
Sent: Monday 16th February 2015 17:22
To: chef@lists.opscode.com
Subject: [chef] How can I improve this cookbook?

Ohai Chefs!

I have been working with Chef off and on for a while now, but mostly just doing experiments and training. Recently I have gotten more serious, and have written two cookbooks that install a web API and a web application that uses the API. They both work, but I would like to get some feedback on how they could be improved. To that end I have made the application cookbook public athttps://bitbucket.org/cira-dpc/searchciradata_cookbook

Let me know if you have trouble getting to it.

Note that this is all running inside our firewall, including the open source Chef server, so I don’t think we need to worry to much about security, but if you disagree let me know about that too.

Thanks,
Jim