chef - [chef] RE: How can I improve this cookbook?

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] RE: How can I improve this cookbook?

From: Kevin Keane Subscription < >
To: < >
Subject: [chef] RE: How can I improve this cookbook?
Date: Tue, 17 Feb 2015 15:54:12 -0800

Title: RE: [chef] How can I improve this cookbook?

On your security assumption - first of all, *all* security depends on the value of what you have to protect. If all you have on your server farm is your own G-rated vacation photos, your security needs are going to be different from if you are managing, say, health care or banking information or top-secret military info.

That said, even if you are behind a firewall, security should still be a concern. The key is defense in depth. Firewalls protect against one particular type of threat - and even then, the firewall can be misconfigured.

A firewall will not protect you against things such as:

- Rogue software (viruses) running behind your firewall.

- Rogue employees (insider threats are usually a bigger problem than outside hackers!)

- Information accidentally leaked - say, somebody accidentally posting sensitive information to Facebook or a mailing list.

- A well-meaning employee who knows just enough to be dangerous trying to help by "fixing" a chef cookbook for you.

Firewalls are great - and important - security devices. Think of it as a tool, one of many you should have in your kit. If you were to build a house, you wouldn't just use a hammer and think you'd end up with a quality building? Security is the same.

Kevin Keane

The NetTech

http://www.4nettech.com

Our values: Privacy, Liberty, Justice

See https://www.4nettech.com/corp/the-nettech-values.html

-----Original message-----
From: Jim Fluke < >
Sent: Monday 16th February 2015 17:22
To:
Subject: [chef] How can I improve this cookbook?

Ohai Chefs!

I have been working with Chef off and on for a while now, but mostly just doing experiments and training. Recently I have gotten more serious, and have written two cookbooks that install a web API and a web application that uses the API. They both work, but I would like to get some feedback on how they could be improved. To that end I have made the application cookbook public athttps://bitbucket.org/cira-dpc/searchciradata_cookbook

Let me know if you have trouble getting to it.

Note that this is all running inside our firewall, including the open source Chef server, so I don't think we need to worry to much about security, but if you disagree let me know about that too.

Thanks,
Jim

[chef] RE: How can I improve this cookbook?, Kevin Keane Subscription, 02/17/2015