Search Unixdaemon.net (+blog)
Search WWW

---

Categories:

/books

/career

/codinghorrors

/events

/geekstuff

/justdont

/languages

/languages/bash

/linkshot

/magazines

/meta

/misctech

/movies

/nottech

/operatingsystems

/operatingsystems/linux

/operatingsystems/linux/debian

/operatingsystems/solaris

/perl

/presentations

/programming

/python

/ruby

/security

/security/apache

/security/tools

/serversmells

/services

/services/dns

/sites

/specifications

/sysadmin

/testing

/tools

/tools/commandline

/tools/firefox

/tools/gui

/tools/network

/tools/online

/tools/online/greasemonkey

/tools/puppet

/unixdaemon

---

Archives:

August 2010	1
July 2010	1
June 2010	4
May 2010	2
April 2010	1
March 2010	8
February 2010	1
January 2010	2
October 2009	2
September 2009	10
August 2009	10
July 2009	4
June 2009	1
April 2009	3
March 2009	7
February 2009	4
January 2009	17
Full Archives

---

• gitweb
• Blog Post Archive List
• Internet Explorer Plugins
• UK Number Mapper - Beta!
• Blog Posting Title Search - Beta!
• FreshMeat Projects
  • Vim Shortner
  • GoogleMailer
  • Delicious Link Checker
  • Blosxom TagCloud
  • Blosxom Immediate Action Feeds
• Mozilla Mycroft Searches
• Amazon Bookmarklets
• Nagios Plugins
• IE AddressBar Customisations
• Blosxom Plugins
• DQSD page
• Pragmatic Investment Plan
  • PiP - 2005/2006
  • PiP - 2004/2005
• Mini Projects
• Book Reviews
• Misc
• About Unixdaemon.net

Thu, 17 Sep 2009

Ubuntu Security Talk - Skills Matter September 2009
A couple of days ago I had the chance to attend a talk on PAM and AppArmor at Skills Matter. To be honest it wasn't what I expected, the subject level was very beginner focused, PAM only received scant coverage and the other tools were all old hands like a port scan with nmap or basic IP Tables rules.

The evenings highlight for me was the coverage of AppArmor, both because it's a very neat tech that seems orders of magnitude easier to use then SELinux and secondly because the last time I saw it mentioned was when Crispin Cowan spoke at GLLUG. It's great to see it in a mainline distro and I've added it back on to my experiment with list.

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

Posted: 2009/09/17 22:06 | /events | Permanent link to this entry | This entry and same date

---

Stand Alone Puppet
While Puppet can be used to manage large, complex environments it's also a useful tool at the lower end of the spectrum. Using just the puppet executable and a small inline class or two you can write very useful manifests in only a handful of lines.

class build-host {
  package { "build-essential": ensure => installed }
  package { "subversion":      ensure => installed }

  file { "/home/dwilson/repos/":
    ensure => directory,
    owner  => dwilson,
    group  => dwilson,
  }
}

node default {
  include build-host
}

To invoke the class you just run puppet -v build-host.pp. It's also worth pointing out the node name of default. This saves you manually changing the manifest whenever you move to another machine. While it wouldn't be hard to replace the above example with a shell script, by using puppet you can easily access the built-in abstractions (which package manager to use, how should you add users) and remove a lot of scaffolding code. And then when you're done you can promote the class to your managed infrastructure.

I've used this to bootstrap provisioning servers (why should the provisioning host be the only machine that wasn't provisioned?), test small but annoying new classes on scratch servers and I'm currently working on integrating it with a small subversion backup testing project in my spare time at work (so very slowly).

Like this post? - Digg Me! | Add to del.icio.us! | reddit this!

Posted: 2009/09/17 21:33 | /tools/puppet | Permanent link to this entry | This entry and same date

---

Copyright © 2000-2010 Dean Wilson