From e7198426450a7f6f6f8cff6f31c9268045990082 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Wed, 22 Jan 2014 09:02:08 -0500
Subject: [PATCH 1/7] Change default ssh port

Security through obscurity is generally questionable, but changing to a
non-default port does reduce automated scans substantially.  However, moving to
a port outside of the privelaged scope (above 1024) may have other consequences.
---
 manifests/site.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/site.pp b/manifests/site.pp
index 2e138c3..4575150 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -36,6 +36,7 @@ class { 'ssh::server':
 class { 'apache': }
 
 # CONFIGURATIONS
+ssh::server::configline { 'Port': value => '22984' }
 ssh::server::configline { 'PermitRootLogin': value => 'no' }
 ssh::server::configline { 'PasswordAuthentication': value => 'no' }
 ssh::server::configline { 'AllowUsers/1': value => 'atomaka' }

From bd29aec75b9d419356079c9a465e8f6cc7d29d87 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Wed, 22 Jan 2014 09:26:19 -0500
Subject: [PATCH 2/7] Add second user account

Implement "jeff" account with password and allow SSH access.  This account is
password protected, requiring a change to the SSH config file to allow
passwords.  Note that when possible, passwords should NOT be permitted for SSH
access.
---
 manifests/site.pp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 4575150..b32ceea 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,6 +1,7 @@
 # USERS
+# atomaka, with SSH key
 user { 'atomaka':
-  ensure     => 'present',
+  ensure     => present,
   groups     => ['sudo'],
   managehome => true,
   shell      => '/bin/zsh',
@@ -21,6 +22,13 @@ file { '/home/atomaka/.ssh/authorized_keys':
   content => file('/tmp/puppet/files/keys/atomaka'),
   require => File['/home/atomaka/.ssh'],
 }
+# jeff, with password
+user { 'jeff':
+  ensure     => present,
+  managehome => true,
+  shell      => '/bin/bash',
+  password   => '$6$.AURF9sE09Q$..S10CFY7G.AVXzSW//w6GoV6yPzBzdvyUl8a7oyYbW/XzBU.o6AdHxTgTkCSWb64zmN3QoKovoUyLJhE/MFP/'
+}
 
 # PACKAGES
 package { 'mosh': }
@@ -38,8 +46,9 @@ class { 'apache': }
 # CONFIGURATIONS
 ssh::server::configline { 'Port': value => '22984' }
 ssh::server::configline { 'PermitRootLogin': value => 'no' }
-ssh::server::configline { 'PasswordAuthentication': value => 'no' }
+ssh::server::configline { 'PasswordAuthentication': value => 'yes' }
 ssh::server::configline { 'AllowUsers/1': value => 'atomaka' }
+ssh::server::configline { 'AllowUsers/2': value => 'jeff' }
 
 sudo::conf { 'sudo':
   priority => 10,

From 800ef9377222c9751afcf2b7b18193e08e102373 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Wed, 22 Jan 2014 09:42:02 -0500
Subject: [PATCH 3/7] Allow both users to manage web content

---
 manifests/site.pp | 47 ++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 38 insertions(+), 9 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index b32ceea..6d185c2 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,11 +1,16 @@
+# GROUPS
+group { 'web':
+  ensure => present,
+}
+
 # USERS
 # atomaka, with SSH key
 user { 'atomaka':
   ensure     => present,
-  groups     => ['sudo'],
+  groups     => ['sudo', 'web'],
   managehome => true,
   shell      => '/bin/zsh',
-  require    => Package['zsh'],
+  require    => [ Package['zsh'], Group['web'] ]
 }
 file { '/home/atomaka/.ssh':
   ensure  => directory,
@@ -25,9 +30,11 @@ file { '/home/atomaka/.ssh/authorized_keys':
 # jeff, with password
 user { 'jeff':
   ensure     => present,
+  groups     => ['web'],
   managehome => true,
   shell      => '/bin/bash',
-  password   => '$6$.AURF9sE09Q$..S10CFY7G.AVXzSW//w6GoV6yPzBzdvyUl8a7oyYbW/XzBU.o6AdHxTgTkCSWb64zmN3QoKovoUyLJhE/MFP/'
+  password   => '$6$.AURF9sE09Q$..S10CFY7G.AVXzSW//w6GoV6yPzBzdvyUl8a7oyYbW/XzBU.o6AdHxTgTkCSWb64zmN3QoKovoUyLJhE/MFP/',
+  require    => Group['web'],
 }
 
 # PACKAGES
@@ -41,7 +48,10 @@ include sudo
 class { 'ssh::server':
   require => Class['augeas'],
 }
-class { 'apache': }
+
+class { 'apache':
+  default_vhost => false,
+}
 
 # CONFIGURATIONS
 ssh::server::configline { 'Port': value => '22984' }
@@ -55,9 +65,28 @@ sudo::conf { 'sudo':
   content  => "%sudo ALL=(ALL) NOPASSWD: ALL\n",
 }
 
-# FILES
-file { '/var/www/index.html':
-  ensure => present,
-  content => file('/tmp/puppet/files/index.html'),
-  require => Class['apache'],
+apache::vhost { 'tc362.atomaka.com':
+  default_vhost => true,
+  port          => '80',
+  docroot       => '/var/www/tc362.atomaka.com',
+  docroot_owner => 'atomaka',
+  docroot_group => 'web',
+}
+
+# FILES
+file { '/var/www/tc362.atomaka.com':
+  ensure => directory,
+  owner  => 'atomaka',
+  group  => 'web',
+  mode   => '2775',
+  before => Apache::Vhost['tc362.atomaka.com'],
+}
+
+file { '/var/www/tc362.atomaka.com/index.html':
+  ensure  => present,
+  owner   => 'atomaka',
+  group   => 'web',
+  mode    => '0664',
+  content => file('/tmp/puppet/files/index.html'),
+  require => File['/var/www/tc362.atomaka.com'],
 }

From 170e4e4391041e826f7dfd18ca746027c47bc4de Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Wed, 22 Jan 2014 09:47:06 -0500
Subject: [PATCH 4/7] Add update script; works like bootstrap script

Much copy and paste and should definitely be combined with the bootstrap script.
Oh well...
---
 update.sh | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 update.sh

diff --git a/update.sh b/update.sh
new file mode 100644
index 0000000..4797f60
--- /dev/null
+++ b/update.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# UPDATE SCRIPT - on a more clever day, I might merge this with bootstrap.sh
+# Can take a single param to allow a specific branch to be installed
+BRANCH=$1
+
+# TO BE RUN AS ROOT
+if [[ $(/usr/bin/id -u) -ne 0 ]]; then
+  echo "This script must be run as root"
+  exit
+fi
+
+# CLONE PUPPET REPOSITORY
+cd /tmp
+rm -rf puppet
+git clone https://github.com/atomaka/tc362.git puppet
+cd puppet
+
+if [ "$BRANCH" != "" ]; then
+  git fetch
+  git checkout $BRANCH
+fi
+
+# INSTALL MODULES
+librarian-puppet install
+
+# RUN MANIFEST
+puppet apply manifests/site.pp --modulepath=modules/

From 8746adcc926da9cc97281dc7a009721e39f820a6 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Wed, 22 Jan 2014 10:02:07 -0500
Subject: [PATCH 5/7] Update IP to hostname on faux shell prompt

---
 files/index.html | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/files/index.html b/files/index.html
index 66c8435..df67214 100644
--- a/files/index.html
+++ b/files/index.html
@@ -4,15 +4,7 @@
     <meta charset="utf-8">
     <title>Hello World</title>
     <style>
-      html {
-        height: 100%;
-        background: gray;
-      }
-
       body {
-        width: 500px;
-        min-height: 100%;
-
         margin: auto;
         padding: 5px;
 
@@ -54,14 +46,14 @@
   <body>
     <div>
       [<span class="time">16:01:42</span>]
-      <span class="username">atomaka</span>@<span class="server">162.243.226.212</span>
+      <span class="username">atomaka</span>@<span class="server">tc362.atomaka.com</span>
       <span class="pwd">~</span><br/>
       |<span class="good-prompt">-&gt;</span> Hello World<br/>
       zsh: command not found: Hello
     </div>
     <div>
       [<span class="time">16:02:10</span>]
-      <span class="username">atomaka</span>@<span class="server">162.243.226.212</span>
+      <span class="username">atomaka</span>@<span class="server">tc362.atomaka.com</span>
       <span class="pwd">~</span><br/>
       |<span class="bad-prompt">-&gt;</span> <span class="cursor">&nbsp;</span>
     </div>

From d911f56e65c7d0608c11425c478d05393f697bbb Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Wed, 22 Jan 2014 11:04:46 -0500
Subject: [PATCH 6/7] Add symlinks for easy web access

---
 manifests/site.pp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/manifests/site.pp b/manifests/site.pp
index 6d185c2..af2f9f9 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -90,3 +90,19 @@ file { '/var/www/tc362.atomaka.com/index.html':
   content => file('/tmp/puppet/files/index.html'),
   require => File['/var/www/tc362.atomaka.com'],
 }
+
+file { '/home/atomaka/web':
+  ensure  => link,
+  owner   => 'atomaka',
+  group   => 'atomaka',
+  target  => '/var/www/tc362.atomaka.com',
+  require => [ User['atomaka'], File['/var/www/tc362.atomaka.com'] ],
+}
+
+file { '/home/jeff/web':
+  ensure  => link,
+  owner   => 'jeff',
+  group   => 'jeff',
+  target  => '/var/www/tc362.atomaka.com',
+  require => [ User['jeff'], File['/var/www/tc362.atomaka.com'] ],
+}

From cf3d698bd70341271f70f043fc8d94162ee296b9 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Wed, 22 Jan 2014 11:27:57 -0500
Subject: [PATCH 7/7] Add text file with server IP

---
 week2/ip.txt | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 week2/ip.txt

diff --git a/week2/ip.txt b/week2/ip.txt
new file mode 100644
index 0000000..e195d50
--- /dev/null
+++ b/week2/ip.txt
@@ -0,0 +1 @@
+162.243.226.212