update tutorial

dev-sec · Jan 19, 2015 · c2afa95 · c2afa95
1 parent 810816e
commit c2afa95
Showing 1 changed file with 62 additions and 43 deletions.
diff --git a/TUTORIAL.md b/TUTORIAL.md
@@ -1,65 +1,84 @@
 # Tutorial
 
-## Deutsche Telekom AG
+If you start with chef for the first time, we advise you to use a virtual machine for testing.
 
-### Debian / Ubuntu
+## Debian / Ubuntu for testing with ChefDK
 
-1. Install ruby
+1. Install [ChefDK client](https://www.chef.io/download-chef-client/)
 
-        apt-get install ruby1.9.1-full
+We recommend to use Chef client in production environments instead of the ChefDK
 
-2. Install chef
+```bash
+apt-get install -y wget
+wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chefdk_0.3.5-1_amd64.deb
+dpkg -i chefdk_0.3.5-1_amd64.deb
+```
 
-        gem1.9.1 install chef
+3. Download the chef cookbook
 
-3. May be you have to adjust the `$PATH` variable
+```bash
+apt-get install git
+git clone https://github.com/TelekomLabs/chef-os-hardening.git chef-os-hardening
+```
 
-        export PATH=$PATH:/var/lib/gems/1.9.1/bin/
+4. Download cookbook dependences with [Berkshelf](http://berkshelf.com/)
 
-4. Download the chef cookbook
+```bash
+cd chef-os-hardening
+berks vendor ../cookbooks
+cd ..
+mv chef-os-hardening/ cookbooks/os-hardening
+```
 
-        git clone ......./chef-os-hardening
-
-5. Move hardening to `cookbooks`
-
-        mkdir cookbooks
-        mv chef-os-hardening cookbooks/os-hardening
-
-6. Download some dependences for the os-hardening cookbook
-
-        cd cookbooks
-        git clone https://github.com/onehealth-cookbooks/sysctl
-        git clone https://github.com/opscode-cookbooks/apt.git
-        git clone https://github.com/opscode-cookbooks/yum.git
-        git clone https://github.com/opscode-cookbooks/ohai.git
-        cd ..
-
-7. Create `solo.rb`
+5. Create `solo.rb`
 
     This file is used to specify the configuration details for chef-solo. So create a `solo.rb` that include the `cookbook_path`.
 
-        cookbook_path "cookbooks"
+```bash
+cat > solo.rb <<EOF
+root = File.absolute_path(File.dirname(__FILE__))
+node_name "localhost"
+file_cache_path root
+cookbook_path [ root + '/cookbooks', root + '/site-cookbooks' ]
+EOF
+```
 
-8. Create `solo.json`
+6. Create `solo.json`
 
     Chef-solo does not interact with the Chef Server. Consequently, node-specific attributes must be located in a JSON file on the target system. Create the following `solo.json`.
 
-        {
-            "security" : {"suid_sgid": {
-                "remove_from_unkown" : true,
-                "system_whitelist" : []
-                }
-            },
-            "run_list":[
-                "recipe[os-hardening]"
-            ]
+```bash
+cat > solo.json <<EOF
+{
+    "security" : {"suid_sgid": {
+        "remove_from_unkown" : true,
+        "system_whitelist" : []
         }
-
+    },
+    "run_list":[
+        "recipe[os-hardening]"
+    ]
+}
+EOF
+```
+
+7. Verify structure
+
+```bash
+# tree -L 2
+.
+|-- cookbooks
+|   |-- apt
+|   |-- ohai
+|   |-- os-hardening
+|   |-- sysctl
+|   `-- yum
+|-- solo.json
+`-- solo.rb
+```
 
 9. Run chef-solo
 
-        chef-solo -c solo.rb -j solo.json
-
-
-
-
+```bash
+chef-solo -c solo.rb -j solo.json
+```