ソースを参照

Added ability to manage security settings

By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
tags/v0.37.4
Alexander Kozlov 9年前
コミット
8584dbf2a1
2個のファイルの変更38行の追加0行の削除
  1. +33
    -0
      apache/manage_security.sls
  2. +5
    -0
      pillar.example

+ 33
- 0
apache/manage_security.sls ファイルの表示

@@ -0,0 +1,33 @@
{% if grains['os_family']=="Debian" %}

{% from "apache/map.jinja" import apache with context %}

include:
- apache

{% if salt['file.file_exists' ]('/etc/apache2/conf-available/security.conf') %}
apache_security-block:
file.blockreplace:
- name: /etc/apache2/conf-available/security.conf
- marker_start: "# START managed zone -DO-NOT-EDIT-"
- marker_end: "# END managed zone --"
- append_if_not_found: True
- show_changes: True
- require:
- pkg: apache
- watch_in:
- module: apache-reload

{% for option, value in salt['pillar.get']('apache:security', {}).items() %}
apache_manage-security-{{ option }}:
file.accumulated:
- filename: /etc/apache2/conf-available/security.conf
- name: apache_manage-security-add-{{ option }}
- text: "{{ option }} {{ value }}"
- require_in:
- file: apache_security-block
{% endfor %}

{% endif %}

{% endif %}

+ 5
- 0
pillar.example ファイルの表示

@@ -115,3 +115,8 @@ apache:
- ssl
disabled: # List modules to disable
- rewrite

security:
# can be Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
ServerTokens: Prod

読み込み中…
キャンセル
保存