Procházet zdrojové kódy

Merge pull request #98 from michaelforge/feature_manage-security

Added ability to manage security settings
tags/v0.37.4
Forrest před 9 roky
rodič
revize
8df779fe12
3 změnil soubory, kde provedl 42 přidání a 0 odebrání
  1. +4
    -0
      README.rst
  2. +33
    -0
      apache/manage_security.sls
  3. +5
    -0
      pillar.example

+ 4
- 0
README.rst Zobrazit soubor

@@ -104,6 +104,10 @@ Example Pillar:
example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }}
template_file: salt://apache/vhosts/standard.tmpl

``apache.manage_security``
--------------------------

Configures Apache's security.conf options by reassinging them using data from Pillar.

``apache.debian_full``
----------------------

+ 33
- 0
apache/manage_security.sls Zobrazit soubor

@@ -0,0 +1,33 @@
{% if grains['os_family']=="Debian" %}

{% from "apache/map.jinja" import apache with context %}

include:
- apache

{% if salt['file.file_exists' ]('/etc/apache2/conf-available/security.conf') %}
apache_security-block:
file.blockreplace:
- name: /etc/apache2/conf-available/security.conf
- marker_start: "# START managed zone -DO-NOT-EDIT-"
- marker_end: "# END managed zone --"
- append_if_not_found: True
- show_changes: True
- require:
- pkg: apache
- watch_in:
- module: apache-reload

{% for option, value in salt['pillar.get']('apache:security', {}).items() %}
apache_manage-security-{{ option }}:
file.accumulated:
- filename: /etc/apache2/conf-available/security.conf
- name: apache_manage-security-add-{{ option }}
- text: "{{ option }} {{ value }}"
- require_in:
- file: apache_security-block
{% endfor %}

{% endif %}

{% endif %}

+ 5
- 0
pillar.example Zobrazit soubor

@@ -115,3 +115,8 @@ apache:
- ssl
disabled: # List modules to disable
- rewrite

security:
# can be Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
ServerTokens: Prod

Načítá se…
Zrušit
Uložit