* Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```tags/v0.5.0
--- | --- | ||||
stages: | stages: | ||||
- test | - test | ||||
- commitlint | |||||
- lint | |||||
- name: release | - name: release | ||||
if: branch = master AND type != pull_request | if: branch = master AND type != pull_request | ||||
jobs: | jobs: | ||||
include: | include: | ||||
# Define the commitlint stage | |||||
- stage: commitlint | |||||
# Define the `lint` stage (runs `yamllint` and `commitlint`) | |||||
- stage: lint | |||||
language: node_js | language: node_js | ||||
node_js: lts/* | node_js: lts/* | ||||
before_install: skip | before_install: skip | ||||
script: | script: | ||||
# Install and run `yamllint` | |||||
- pip install --user yamllint | |||||
# yamllint disable-line rule:line-length | |||||
- yamllint -s . .yamllint pillar.example test/salt/pillar/default.sls | |||||
# Install and run `commitlint` | |||||
- npm install @commitlint/config-conventional -D | - npm install @commitlint/config-conventional -D | ||||
- npm install @commitlint/travis-cli -D | - npm install @commitlint/travis-cli -D | ||||
- commitlint-travis | - commitlint-travis | ||||
# Define the release stage that runs semantic-release | |||||
# Define the release stage that runs `semantic-release` | |||||
- stage: release | - stage: release | ||||
language: node_js | language: node_js | ||||
node_js: lts/* | node_js: lts/* |
# -*- coding: utf-8 -*- | |||||
# vim: ft=yaml | |||||
--- | |||||
# Extend the `default` configuration provided by `yamllint` | |||||
extends: default | |||||
# Files to ignore completely | |||||
# 1. All YAML files under directory `node_modules/`, introduced during the Travis run | |||||
ignore: | | |||||
node_modules/ | |||||
rules: | |||||
line-length: | |||||
# Increase from default of `80` | |||||
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) | |||||
max: 88 |
# -*- coding: utf-8 -*- | |||||
# vim: ft=yaml | |||||
--- | |||||
ufw: | ufw: | ||||
enabled: True | |||||
enabled: true | |||||
settings: | settings: | ||||
loglevel: low | loglevel: low | ||||
ipv6: True | |||||
ipv6: true | |||||
default_input_policy: 'DROP' | default_input_policy: 'DROP' | ||||
default_output_policy: 'ACCEPT' | default_output_policy: 'ACCEPT' | ||||
default_forward_policy: 'DROP' | default_forward_policy: 'DROP' | ||||
default_application_policy: 'SKIP' | default_application_policy: 'SKIP' | ||||
manage_builtins: False | |||||
manage_builtins: false | |||||
ipt_sysctl: '/etc/ufw/sysctl.conf' | ipt_sysctl: '/etc/ufw/sysctl.conf' | ||||
ipt_modules: | ipt_modules: | ||||
- nf_conntrack_ftp | - nf_conntrack_ftp | ||||
# Deny from a specific port, by number. | # Deny from a specific port, by number. | ||||
140: | 140: | ||||
protocol: tcp | protocol: tcp | ||||
deny: True | |||||
deny: true | |||||
# Deny everything from a specific ip address | # Deny everything from a specific ip address | ||||
'*': | '*': | ||||
protocol: tcp | protocol: tcp | ||||
deny: True | |||||
deny: true | |||||
from_addr: 10.0.0.1 | from_addr: 10.0.0.1 | ||||
# Deny everything from multiple ip addresses and avoid | # Deny everything from multiple ip addresses and avoid | ||||
'*/multiple': | '*/multiple': | ||||
to_port: '*' | to_port: '*' | ||||
protocol: tcp | protocol: tcp | ||||
deny: True | |||||
deny: true | |||||
from_addr: | from_addr: | ||||
- 10.0.0.2 | - 10.0.0.2 | ||||
- 10.0.0.3 | - 10.0.0.3 | ||||
# Limit a specific port, by number. | # Limit a specific port, by number. | ||||
170: | 170: | ||||
limit: True | |||||
limit: true | |||||
protocol: tcp | protocol: tcp | ||||
comment: Print service | comment: Print service | ||||
# Allow applications defined at /etc/ufw/applications.d/ | # Allow applications defined at /etc/ufw/applications.d/ | ||||
applications: | applications: | ||||
OpenSSH: | OpenSSH: | ||||
enabled: True | |||||
enabled: true | |||||
comment: We are using fail2ban anyway | comment: We are using fail2ban anyway | ||||
# Limit access to salt master | # Limit access to salt master | ||||
Saltmaster: | Saltmaster: | ||||
limit: True | |||||
limit: true | |||||
# Deny access to Postgresql | # Deny access to Postgresql | ||||
Postgresql: | Postgresql: | ||||
deny: True | |||||
deny: true | |||||
# Allow all traffic in on the specified interface | # Allow all traffic in on the specified interface | ||||
interfaces: | interfaces: |
# -*- coding: utf-8 -*- | |||||
# vim: ft=yaml | |||||
--- | |||||
name: default | name: default | ||||
title: ufw formula | title: ufw formula | ||||
maintainer: SaltStack Formulas | maintainer: SaltStack Formulas |
# -*- coding: utf-8 -*- | |||||
# vim: ft=yaml | |||||
--- | |||||
ufw: | ufw: | ||||
enabled: True | |||||
enabled: true | |||||
settings: | settings: | ||||
loglevel: 'low' | loglevel: 'low' | ||||
applications: | applications: | ||||
MySQL: | MySQL: | ||||
comment: Allow MySQL | comment: Allow MySQL | ||||
Postgresql: | Postgresql: | ||||
limit: True | |||||
limit: true | |||||
comment: Limit Postgresql | comment: Limit Postgresql | ||||
SSH223: | SSH223: | ||||
deny: True | |||||
deny: true | |||||
comment: Deny Webscale SSH | comment: Deny Webscale SSH | ||||
'*': | '*': | ||||
deny: True | |||||
deny: true | |||||
from_addr: 10.0.0.0/8 | from_addr: 10.0.0.0/8 | ||||
services: | services: | ||||
'*': | '*': | ||||
deny: True | |||||
deny: true | |||||
from_addr: | from_addr: | ||||
- 10.0.0.1 | - 10.0.0.1 | ||||
- 10.0.0.2 | - 10.0.0.2 | ||||
'22': | '22': | ||||
protocol: tcp | protocol: tcp | ||||
limit: True | |||||
limit: true | |||||
comment: Limit SSH | comment: Limit SSH | ||||
'80': | '80': | ||||
protocol: tcp | protocol: tcp | ||||
deny: True | |||||
deny: true | |||||
comment: Deny HTTP | comment: Deny HTTP | ||||
'443': | '443': | ||||
protocol: tcp | protocol: tcp |