From 0590e4397386b102289bacd2f67ba03627d49abf Mon Sep 17 00:00:00 2001 From: Alexander Weidinger Date: Sun, 8 Jan 2017 13:45:36 +0100 Subject: [PATCH] FreeBSD: apache.manage_security --- apache/files/FreeBSD/apache-2.4.config.jinja | 7 +++++++ apache/files/FreeBSD/security.conf.jinja | 3 +++ apache/manage_security.sls | 14 ++++++++++++-- 3 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 apache/files/FreeBSD/security.conf.jinja diff --git a/apache/files/FreeBSD/apache-2.4.config.jinja b/apache/files/FreeBSD/apache-2.4.config.jinja index 2f9b8ec..35fcabc 100644 --- a/apache/files/FreeBSD/apache-2.4.config.jinja +++ b/apache/files/FreeBSD/apache-2.4.config.jinja @@ -519,5 +519,12 @@ SSLRandomSeed startup builtin SSLRandomSeed connect builtin +# Default Values +ServerTokens Prod +ServerSignature Off +TraceEnable Off +# Well, IncludeOptional behaved lile Include +IncludeOptional etc/apache24/extra/security.con[f] + Include etc/apache24/Includes/*.conf diff --git a/apache/files/FreeBSD/security.conf.jinja b/apache/files/FreeBSD/security.conf.jinja new file mode 100644 index 0000000..c52d269 --- /dev/null +++ b/apache/files/FreeBSD/security.conf.jinja @@ -0,0 +1,3 @@ +{% for option, value in salt['pillar.get']('apache:security', {}).items() -%} +{{ option }} {{ value }} +{% endfor %} diff --git a/apache/manage_security.sls b/apache/manage_security.sls index 970ecf3..c55a140 100644 --- a/apache/manage_security.sls +++ b/apache/manage_security.sls @@ -1,10 +1,10 @@ -{% if grains['os_family']=="Debian" %} - {% from "apache/map.jinja" import apache with context %} include: - apache +{% if grains['os_family']=="Debian" %} + {% if salt['file.file_exists' ]('/etc/apache2/conf-available/security.conf') %} apache_security-block: file.blockreplace: @@ -30,4 +30,14 @@ apache_manage-security-{{ option }}: {% endif %} +{% elif grains['os_family']=="FreeBSD" %} +{{ apache.confdir }}/security.conf: + file.managed: + - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/security.conf.jinja + - mode: 644 + - template: jinja + - require: + - pkg: apache + - watch_in: + - module: apache-restart {% endif %}