From 8584dbf2a11dcd5220c0a8b03348b6f0719ef183 Mon Sep 17 00:00:00 2001
From: Alexander Kozlov <landergate@landergate.com>
Date: Mon, 14 Dec 2015 17:12:20 +0300
Subject: [PATCH 1/2] Added ability to manage security settings

By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
---
 apache/manage_security.sls | 33 +++++++++++++++++++++++++++++++++
 pillar.example             |  5 +++++
 2 files changed, 38 insertions(+)
 create mode 100644 apache/manage_security.sls

diff --git a/apache/manage_security.sls b/apache/manage_security.sls
new file mode 100644
index 0000000..6a57fe4
--- /dev/null
+++ b/apache/manage_security.sls
@@ -0,0 +1,33 @@
+{% if grains['os_family']=="Debian" %}
+
+{% from "apache/map.jinja" import apache with context %}
+
+include:
+  - apache
+
+{% if salt['file.file_exists' ]('/etc/apache2/conf-available/security.conf') %}
+apache_security-block:
+  file.blockreplace:
+    - name: /etc/apache2/conf-available/security.conf
+    - marker_start: "# START managed zone -DO-NOT-EDIT-"
+    - marker_end: "# END managed zone --"
+    - append_if_not_found: True
+    - show_changes: True
+    - require:
+      - pkg: apache
+    - watch_in:
+      - module: apache-reload
+
+{% for option, value in salt['pillar.get']('apache:security', {}).items() %}
+apache_manage-security-{{ option }}:
+  file.accumulated:
+    - filename: /etc/apache2/conf-available/security.conf
+    - name: apache_manage-security-add-{{ option }}
+    - text: "{{ option }} {{ value }}"
+    - require_in:
+      - file: apache_security-block
+{% endfor %}
+
+{% endif %}
+
+{% endif %}
\ No newline at end of file
diff --git a/pillar.example b/pillar.example
index 0dda7ac..0ddc9a0 100644
--- a/pillar.example
+++ b/pillar.example
@@ -115,3 +115,8 @@ apache:
       - ssl
     disabled:  # List modules to disable
       - rewrite
+
+  security:
+    # can be Full | OS | Minimal | Minor | Major | Prod
+    # where Full conveys the most information, and Prod the least.
+    ServerTokens: Prod

From 5a641d5b6a77fb4d5fc306a29fd76ff996fd1a9c Mon Sep 17 00:00:00 2001
From: Alexander Kozlov <landergate@landergate.com>
Date: Mon, 14 Dec 2015 17:14:32 +0300
Subject: [PATCH 2/2] Mentioned `apache.manage_security` at docs

---
 README.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.rst b/README.rst
index 83a97e6..8082aa0 100644
--- a/README.rst
+++ b/README.rst
@@ -99,6 +99,10 @@ Example Pillar:
         example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }}
           template_file: salt://apache/vhosts/standard.tmpl
 
+``apache.manage_security``
+--------------------------
+
+Configures Apache's security.conf options by reassinging them using data from Pillar.
 
 ``apache.debian_full``
 ----------------------