Merge pull request #98 from michaelforge/feature_manage-security

Added ability to manage security settings
This commit is contained in:
Forrest 2015-12-14 11:33:06 -08:00
commit 8df779fe12
3 changed files with 42 additions and 0 deletions

View File

@ -104,6 +104,10 @@ Example Pillar:
example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }} example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }}
template_file: salt://apache/vhosts/standard.tmpl template_file: salt://apache/vhosts/standard.tmpl
``apache.manage_security``
--------------------------
Configures Apache's security.conf options by reassinging them using data from Pillar.
``apache.debian_full`` ``apache.debian_full``
---------------------- ----------------------

View File

@ -0,0 +1,33 @@
{% if grains['os_family']=="Debian" %}
{% from "apache/map.jinja" import apache with context %}
include:
- apache
{% if salt['file.file_exists' ]('/etc/apache2/conf-available/security.conf') %}
apache_security-block:
file.blockreplace:
- name: /etc/apache2/conf-available/security.conf
- marker_start: "# START managed zone -DO-NOT-EDIT-"
- marker_end: "# END managed zone --"
- append_if_not_found: True
- show_changes: True
- require:
- pkg: apache
- watch_in:
- module: apache-reload
{% for option, value in salt['pillar.get']('apache:security', {}).items() %}
apache_manage-security-{{ option }}:
file.accumulated:
- filename: /etc/apache2/conf-available/security.conf
- name: apache_manage-security-add-{{ option }}
- text: "{{ option }} {{ value }}"
- require_in:
- file: apache_security-block
{% endfor %}
{% endif %}
{% endif %}

View File

@ -115,3 +115,8 @@ apache:
- ssl - ssl
disabled: # List modules to disable disabled: # List modules to disable
- rewrite - rewrite
security:
# can be Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
ServerTokens: Prod