From 97f6ead9f49691603a829b0d8937d996760fe887 Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Thu, 17 Oct 2019 04:48:22 +0100 Subject: [PATCH] fix(yamllint): fix all errors ```bash apache-formula$ yamllint -s . ./pillar.example 2:1 warning missing document start "---" (document-start) 5:26 warning truthy value should be one of [false, true] (truthy) 50:18 warning too few spaces before comment (comments) 51:16 warning truthy value should be one of [false, true] (truthy) 52:57 warning too few spaces before comment (comments) 52:89 error line too long (104 > 88 characters) (line-length) 67:33 warning truthy value should be one of [false, true] (truthy) 67:38 warning too few spaces before comment (comments) 69:31 warning too few spaces before comment (comments) 70:8 warning missing starting space in comment (comments) 75:53 warning too few spaces before comment (comments) 75:89 error line too long (98 > 88 characters) (line-length) 76:55 warning too few spaces before comment (comments) 76:89 error line too long (101 > 88 characters) (line-length) 78:50 warning too few spaces before comment (comments) 79:89 error line too long (95 > 88 characters) (line-length) 82:47 warning too few spaces before comment (comments) 83:54 warning too few spaces before comment (comments) 83:89 error line too long (100 > 88 characters) (line-length) 84:58 warning too few spaces before comment (comments) 84:89 error line too long (109 > 88 characters) (line-length) 93:32 warning too few spaces before comment (comments) 100:89 error line too long (105 > 88 characters) (line-length) 101:33 error trailing spaces (trailing-spaces) 102:16 warning truthy value should be one of [false, true] (truthy) 231:20 warning truthy value should be one of [false, true] (truthy) 242:32 warning too few spaces before comment (comments) 249:20 warning truthy value should be one of [false, true] (truthy) 254:20 warning truthy value should be one of [false, true] (truthy) 260:21 warning truthy value should be one of [false, true] (truthy) 283:8 warning missing starting space in comment (comments) 284:8 warning missing starting space in comment (comments) 297:15 warning too few spaces before comment (comments) 328:18 warning truthy value should be one of [false, true] (truthy) 330:20 warning truthy value should be one of [false, true] (truthy) 342:15 error empty value in block mapping (empty-values) 345:18 warning truthy value should be one of [false, true] (truthy) 348:18 warning truthy value should be one of [false, true] (truthy) 355:18 warning truthy value should be one of [false, true] (truthy) 358:89 error line too long (91 > 88 characters) (line-length) 359:26 warning truthy value should be one of [false, true] (truthy) 362:89 error line too long (99 > 88 characters) (line-length) 365:89 error line too long (267 > 88 characters) (line-length) 367:21 warning truthy value should be one of [false, true] (truthy) 369:26 warning truthy value should be one of [false, true] (truthy) 371:1 error too many blank lines (1 > 0) (empty-lines) ./apache/osfingermap.yaml 3:1 warning missing document start "---" (document-start) ./apache/modsecurity.yaml 4:1 warning missing document start "---" (document-start) 6:18 warning truthy value should be one of [false, true] (truthy) 7:20 warning truthy value should be one of [false, true] (truthy) 14:18 warning truthy value should be one of [false, true] (truthy) 15:20 warning truthy value should be one of [false, true] (truthy) 22:18 warning truthy value should be one of [false, true] (truthy) 23:20 warning truthy value should be one of [false, true] (truthy) ./apache/defaults.yaml 4:1 warning missing document start "---" (document-start) 5:26 warning truthy value should be one of [false, true] (truthy) 7:19 warning truthy value should be one of [false, true] (truthy) 10:18 warning truthy value should be one of [false, true] (truthy) 11:20 warning truthy value should be one of [false, true] (truthy) ./apache/oscodenamemap.yaml 4:1 warning missing document start "---" (document-start) 4:8 error trailing spaces (trailing-spaces) 9:8 error trailing spaces (trailing-spaces) 14:7 error trailing spaces (trailing-spaces) 19:6 error trailing spaces (trailing-spaces) 24:8 error trailing spaces (trailing-spaces) 29:9 error trailing spaces (trailing-spaces) 34:7 error trailing spaces (trailing-spaces) 39:8 error trailing spaces (trailing-spaces) 44:8 error trailing spaces (trailing-spaces) 50:9 error trailing spaces (trailing-spaces) 61:1 error too many blank lines (1 > 0) (empty-lines) ./apache/osfamilymap.yaml 4:1 warning missing document start "---" (document-start) 16:89 error line too long (104 > 88 characters) (line-length) 43:89 error line too long (105 > 88 characters) (line-length) 56:16 warning truthy value should be one of [false, true] (truthy) 114:11 error empty value in block mapping (empty-values) 114:11 error trailing spaces (trailing-spaces) ./test/salt/pillar/default.sls 5:26 warning truthy value should be one of [false, true] (truthy) 7:18 warning truthy value should be one of [false, true] (truthy) 8:20 warning truthy value should be one of [false, true] (truthy) ``` --- apache/defaults.yaml | 10 +-- apache/modsecurity.yaml | 16 ++--- apache/oscodenamemap.yaml | 23 ++++--- apache/osfamilymap.yaml | 8 ++- apache/osfingermap.yaml | 1 + pillar.example | 114 ++++++++++++++++++++--------------- test/salt/pillar/default.sls | 6 +- 7 files changed, 98 insertions(+), 80 deletions(-) diff --git a/apache/defaults.yaml b/apache/defaults.yaml index e0799e8..2dc0d66 100644 --- a/apache/defaults.yaml +++ b/apache/defaults.yaml @@ -1,11 +1,11 @@ # -*- coding: utf-8 -*- # vim: ft=yaml - +--- apache: - manage_service_states: True + manage_service_states: true service_state: running - service_enable: True + service_enable: true mod_security: - crs_install: False - manage_config: False + crs_install: false + manage_config: false diff --git a/apache/modsecurity.yaml b/apache/modsecurity.yaml index 2a089fe..858d6ff 100644 --- a/apache/modsecurity.yaml +++ b/apache/modsecurity.yaml @@ -1,25 +1,25 @@ # -*- coding: utf-8 -*- -# vim: ft=yam - +# vim: ft=yaml +--- Debian: mod_security: - crs_install: False - manage_config: False + crs_install: false + manage_config: false package: libapache2-mod-security2 crs_package: modsecurity-crs config_file: /etc/modsecurity/modsecurity.conf-recommended RedHat: mod_security: - crs_install: False - manage_config: False + crs_install: false + manage_config: false package: mod_security crs_package: mod_security_crs config_file: /etc/httpd/conf.d/mod_security.conf Suse: mod_security: - crs_install: False - manage_config: False + crs_install: false + manage_config: false package: apache2-mod_security2 config_file: /etc/apache2/conf.d/mod_security2.conf diff --git a/apache/oscodenamemap.yaml b/apache/oscodenamemap.yaml index 0949492..690abe4 100644 --- a/apache/oscodenamemap.yaml +++ b/apache/oscodenamemap.yaml @@ -1,53 +1,53 @@ # -*- coding: utf-8 -*- # vim: ft=yaml - -trusty: +--- +trusty: confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf -utopic: +utopic: confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf -vivid: +vivid: confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf -wily: +wily: confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf -xenial: +xenial: confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf -yakkety: +yakkety: confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf -zesty: +zesty: confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf -artful: +artful: confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf -jessie: +jessie: wwwdir: /var/www confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf -stretch: +stretch: wwwdir: /var/www confext: .conf default_site: 000-default.conf @@ -58,4 +58,3 @@ buster: confext: .conf default_site: 000-default.conf default_site_ssl: default-ssl.conf - diff --git a/apache/osfamilymap.yaml b/apache/osfamilymap.yaml index 16328cc..0a2fe88 100644 --- a/apache/osfamilymap.yaml +++ b/apache/osfamilymap.yaml @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # vim: ft=yaml - +--- Debian: server: apache2 service: apache2 @@ -13,6 +13,7 @@ Debian: mod_php5: libapache2-mod-php5 mod_perl2: libapache2-mod-perl2 mod_fcgid: libapache2-mod-fcgid + # yamllint disable-line rule:line-length mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb mod_xsendfile: libapache2-mod-xsendfile mod_fastcgi: libapache2-mod-fastcgi @@ -40,6 +41,7 @@ RedHat: conf_mod_wsgi: /etc/httpd/conf.d/wsgi.conf mod_php5: php mod_fcgid: mod_fcgid + # yamllint disable-line rule:line-length mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm mod_geoip: mod_geoip mod_geoip_database: GeoIP @@ -53,7 +55,7 @@ RedHat: logrotatedir: /etc/logrotate.d/httpd wwwdir: /var/www default_charset: UTF-8 - use_require: False + use_require: false moddir: /etc/httpd/conf.modules.d Gentoo: @@ -111,7 +113,7 @@ FreeBSD: modulesdir: /usr/local/etc/apache24/modules.d global_document_root: /usr/local/www/apache24/data - confext: + confext: '' default_site: default default_site_ssl: default-ssl logdir: /var/log/ diff --git a/apache/osfingermap.yaml b/apache/osfingermap.yaml index d7c688b..ce48e8c 100644 --- a/apache/osfingermap.yaml +++ b/apache/osfingermap.yaml @@ -1,5 +1,6 @@ # -*- coding: utf-8 -*- # vim: ft=yaml +--- default: version: '2.4' Ubuntu-12.04: diff --git a/pillar.example b/pillar.example index f3039fd..4d1443a 100644 --- a/pillar.example +++ b/pillar.example @@ -1,8 +1,11 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- # ``apache`` formula configuration: apache: # By default apache restart/reload states run (false skips) - manage_service_states: True + manage_service_states: true # lookup section overrides ``map.jinja`` values lookup: @@ -47,9 +50,10 @@ apache: example.net: template_file: salt://apache/vhosts/minimal.tmpl - example.com: # must be unique; used as an ID declaration in Salt. - enabled: True - template_file: salt://apache/vhosts/standard.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl + example.com: # must be unique; used as an ID declaration in Salt. + enabled: true + # or minimal.tmpl or redirect.tmpl or proxy.tmpl + template_file: salt://apache/vhosts/standard.tmpl ####################### DEFAULT VALUES BELOW ############################ # NOTE: the values below are simply default settings that *can* be @@ -64,42 +68,51 @@ apache: interface: '*' port: '80' - exclude_listen_directive: True # Do not add a Listen directive in httpd.conf + exclude_listen_directive: true # Do not add a Listen directive in httpd.conf - ServerName: example.com # uses the unique ID above unless specified - #ServerAlias: www.example.com # Do not add ServerAlias unless defined + ServerName: example.com # uses the unique ID above unless specified + # ServerAlias: www.example.com # Do not add ServerAlias unless defined ServerAdmin: webmaster@example.com LogLevel: warn - ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log - CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log + # E.g.: /var/log/apache2/example.com-error.log + ErrorLog: /path/to/logs/example.com-error.log + # E.g.: /var/log/apache2/example.com-access.log + CustomLog: /path/to/logs/example.com-access.log - DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com - DocumentRootUser: null # do not enforce user, defaults to lookup:document_root_user - DocumentRootGroup: www-data # Force group, defaults to lookup:document_root_group + # E.g., /var/www/example.com + DocumentRoot: /path/to/www/dir/example.com + # do not enforce user, defaults to lookup:document_root_user + DocumentRootUser: null + # Force group, defaults to lookup:document_root_group + DocumentRootGroup: www-data - SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired - SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file - SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file + # if ssl is desired + SSLCertificateFile: /etc/ssl/mycert.pem + # if key for cert is needed or in an extra file + SSLCertificateKeyFile: /etc/ssl/mycert.pem.key + # if you require a chain of server certificates file + SSLCertificateChainFile: /etc/ssl/mycert.chain.pem Directory: # "default" is a special case; uses DocumentRoot value # E.g.: /var/www/example.com default: Options: -Indexes +FollowSymLinks - Order: allow,deny # For Apache < 2.4 - Allow: from all # For apache < 2.4 - Require: all granted # For apache > 2.4. + Order: allow,deny # For Apache < 2.4 + Allow: from all # For apache < 2.4 + Require: all granted # For apache > 2.4. AllowOverride: None Formula_Append: | Additional config as a multi-line string here redirectmatch.com: - # Use RedirectMatch Directive https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch - # Require module mod_alias - enabled: True + # Use RedirectMatch Directive + # - https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch + # Require module mod_alias + enabled: true template_file: salt://apache/vhosts/redirect.tmpl ServerName: www.redirectmatch.com ServerAlias: www.redirectmatch.com @@ -228,7 +241,7 @@ apache: Location: /: - Require: False + Require: false Formula_Append: | SecRuleRemoveById 981231 SecRuleRemoveById 981173 @@ -237,27 +250,27 @@ apache: Require: 'all granted' /docs: - Order: allow,deny # For Apache < 2.4 - Allow: from all # For apache < 2.4 - Require: all granted # For apache > 2.4. + Order: allow,deny # For Apache < 2.4 + Allow: from all # For apache < 2.4 + Require: all granted # For apache > 2.4. Formula_Append: | Additional config as a multi-line string here LocationMatch: '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]': - Require: False + Require: false Formula_Append: | RequestHeader set Host mail.example.com '^[.\\/]+([Ss][Vv][Cc])[.\\/]': - Require: False + Require: false Formula_Append: | Require ip 123.123.13.6 84.24.25.74 Proxy_control: '*': - AllowAll: False + AllowAll: false AllowCountry: - DE AllowIP: @@ -280,21 +293,21 @@ apache: path: 'salt://path/to/sites-available/conf/file' state: 'enabled' # Optional - use managed file as Jinja Template - #template: true - #defaults: - # custom_var: "default value" + # template: true + # defaults: + # custom_var: "default value" modules: - enabled: # List modules to enable + enabled: # List modules to enable - ldap - ssl disabled: # List modules to disable - rewrite flags: - enabled: # List server flags to enable + enabled: # List server flags to enable - SSL - disabled: # List server flags to disable + disabled: # List server flags to disable - status # KeepAlive: Whether or not to allow persistent connections (more than @@ -325,9 +338,9 @@ apache: # ``apache.mod_security`` formula additional configuration: mod_security: - crs_install: True + crs_install: true # If not set, default distro's configuration is installed as is - manage_config: True + manage_config: true sec_rule_engine: 'On' sec_request_body_access: 'On' sec_request_body_limit: '14000000' @@ -339,33 +352,36 @@ apache: sec_debug_log_level: '3' rules: - enabled: + enabled: ~ modsecurity_crs_10_setup.conf: rule_set: '' - enabled: True + enabled: true modsecurity_crs_20_protocol_violations.conf: rule_set: 'base_rules' - enabled: False + enabled: false custom_rule_files: # any name as an array index, and you can duplicate this section UNIQUE_VALUE_HERE: file: 'my name' path: 'salt://path/to/modsecurity/custom/file' - enabled: True + enabled: true mod_ssl: - # set this to True if you want to override your distributions default TLS configuration - manage_tls_defaults: False - # This stuff is deliberately not configured via map.jinja resp. apache:lookup. - # We're unable to know sane defaults for each release of every distribution. - # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for a related discussion - # Have a look at bettercrypto.org for up-to-date settings. + # set this to true if you want to override your distributions default TLS + # configuration + manage_tls_defaults: false + # This stuff is deliberately not configured via map.jinja resp. + # apache:lookup. We're unable to know sane defaults for each release of + # every distribution. + # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for + # a related discussion Have a look at bettercrypto.org for up-to-date + # settings. # These are default values: + # yamllint disable-line rule:line-length SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA # Mitigate the CRIME attack - SSLCompression: Off + SSLCompression: 'Off' SSLProtocol: all -SSLv2 -SSLv3 -TLSv1 - SSLHonorCipherOrder: On + SSLHonorCipherOrder: 'On' SSLOptions: "+StrictRequire" - diff --git a/test/salt/pillar/default.sls b/test/salt/pillar/default.sls index 826adc6..2701fa1 100644 --- a/test/salt/pillar/default.sls +++ b/test/salt/pillar/default.sls @@ -2,10 +2,10 @@ # vim: ft=yaml --- apache: - manage_service_states: False + manage_service_states: false mod_security: - crs_install: True - manage_config: True + crs_install: true + manage_config: true sec_rule_engine: 'On' sec_request_body_access: 'On' sec_request_body_limit: '14000000'