fix(yamllint): fix all errors

```bash
apache-formula$ yamllint -s .
./pillar.example
  2:1       warning  missing document start "---"  (document-start)
  5:26      warning  truthy value should be one of [false, true]  (truthy)
  50:18     warning  too few spaces before comment  (comments)
  51:16     warning  truthy value should be one of [false, true]  (truthy)
  52:57     warning  too few spaces before comment  (comments)
  52:89     error    line too long (104 > 88 characters)  (line-length)
  67:33     warning  truthy value should be one of [false, true]  (truthy)
  67:38     warning  too few spaces before comment  (comments)
  69:31     warning  too few spaces before comment  (comments)
  70:8      warning  missing starting space in comment  (comments)
  75:53     warning  too few spaces before comment  (comments)
  75:89     error    line too long (98 > 88 characters)  (line-length)
  76:55     warning  too few spaces before comment  (comments)
  76:89     error    line too long (101 > 88 characters)  (line-length)
  78:50     warning  too few spaces before comment  (comments)
  79:89     error    line too long (95 > 88 characters)  (line-length)
  82:47     warning  too few spaces before comment  (comments)
  83:54     warning  too few spaces before comment  (comments)
  83:89     error    line too long (100 > 88 characters)  (line-length)
  84:58     warning  too few spaces before comment  (comments)
  84:89     error    line too long (109 > 88 characters)  (line-length)
  93:32     warning  too few spaces before comment  (comments)
  100:89    error    line too long (105 > 88 characters)  (line-length)
  101:33    error    trailing spaces  (trailing-spaces)
  102:16    warning  truthy value should be one of [false, true]  (truthy)
  231:20    warning  truthy value should be one of [false, true]  (truthy)
  242:32    warning  too few spaces before comment  (comments)
  249:20    warning  truthy value should be one of [false, true]  (truthy)
  254:20    warning  truthy value should be one of [false, true]  (truthy)
  260:21    warning  truthy value should be one of [false, true]  (truthy)
  283:8     warning  missing starting space in comment  (comments)
  284:8     warning  missing starting space in comment  (comments)
  297:15    warning  too few spaces before comment  (comments)
  328:18    warning  truthy value should be one of [false, true]  (truthy)
  330:20    warning  truthy value should be one of [false, true]  (truthy)
  342:15    error    empty value in block mapping  (empty-values)
  345:18    warning  truthy value should be one of [false, true]  (truthy)
  348:18    warning  truthy value should be one of [false, true]  (truthy)
  355:18    warning  truthy value should be one of [false, true]  (truthy)
  358:89    error    line too long (91 > 88 characters)  (line-length)
  359:26    warning  truthy value should be one of [false, true]  (truthy)
  362:89    error    line too long (99 > 88 characters)  (line-length)
  365:89    error    line too long (267 > 88 characters)  (line-length)
  367:21    warning  truthy value should be one of [false, true]  (truthy)
  369:26    warning  truthy value should be one of [false, true]  (truthy)
  371:1     error    too many blank lines (1 > 0)  (empty-lines)

./apache/osfingermap.yaml
  3:1       warning  missing document start "---"  (document-start)

./apache/modsecurity.yaml
  4:1       warning  missing document start "---"  (document-start)
  6:18      warning  truthy value should be one of [false, true]  (truthy)
  7:20      warning  truthy value should be one of [false, true]  (truthy)
  14:18     warning  truthy value should be one of [false, true]  (truthy)
  15:20     warning  truthy value should be one of [false, true]  (truthy)
  22:18     warning  truthy value should be one of [false, true]  (truthy)
  23:20     warning  truthy value should be one of [false, true]  (truthy)

./apache/defaults.yaml
  4:1       warning  missing document start "---"  (document-start)
  5:26      warning  truthy value should be one of [false, true]  (truthy)
  7:19      warning  truthy value should be one of [false, true]  (truthy)
  10:18     warning  truthy value should be one of [false, true]  (truthy)
  11:20     warning  truthy value should be one of [false, true]  (truthy)

./apache/oscodenamemap.yaml
  4:1       warning  missing document start "---"  (document-start)
  4:8       error    trailing spaces  (trailing-spaces)
  9:8       error    trailing spaces  (trailing-spaces)
  14:7      error    trailing spaces  (trailing-spaces)
  19:6      error    trailing spaces  (trailing-spaces)
  24:8      error    trailing spaces  (trailing-spaces)
  29:9      error    trailing spaces  (trailing-spaces)
  34:7      error    trailing spaces  (trailing-spaces)
  39:8      error    trailing spaces  (trailing-spaces)
  44:8      error    trailing spaces  (trailing-spaces)
  50:9      error    trailing spaces  (trailing-spaces)
  61:1      error    too many blank lines (1 > 0)  (empty-lines)

./apache/osfamilymap.yaml
  4:1       warning  missing document start "---"  (document-start)
  16:89     error    line too long (104 > 88 characters)  (line-length)
  43:89     error    line too long (105 > 88 characters)  (line-length)
  56:16     warning  truthy value should be one of [false, true]  (truthy)
  114:11    error    empty value in block mapping  (empty-values)
  114:11    error    trailing spaces  (trailing-spaces)

./test/salt/pillar/default.sls
  5:26      warning  truthy value should be one of [false, true]  (truthy)
  7:18      warning  truthy value should be one of [false, true]  (truthy)
  8:20      warning  truthy value should be one of [false, true]  (truthy)
```
This commit is contained in:
Imran Iqbal 2019-10-17 04:48:22 +01:00
parent 68b971bd77
commit 97f6ead9f4
No known key found for this signature in database
GPG Key ID: 6D8629439D2B7819
7 changed files with 98 additions and 80 deletions

View File

@ -1,11 +1,11 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim: ft=yaml # vim: ft=yaml
---
apache: apache:
manage_service_states: True manage_service_states: true
service_state: running service_state: running
service_enable: True service_enable: true
mod_security: mod_security:
crs_install: False crs_install: false
manage_config: False manage_config: false

View File

@ -1,25 +1,25 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim: ft=yam # vim: ft=yaml
---
Debian: Debian:
mod_security: mod_security:
crs_install: False crs_install: false
manage_config: False manage_config: false
package: libapache2-mod-security2 package: libapache2-mod-security2
crs_package: modsecurity-crs crs_package: modsecurity-crs
config_file: /etc/modsecurity/modsecurity.conf-recommended config_file: /etc/modsecurity/modsecurity.conf-recommended
RedHat: RedHat:
mod_security: mod_security:
crs_install: False crs_install: false
manage_config: False manage_config: false
package: mod_security package: mod_security
crs_package: mod_security_crs crs_package: mod_security_crs
config_file: /etc/httpd/conf.d/mod_security.conf config_file: /etc/httpd/conf.d/mod_security.conf
Suse: Suse:
mod_security: mod_security:
crs_install: False crs_install: false
manage_config: False manage_config: false
package: apache2-mod_security2 package: apache2-mod_security2
config_file: /etc/apache2/conf.d/mod_security2.conf config_file: /etc/apache2/conf.d/mod_security2.conf

View File

@ -1,6 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim: ft=yaml # vim: ft=yaml
---
trusty: trusty:
confext: .conf confext: .conf
default_site: 000-default.conf default_site: 000-default.conf
@ -58,4 +58,3 @@ buster:
confext: .conf confext: .conf
default_site: 000-default.conf default_site: 000-default.conf
default_site_ssl: default-ssl.conf default_site_ssl: default-ssl.conf

View File

@ -1,6 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim: ft=yaml # vim: ft=yaml
---
Debian: Debian:
server: apache2 server: apache2
service: apache2 service: apache2
@ -13,6 +13,7 @@ Debian:
mod_php5: libapache2-mod-php5 mod_php5: libapache2-mod-php5
mod_perl2: libapache2-mod-perl2 mod_perl2: libapache2-mod-perl2
mod_fcgid: libapache2-mod-fcgid mod_fcgid: libapache2-mod-fcgid
# yamllint disable-line rule:line-length
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
mod_xsendfile: libapache2-mod-xsendfile mod_xsendfile: libapache2-mod-xsendfile
mod_fastcgi: libapache2-mod-fastcgi mod_fastcgi: libapache2-mod-fastcgi
@ -40,6 +41,7 @@ RedHat:
conf_mod_wsgi: /etc/httpd/conf.d/wsgi.conf conf_mod_wsgi: /etc/httpd/conf.d/wsgi.conf
mod_php5: php mod_php5: php
mod_fcgid: mod_fcgid mod_fcgid: mod_fcgid
# yamllint disable-line rule:line-length
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm
mod_geoip: mod_geoip mod_geoip: mod_geoip
mod_geoip_database: GeoIP mod_geoip_database: GeoIP
@ -53,7 +55,7 @@ RedHat:
logrotatedir: /etc/logrotate.d/httpd logrotatedir: /etc/logrotate.d/httpd
wwwdir: /var/www wwwdir: /var/www
default_charset: UTF-8 default_charset: UTF-8
use_require: False use_require: false
moddir: /etc/httpd/conf.modules.d moddir: /etc/httpd/conf.modules.d
Gentoo: Gentoo:
@ -111,7 +113,7 @@ FreeBSD:
modulesdir: /usr/local/etc/apache24/modules.d modulesdir: /usr/local/etc/apache24/modules.d
global_document_root: /usr/local/www/apache24/data global_document_root: /usr/local/www/apache24/data
confext: confext: ''
default_site: default default_site: default
default_site_ssl: default-ssl default_site_ssl: default-ssl
logdir: /var/log/ logdir: /var/log/

View File

@ -1,5 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim: ft=yaml # vim: ft=yaml
---
default: default:
version: '2.4' version: '2.4'
Ubuntu-12.04: Ubuntu-12.04:

View File

@ -1,8 +1,11 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# ``apache`` formula configuration: # ``apache`` formula configuration:
apache: apache:
# By default apache restart/reload states run (false skips) # By default apache restart/reload states run (false skips)
manage_service_states: True manage_service_states: true
# lookup section overrides ``map.jinja`` values # lookup section overrides ``map.jinja`` values
lookup: lookup:
@ -47,9 +50,10 @@ apache:
example.net: example.net:
template_file: salt://apache/vhosts/minimal.tmpl template_file: salt://apache/vhosts/minimal.tmpl
example.com: # must be unique; used as an ID declaration in Salt. example.com: # must be unique; used as an ID declaration in Salt.
enabled: True enabled: true
template_file: salt://apache/vhosts/standard.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl
template_file: salt://apache/vhosts/standard.tmpl
####################### DEFAULT VALUES BELOW ############################ ####################### DEFAULT VALUES BELOW ############################
# NOTE: the values below are simply default settings that *can* be # NOTE: the values below are simply default settings that *can* be
@ -64,42 +68,51 @@ apache:
interface: '*' interface: '*'
port: '80' port: '80'
exclude_listen_directive: True # Do not add a Listen directive in httpd.conf exclude_listen_directive: true # Do not add a Listen directive in httpd.conf
ServerName: example.com # uses the unique ID above unless specified ServerName: example.com # uses the unique ID above unless specified
#ServerAlias: www.example.com # Do not add ServerAlias unless defined # ServerAlias: www.example.com # Do not add ServerAlias unless defined
ServerAdmin: webmaster@example.com ServerAdmin: webmaster@example.com
LogLevel: warn LogLevel: warn
ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log
CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log ErrorLog: /path/to/logs/example.com-error.log
# E.g.: /var/log/apache2/example.com-access.log
CustomLog: /path/to/logs/example.com-access.log
DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com # E.g., /var/www/example.com
DocumentRootUser: null # do not enforce user, defaults to lookup:document_root_user DocumentRoot: /path/to/www/dir/example.com
DocumentRootGroup: www-data # Force group, defaults to lookup:document_root_group # do not enforce user, defaults to lookup:document_root_user
DocumentRootUser: null
# Force group, defaults to lookup:document_root_group
DocumentRootGroup: www-data
SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired # if ssl is desired
SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file SSLCertificateFile: /etc/ssl/mycert.pem
SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file # if key for cert is needed or in an extra file
SSLCertificateKeyFile: /etc/ssl/mycert.pem.key
# if you require a chain of server certificates file
SSLCertificateChainFile: /etc/ssl/mycert.chain.pem
Directory: Directory:
# "default" is a special case; uses DocumentRoot value # "default" is a special case; uses DocumentRoot value
# E.g.: /var/www/example.com # E.g.: /var/www/example.com
default: default:
Options: -Indexes +FollowSymLinks Options: -Indexes +FollowSymLinks
Order: allow,deny # For Apache < 2.4 Order: allow,deny # For Apache < 2.4
Allow: from all # For apache < 2.4 Allow: from all # For apache < 2.4
Require: all granted # For apache > 2.4. Require: all granted # For apache > 2.4.
AllowOverride: None AllowOverride: None
Formula_Append: | Formula_Append: |
Additional config as a Additional config as a
multi-line string here multi-line string here
redirectmatch.com: redirectmatch.com:
# Use RedirectMatch Directive https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch # Use RedirectMatch Directive
# - https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch
# Require module mod_alias # Require module mod_alias
enabled: True enabled: true
template_file: salt://apache/vhosts/redirect.tmpl template_file: salt://apache/vhosts/redirect.tmpl
ServerName: www.redirectmatch.com ServerName: www.redirectmatch.com
ServerAlias: www.redirectmatch.com ServerAlias: www.redirectmatch.com
@ -228,7 +241,7 @@ apache:
Location: Location:
/: /:
Require: False Require: false
Formula_Append: | Formula_Append: |
SecRuleRemoveById 981231 SecRuleRemoveById 981231
SecRuleRemoveById 981173 SecRuleRemoveById 981173
@ -237,27 +250,27 @@ apache:
Require: 'all granted' Require: 'all granted'
/docs: /docs:
Order: allow,deny # For Apache < 2.4 Order: allow,deny # For Apache < 2.4
Allow: from all # For apache < 2.4 Allow: from all # For apache < 2.4
Require: all granted # For apache > 2.4. Require: all granted # For apache > 2.4.
Formula_Append: | Formula_Append: |
Additional config as a Additional config as a
multi-line string here multi-line string here
LocationMatch: LocationMatch:
'^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]': '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':
Require: False Require: false
Formula_Append: | Formula_Append: |
RequestHeader set Host mail.example.com RequestHeader set Host mail.example.com
'^[.\\/]+([Ss][Vv][Cc])[.\\/]': '^[.\\/]+([Ss][Vv][Cc])[.\\/]':
Require: False Require: false
Formula_Append: | Formula_Append: |
Require ip 123.123.13.6 84.24.25.74 Require ip 123.123.13.6 84.24.25.74
Proxy_control: Proxy_control:
'*': '*':
AllowAll: False AllowAll: false
AllowCountry: AllowCountry:
- DE - DE
AllowIP: AllowIP:
@ -280,21 +293,21 @@ apache:
path: 'salt://path/to/sites-available/conf/file' path: 'salt://path/to/sites-available/conf/file'
state: 'enabled' state: 'enabled'
# Optional - use managed file as Jinja Template # Optional - use managed file as Jinja Template
#template: true # template: true
#defaults: # defaults:
# custom_var: "default value" # custom_var: "default value"
modules: modules:
enabled: # List modules to enable enabled: # List modules to enable
- ldap - ldap
- ssl - ssl
disabled: # List modules to disable disabled: # List modules to disable
- rewrite - rewrite
flags: flags:
enabled: # List server flags to enable enabled: # List server flags to enable
- SSL - SSL
disabled: # List server flags to disable disabled: # List server flags to disable
- status - status
# KeepAlive: Whether or not to allow persistent connections (more than # KeepAlive: Whether or not to allow persistent connections (more than
@ -325,9 +338,9 @@ apache:
# ``apache.mod_security`` formula additional configuration: # ``apache.mod_security`` formula additional configuration:
mod_security: mod_security:
crs_install: True crs_install: true
# If not set, default distro's configuration is installed as is # If not set, default distro's configuration is installed as is
manage_config: True manage_config: true
sec_rule_engine: 'On' sec_rule_engine: 'On'
sec_request_body_access: 'On' sec_request_body_access: 'On'
sec_request_body_limit: '14000000' sec_request_body_limit: '14000000'
@ -339,33 +352,36 @@ apache:
sec_debug_log_level: '3' sec_debug_log_level: '3'
rules: rules:
enabled: enabled: ~
modsecurity_crs_10_setup.conf: modsecurity_crs_10_setup.conf:
rule_set: '' rule_set: ''
enabled: True enabled: true
modsecurity_crs_20_protocol_violations.conf: modsecurity_crs_20_protocol_violations.conf:
rule_set: 'base_rules' rule_set: 'base_rules'
enabled: False enabled: false
custom_rule_files: custom_rule_files:
# any name as an array index, and you can duplicate this section # any name as an array index, and you can duplicate this section
UNIQUE_VALUE_HERE: UNIQUE_VALUE_HERE:
file: 'my name' file: 'my name'
path: 'salt://path/to/modsecurity/custom/file' path: 'salt://path/to/modsecurity/custom/file'
enabled: True enabled: true
mod_ssl: mod_ssl:
# set this to True if you want to override your distributions default TLS configuration # set this to true if you want to override your distributions default TLS
manage_tls_defaults: False # configuration
# This stuff is deliberately not configured via map.jinja resp. apache:lookup. manage_tls_defaults: false
# We're unable to know sane defaults for each release of every distribution. # This stuff is deliberately not configured via map.jinja resp.
# See https://github.com/saltstack-formulas/openssh-formula/issues/102 for a related discussion # apache:lookup. We're unable to know sane defaults for each release of
# Have a look at bettercrypto.org for up-to-date settings. # every distribution.
# See https://github.com/saltstack-formulas/openssh-formula/issues/102 for
# a related discussion Have a look at bettercrypto.org for up-to-date
# settings.
# These are default values: # These are default values:
# yamllint disable-line rule:line-length
SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
# Mitigate the CRIME attack # Mitigate the CRIME attack
SSLCompression: Off SSLCompression: 'Off'
SSLProtocol: all -SSLv2 -SSLv3 -TLSv1 SSLProtocol: all -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder: On SSLHonorCipherOrder: 'On'
SSLOptions: "+StrictRequire" SSLOptions: "+StrictRequire"

View File

@ -2,10 +2,10 @@
# vim: ft=yaml # vim: ft=yaml
--- ---
apache: apache:
manage_service_states: False manage_service_states: false
mod_security: mod_security:
crs_install: True crs_install: true
manage_config: True manage_config: true
sec_rule_engine: 'On' sec_rule_engine: 'On'
sec_request_body_access: 'On' sec_request_body_access: 'On'
sec_request_body_limit: '14000000' sec_request_body_limit: '14000000'