fix(yamllint): fix all errors
```bash apache-formula$ yamllint -s . ./pillar.example 2:1 warning missing document start "---" (document-start) 5:26 warning truthy value should be one of [false, true] (truthy) 50:18 warning too few spaces before comment (comments) 51:16 warning truthy value should be one of [false, true] (truthy) 52:57 warning too few spaces before comment (comments) 52:89 error line too long (104 > 88 characters) (line-length) 67:33 warning truthy value should be one of [false, true] (truthy) 67:38 warning too few spaces before comment (comments) 69:31 warning too few spaces before comment (comments) 70:8 warning missing starting space in comment (comments) 75:53 warning too few spaces before comment (comments) 75:89 error line too long (98 > 88 characters) (line-length) 76:55 warning too few spaces before comment (comments) 76:89 error line too long (101 > 88 characters) (line-length) 78:50 warning too few spaces before comment (comments) 79:89 error line too long (95 > 88 characters) (line-length) 82:47 warning too few spaces before comment (comments) 83:54 warning too few spaces before comment (comments) 83:89 error line too long (100 > 88 characters) (line-length) 84:58 warning too few spaces before comment (comments) 84:89 error line too long (109 > 88 characters) (line-length) 93:32 warning too few spaces before comment (comments) 100:89 error line too long (105 > 88 characters) (line-length) 101:33 error trailing spaces (trailing-spaces) 102:16 warning truthy value should be one of [false, true] (truthy) 231:20 warning truthy value should be one of [false, true] (truthy) 242:32 warning too few spaces before comment (comments) 249:20 warning truthy value should be one of [false, true] (truthy) 254:20 warning truthy value should be one of [false, true] (truthy) 260:21 warning truthy value should be one of [false, true] (truthy) 283:8 warning missing starting space in comment (comments) 284:8 warning missing starting space in comment (comments) 297:15 warning too few spaces before comment (comments) 328:18 warning truthy value should be one of [false, true] (truthy) 330:20 warning truthy value should be one of [false, true] (truthy) 342:15 error empty value in block mapping (empty-values) 345:18 warning truthy value should be one of [false, true] (truthy) 348:18 warning truthy value should be one of [false, true] (truthy) 355:18 warning truthy value should be one of [false, true] (truthy) 358:89 error line too long (91 > 88 characters) (line-length) 359:26 warning truthy value should be one of [false, true] (truthy) 362:89 error line too long (99 > 88 characters) (line-length) 365:89 error line too long (267 > 88 characters) (line-length) 367:21 warning truthy value should be one of [false, true] (truthy) 369:26 warning truthy value should be one of [false, true] (truthy) 371:1 error too many blank lines (1 > 0) (empty-lines) ./apache/osfingermap.yaml 3:1 warning missing document start "---" (document-start) ./apache/modsecurity.yaml 4:1 warning missing document start "---" (document-start) 6:18 warning truthy value should be one of [false, true] (truthy) 7:20 warning truthy value should be one of [false, true] (truthy) 14:18 warning truthy value should be one of [false, true] (truthy) 15:20 warning truthy value should be one of [false, true] (truthy) 22:18 warning truthy value should be one of [false, true] (truthy) 23:20 warning truthy value should be one of [false, true] (truthy) ./apache/defaults.yaml 4:1 warning missing document start "---" (document-start) 5:26 warning truthy value should be one of [false, true] (truthy) 7:19 warning truthy value should be one of [false, true] (truthy) 10:18 warning truthy value should be one of [false, true] (truthy) 11:20 warning truthy value should be one of [false, true] (truthy) ./apache/oscodenamemap.yaml 4:1 warning missing document start "---" (document-start) 4:8 error trailing spaces (trailing-spaces) 9:8 error trailing spaces (trailing-spaces) 14:7 error trailing spaces (trailing-spaces) 19:6 error trailing spaces (trailing-spaces) 24:8 error trailing spaces (trailing-spaces) 29:9 error trailing spaces (trailing-spaces) 34:7 error trailing spaces (trailing-spaces) 39:8 error trailing spaces (trailing-spaces) 44:8 error trailing spaces (trailing-spaces) 50:9 error trailing spaces (trailing-spaces) 61:1 error too many blank lines (1 > 0) (empty-lines) ./apache/osfamilymap.yaml 4:1 warning missing document start "---" (document-start) 16:89 error line too long (104 > 88 characters) (line-length) 43:89 error line too long (105 > 88 characters) (line-length) 56:16 warning truthy value should be one of [false, true] (truthy) 114:11 error empty value in block mapping (empty-values) 114:11 error trailing spaces (trailing-spaces) ./test/salt/pillar/default.sls 5:26 warning truthy value should be one of [false, true] (truthy) 7:18 warning truthy value should be one of [false, true] (truthy) 8:20 warning truthy value should be one of [false, true] (truthy) ```
This commit is contained in:
parent
68b971bd77
commit
97f6ead9f4
@ -1,11 +1,11 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
# vim: ft=yaml
|
# vim: ft=yaml
|
||||||
|
---
|
||||||
apache:
|
apache:
|
||||||
manage_service_states: True
|
manage_service_states: true
|
||||||
service_state: running
|
service_state: running
|
||||||
service_enable: True
|
service_enable: true
|
||||||
|
|
||||||
mod_security:
|
mod_security:
|
||||||
crs_install: False
|
crs_install: false
|
||||||
manage_config: False
|
manage_config: false
|
||||||
|
@ -1,25 +1,25 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
# vim: ft=yam
|
# vim: ft=yaml
|
||||||
|
---
|
||||||
Debian:
|
Debian:
|
||||||
mod_security:
|
mod_security:
|
||||||
crs_install: False
|
crs_install: false
|
||||||
manage_config: False
|
manage_config: false
|
||||||
package: libapache2-mod-security2
|
package: libapache2-mod-security2
|
||||||
crs_package: modsecurity-crs
|
crs_package: modsecurity-crs
|
||||||
config_file: /etc/modsecurity/modsecurity.conf-recommended
|
config_file: /etc/modsecurity/modsecurity.conf-recommended
|
||||||
|
|
||||||
RedHat:
|
RedHat:
|
||||||
mod_security:
|
mod_security:
|
||||||
crs_install: False
|
crs_install: false
|
||||||
manage_config: False
|
manage_config: false
|
||||||
package: mod_security
|
package: mod_security
|
||||||
crs_package: mod_security_crs
|
crs_package: mod_security_crs
|
||||||
config_file: /etc/httpd/conf.d/mod_security.conf
|
config_file: /etc/httpd/conf.d/mod_security.conf
|
||||||
|
|
||||||
Suse:
|
Suse:
|
||||||
mod_security:
|
mod_security:
|
||||||
crs_install: False
|
crs_install: false
|
||||||
manage_config: False
|
manage_config: false
|
||||||
package: apache2-mod_security2
|
package: apache2-mod_security2
|
||||||
config_file: /etc/apache2/conf.d/mod_security2.conf
|
config_file: /etc/apache2/conf.d/mod_security2.conf
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
# vim: ft=yaml
|
# vim: ft=yaml
|
||||||
|
---
|
||||||
trusty:
|
trusty:
|
||||||
confext: .conf
|
confext: .conf
|
||||||
default_site: 000-default.conf
|
default_site: 000-default.conf
|
||||||
@ -58,4 +58,3 @@ buster:
|
|||||||
confext: .conf
|
confext: .conf
|
||||||
default_site: 000-default.conf
|
default_site: 000-default.conf
|
||||||
default_site_ssl: default-ssl.conf
|
default_site_ssl: default-ssl.conf
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
# vim: ft=yaml
|
# vim: ft=yaml
|
||||||
|
---
|
||||||
Debian:
|
Debian:
|
||||||
server: apache2
|
server: apache2
|
||||||
service: apache2
|
service: apache2
|
||||||
@ -13,6 +13,7 @@ Debian:
|
|||||||
mod_php5: libapache2-mod-php5
|
mod_php5: libapache2-mod-php5
|
||||||
mod_perl2: libapache2-mod-perl2
|
mod_perl2: libapache2-mod-perl2
|
||||||
mod_fcgid: libapache2-mod-fcgid
|
mod_fcgid: libapache2-mod-fcgid
|
||||||
|
# yamllint disable-line rule:line-length
|
||||||
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
|
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
|
||||||
mod_xsendfile: libapache2-mod-xsendfile
|
mod_xsendfile: libapache2-mod-xsendfile
|
||||||
mod_fastcgi: libapache2-mod-fastcgi
|
mod_fastcgi: libapache2-mod-fastcgi
|
||||||
@ -40,6 +41,7 @@ RedHat:
|
|||||||
conf_mod_wsgi: /etc/httpd/conf.d/wsgi.conf
|
conf_mod_wsgi: /etc/httpd/conf.d/wsgi.conf
|
||||||
mod_php5: php
|
mod_php5: php
|
||||||
mod_fcgid: mod_fcgid
|
mod_fcgid: mod_fcgid
|
||||||
|
# yamllint disable-line rule:line-length
|
||||||
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm
|
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm
|
||||||
mod_geoip: mod_geoip
|
mod_geoip: mod_geoip
|
||||||
mod_geoip_database: GeoIP
|
mod_geoip_database: GeoIP
|
||||||
@ -53,7 +55,7 @@ RedHat:
|
|||||||
logrotatedir: /etc/logrotate.d/httpd
|
logrotatedir: /etc/logrotate.d/httpd
|
||||||
wwwdir: /var/www
|
wwwdir: /var/www
|
||||||
default_charset: UTF-8
|
default_charset: UTF-8
|
||||||
use_require: False
|
use_require: false
|
||||||
moddir: /etc/httpd/conf.modules.d
|
moddir: /etc/httpd/conf.modules.d
|
||||||
|
|
||||||
Gentoo:
|
Gentoo:
|
||||||
@ -111,7 +113,7 @@ FreeBSD:
|
|||||||
modulesdir: /usr/local/etc/apache24/modules.d
|
modulesdir: /usr/local/etc/apache24/modules.d
|
||||||
global_document_root: /usr/local/www/apache24/data
|
global_document_root: /usr/local/www/apache24/data
|
||||||
|
|
||||||
confext:
|
confext: ''
|
||||||
default_site: default
|
default_site: default
|
||||||
default_site_ssl: default-ssl
|
default_site_ssl: default-ssl
|
||||||
logdir: /var/log/
|
logdir: /var/log/
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
# vim: ft=yaml
|
# vim: ft=yaml
|
||||||
|
---
|
||||||
default:
|
default:
|
||||||
version: '2.4'
|
version: '2.4'
|
||||||
Ubuntu-12.04:
|
Ubuntu-12.04:
|
||||||
|
112
pillar.example
112
pillar.example
@ -1,8 +1,11 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# vim: ft=yaml
|
||||||
|
---
|
||||||
# ``apache`` formula configuration:
|
# ``apache`` formula configuration:
|
||||||
apache:
|
apache:
|
||||||
|
|
||||||
# By default apache restart/reload states run (false skips)
|
# By default apache restart/reload states run (false skips)
|
||||||
manage_service_states: True
|
manage_service_states: true
|
||||||
|
|
||||||
# lookup section overrides ``map.jinja`` values
|
# lookup section overrides ``map.jinja`` values
|
||||||
lookup:
|
lookup:
|
||||||
@ -47,9 +50,10 @@ apache:
|
|||||||
example.net:
|
example.net:
|
||||||
template_file: salt://apache/vhosts/minimal.tmpl
|
template_file: salt://apache/vhosts/minimal.tmpl
|
||||||
|
|
||||||
example.com: # must be unique; used as an ID declaration in Salt.
|
example.com: # must be unique; used as an ID declaration in Salt.
|
||||||
enabled: True
|
enabled: true
|
||||||
template_file: salt://apache/vhosts/standard.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl
|
# or minimal.tmpl or redirect.tmpl or proxy.tmpl
|
||||||
|
template_file: salt://apache/vhosts/standard.tmpl
|
||||||
|
|
||||||
####################### DEFAULT VALUES BELOW ############################
|
####################### DEFAULT VALUES BELOW ############################
|
||||||
# NOTE: the values below are simply default settings that *can* be
|
# NOTE: the values below are simply default settings that *can* be
|
||||||
@ -64,42 +68,51 @@ apache:
|
|||||||
interface: '*'
|
interface: '*'
|
||||||
port: '80'
|
port: '80'
|
||||||
|
|
||||||
exclude_listen_directive: True # Do not add a Listen directive in httpd.conf
|
exclude_listen_directive: true # Do not add a Listen directive in httpd.conf
|
||||||
|
|
||||||
ServerName: example.com # uses the unique ID above unless specified
|
ServerName: example.com # uses the unique ID above unless specified
|
||||||
#ServerAlias: www.example.com # Do not add ServerAlias unless defined
|
# ServerAlias: www.example.com # Do not add ServerAlias unless defined
|
||||||
|
|
||||||
ServerAdmin: webmaster@example.com
|
ServerAdmin: webmaster@example.com
|
||||||
|
|
||||||
LogLevel: warn
|
LogLevel: warn
|
||||||
ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log
|
# E.g.: /var/log/apache2/example.com-error.log
|
||||||
CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log
|
ErrorLog: /path/to/logs/example.com-error.log
|
||||||
|
# E.g.: /var/log/apache2/example.com-access.log
|
||||||
|
CustomLog: /path/to/logs/example.com-access.log
|
||||||
|
|
||||||
DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com
|
# E.g., /var/www/example.com
|
||||||
DocumentRootUser: null # do not enforce user, defaults to lookup:document_root_user
|
DocumentRoot: /path/to/www/dir/example.com
|
||||||
DocumentRootGroup: www-data # Force group, defaults to lookup:document_root_group
|
# do not enforce user, defaults to lookup:document_root_user
|
||||||
|
DocumentRootUser: null
|
||||||
|
# Force group, defaults to lookup:document_root_group
|
||||||
|
DocumentRootGroup: www-data
|
||||||
|
|
||||||
SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired
|
# if ssl is desired
|
||||||
SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file
|
SSLCertificateFile: /etc/ssl/mycert.pem
|
||||||
SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file
|
# if key for cert is needed or in an extra file
|
||||||
|
SSLCertificateKeyFile: /etc/ssl/mycert.pem.key
|
||||||
|
# if you require a chain of server certificates file
|
||||||
|
SSLCertificateChainFile: /etc/ssl/mycert.chain.pem
|
||||||
|
|
||||||
Directory:
|
Directory:
|
||||||
# "default" is a special case; uses DocumentRoot value
|
# "default" is a special case; uses DocumentRoot value
|
||||||
# E.g.: /var/www/example.com
|
# E.g.: /var/www/example.com
|
||||||
default:
|
default:
|
||||||
Options: -Indexes +FollowSymLinks
|
Options: -Indexes +FollowSymLinks
|
||||||
Order: allow,deny # For Apache < 2.4
|
Order: allow,deny # For Apache < 2.4
|
||||||
Allow: from all # For apache < 2.4
|
Allow: from all # For apache < 2.4
|
||||||
Require: all granted # For apache > 2.4.
|
Require: all granted # For apache > 2.4.
|
||||||
AllowOverride: None
|
AllowOverride: None
|
||||||
Formula_Append: |
|
Formula_Append: |
|
||||||
Additional config as a
|
Additional config as a
|
||||||
multi-line string here
|
multi-line string here
|
||||||
|
|
||||||
redirectmatch.com:
|
redirectmatch.com:
|
||||||
# Use RedirectMatch Directive https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch
|
# Use RedirectMatch Directive
|
||||||
|
# - https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch
|
||||||
# Require module mod_alias
|
# Require module mod_alias
|
||||||
enabled: True
|
enabled: true
|
||||||
template_file: salt://apache/vhosts/redirect.tmpl
|
template_file: salt://apache/vhosts/redirect.tmpl
|
||||||
ServerName: www.redirectmatch.com
|
ServerName: www.redirectmatch.com
|
||||||
ServerAlias: www.redirectmatch.com
|
ServerAlias: www.redirectmatch.com
|
||||||
@ -228,7 +241,7 @@ apache:
|
|||||||
|
|
||||||
Location:
|
Location:
|
||||||
/:
|
/:
|
||||||
Require: False
|
Require: false
|
||||||
Formula_Append: |
|
Formula_Append: |
|
||||||
SecRuleRemoveById 981231
|
SecRuleRemoveById 981231
|
||||||
SecRuleRemoveById 981173
|
SecRuleRemoveById 981173
|
||||||
@ -237,27 +250,27 @@ apache:
|
|||||||
Require: 'all granted'
|
Require: 'all granted'
|
||||||
|
|
||||||
/docs:
|
/docs:
|
||||||
Order: allow,deny # For Apache < 2.4
|
Order: allow,deny # For Apache < 2.4
|
||||||
Allow: from all # For apache < 2.4
|
Allow: from all # For apache < 2.4
|
||||||
Require: all granted # For apache > 2.4.
|
Require: all granted # For apache > 2.4.
|
||||||
Formula_Append: |
|
Formula_Append: |
|
||||||
Additional config as a
|
Additional config as a
|
||||||
multi-line string here
|
multi-line string here
|
||||||
|
|
||||||
LocationMatch:
|
LocationMatch:
|
||||||
'^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':
|
'^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':
|
||||||
Require: False
|
Require: false
|
||||||
Formula_Append: |
|
Formula_Append: |
|
||||||
RequestHeader set Host mail.example.com
|
RequestHeader set Host mail.example.com
|
||||||
|
|
||||||
'^[.\\/]+([Ss][Vv][Cc])[.\\/]':
|
'^[.\\/]+([Ss][Vv][Cc])[.\\/]':
|
||||||
Require: False
|
Require: false
|
||||||
Formula_Append: |
|
Formula_Append: |
|
||||||
Require ip 123.123.13.6 84.24.25.74
|
Require ip 123.123.13.6 84.24.25.74
|
||||||
|
|
||||||
Proxy_control:
|
Proxy_control:
|
||||||
'*':
|
'*':
|
||||||
AllowAll: False
|
AllowAll: false
|
||||||
AllowCountry:
|
AllowCountry:
|
||||||
- DE
|
- DE
|
||||||
AllowIP:
|
AllowIP:
|
||||||
@ -280,21 +293,21 @@ apache:
|
|||||||
path: 'salt://path/to/sites-available/conf/file'
|
path: 'salt://path/to/sites-available/conf/file'
|
||||||
state: 'enabled'
|
state: 'enabled'
|
||||||
# Optional - use managed file as Jinja Template
|
# Optional - use managed file as Jinja Template
|
||||||
#template: true
|
# template: true
|
||||||
#defaults:
|
# defaults:
|
||||||
# custom_var: "default value"
|
# custom_var: "default value"
|
||||||
|
|
||||||
modules:
|
modules:
|
||||||
enabled: # List modules to enable
|
enabled: # List modules to enable
|
||||||
- ldap
|
- ldap
|
||||||
- ssl
|
- ssl
|
||||||
disabled: # List modules to disable
|
disabled: # List modules to disable
|
||||||
- rewrite
|
- rewrite
|
||||||
|
|
||||||
flags:
|
flags:
|
||||||
enabled: # List server flags to enable
|
enabled: # List server flags to enable
|
||||||
- SSL
|
- SSL
|
||||||
disabled: # List server flags to disable
|
disabled: # List server flags to disable
|
||||||
- status
|
- status
|
||||||
|
|
||||||
# KeepAlive: Whether or not to allow persistent connections (more than
|
# KeepAlive: Whether or not to allow persistent connections (more than
|
||||||
@ -325,9 +338,9 @@ apache:
|
|||||||
|
|
||||||
# ``apache.mod_security`` formula additional configuration:
|
# ``apache.mod_security`` formula additional configuration:
|
||||||
mod_security:
|
mod_security:
|
||||||
crs_install: True
|
crs_install: true
|
||||||
# If not set, default distro's configuration is installed as is
|
# If not set, default distro's configuration is installed as is
|
||||||
manage_config: True
|
manage_config: true
|
||||||
sec_rule_engine: 'On'
|
sec_rule_engine: 'On'
|
||||||
sec_request_body_access: 'On'
|
sec_request_body_access: 'On'
|
||||||
sec_request_body_limit: '14000000'
|
sec_request_body_limit: '14000000'
|
||||||
@ -339,33 +352,36 @@ apache:
|
|||||||
sec_debug_log_level: '3'
|
sec_debug_log_level: '3'
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
enabled:
|
enabled: ~
|
||||||
modsecurity_crs_10_setup.conf:
|
modsecurity_crs_10_setup.conf:
|
||||||
rule_set: ''
|
rule_set: ''
|
||||||
enabled: True
|
enabled: true
|
||||||
modsecurity_crs_20_protocol_violations.conf:
|
modsecurity_crs_20_protocol_violations.conf:
|
||||||
rule_set: 'base_rules'
|
rule_set: 'base_rules'
|
||||||
enabled: False
|
enabled: false
|
||||||
|
|
||||||
custom_rule_files:
|
custom_rule_files:
|
||||||
# any name as an array index, and you can duplicate this section
|
# any name as an array index, and you can duplicate this section
|
||||||
UNIQUE_VALUE_HERE:
|
UNIQUE_VALUE_HERE:
|
||||||
file: 'my name'
|
file: 'my name'
|
||||||
path: 'salt://path/to/modsecurity/custom/file'
|
path: 'salt://path/to/modsecurity/custom/file'
|
||||||
enabled: True
|
enabled: true
|
||||||
|
|
||||||
mod_ssl:
|
mod_ssl:
|
||||||
# set this to True if you want to override your distributions default TLS configuration
|
# set this to true if you want to override your distributions default TLS
|
||||||
manage_tls_defaults: False
|
# configuration
|
||||||
# This stuff is deliberately not configured via map.jinja resp. apache:lookup.
|
manage_tls_defaults: false
|
||||||
# We're unable to know sane defaults for each release of every distribution.
|
# This stuff is deliberately not configured via map.jinja resp.
|
||||||
# See https://github.com/saltstack-formulas/openssh-formula/issues/102 for a related discussion
|
# apache:lookup. We're unable to know sane defaults for each release of
|
||||||
# Have a look at bettercrypto.org for up-to-date settings.
|
# every distribution.
|
||||||
|
# See https://github.com/saltstack-formulas/openssh-formula/issues/102 for
|
||||||
|
# a related discussion Have a look at bettercrypto.org for up-to-date
|
||||||
|
# settings.
|
||||||
# These are default values:
|
# These are default values:
|
||||||
|
# yamllint disable-line rule:line-length
|
||||||
SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
|
SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
|
||||||
# Mitigate the CRIME attack
|
# Mitigate the CRIME attack
|
||||||
SSLCompression: Off
|
SSLCompression: 'Off'
|
||||||
SSLProtocol: all -SSLv2 -SSLv3 -TLSv1
|
SSLProtocol: all -SSLv2 -SSLv3 -TLSv1
|
||||||
SSLHonorCipherOrder: On
|
SSLHonorCipherOrder: 'On'
|
||||||
SSLOptions: "+StrictRequire"
|
SSLOptions: "+StrictRequire"
|
||||||
|
|
||||||
|
@ -2,10 +2,10 @@
|
|||||||
# vim: ft=yaml
|
# vim: ft=yaml
|
||||||
---
|
---
|
||||||
apache:
|
apache:
|
||||||
manage_service_states: False
|
manage_service_states: false
|
||||||
mod_security:
|
mod_security:
|
||||||
crs_install: True
|
crs_install: true
|
||||||
manage_config: True
|
manage_config: true
|
||||||
sec_rule_engine: 'On'
|
sec_rule_engine: 'On'
|
||||||
sec_request_body_access: 'On'
|
sec_request_body_access: 'On'
|
||||||
sec_request_body_limit: '14000000'
|
sec_request_body_limit: '14000000'
|
||||||
|
Loading…
Reference in New Issue
Block a user