9662e8b4ab
* Feature (rhel7/httpd 2.4) : hardening apache and code refactoring * remove hard returns * Add default Listen 80 in httpd.conf In case there no vhosts defined in pillar httpd will listen on port 80. Without this default it will not start * empty file autoindex.conf instead of deleting it * explicit hardening items and references from CIS * add #3.5 hardening rule * explain CIS recommendations categories * add dependencies before start service * add recommendation #7.1 Install mod_ssl * link in readme to hardening doc
41 lines
1.2 KiB
Django/Jinja
41 lines
1.2 KiB
Django/Jinja
#
|
|
# This file is managed by Salt! Do not edit by hand!
|
|
#
|
|
{%- from "apache/map.jinja" import apache with context %}
|
|
{%- import_yaml "apache/hardening-values.yaml" as hardening_values %}
|
|
{%- from "apache/lib.sls" import directives_output, container_output with context %}
|
|
|
|
{%- set list_interfaces_ports = [] %}
|
|
{%- for name, vhost in salt['pillar.get']('apache:VirtualHost', {}).items() %}
|
|
{%- set items = vhost.item.split() %}
|
|
{%- for item in items if item not in list_interfaces_ports %}
|
|
{%- do list_interfaces_ports.append(item) %}
|
|
{%- endfor %}
|
|
{%- endfor %}
|
|
|
|
{%- for item in list_interfaces_ports %}
|
|
Listen {{ item }}
|
|
{% else %}
|
|
Listen *:80
|
|
{%- endfor %}
|
|
|
|
{{ directives_output(server_config, 0) }}
|
|
|
|
Include conf.modules.d/*.conf
|
|
|
|
User {{ apache.user }}
|
|
Group {{ apache.group }}
|
|
|
|
|
|
{%- for container_name, container_data_list in server_config.get('containers', {}).items() %}
|
|
{%- for container_data in container_data_list %}
|
|
{{ container_output(container_name, container_data) }}
|
|
{%- endfor %}
|
|
{%- endfor %}
|
|
|
|
|
|
IncludeOptional {{ apache.confdir }}/*.conf
|
|
{%- if apache.vhostdir_ng != apache.confdir %}
|
|
IncludeOptional {{ apache.vhostdir_ng }}/*.conf
|
|
{%- endif %}
|