9662e8b4ab
* Feature (rhel7/httpd 2.4) : hardening apache and code refactoring * remove hard returns * Add default Listen 80 in httpd.conf In case there no vhosts defined in pillar httpd will listen on port 80. Without this default it will not start * empty file autoindex.conf instead of deleting it * explicit hardening items and references from CIS * add #3.5 hardening rule * explain CIS recommendations categories * add dependencies before start service * add recommendation #7.1 Install mod_ssl * link in readme to hardening doc
138 lines
3.2 KiB
YAML
138 lines
3.2 KiB
YAML
# -*- coding: utf-8 -*-
|
|
# vim: ft=yaml
|
|
|
|
Debian:
|
|
server: apache2
|
|
service: apache2
|
|
user: www-data
|
|
group: www-data
|
|
configfile: /etc/apache2/apache2.conf
|
|
portsfile: /etc/apache2/ports.conf
|
|
|
|
mod_wsgi: libapache2-mod-wsgi
|
|
mod_php5: libapache2-mod-php5
|
|
mod_perl2: libapache2-mod-perl2
|
|
mod_fcgid: libapache2-mod-fcgid
|
|
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
|
|
mod_xsendfile: libapache2-mod-xsendfile
|
|
mod_fastcgi: libapache2-mod-fastcgi
|
|
mod_geoip: libapache2-mod-geoip
|
|
mod_geoip_database: geoip-database
|
|
|
|
vhostdir: /etc/apache2/sites-available
|
|
confdir: /etc/apache2/conf-available
|
|
confext: .conf
|
|
default_site: default
|
|
default_site_ssl: default-ssl
|
|
logdir: /var/log/apache2
|
|
logrotatedir: /etc/logrotate.d/apache2
|
|
wwwdir: /srv
|
|
|
|
RedHat:
|
|
server: httpd
|
|
service: httpd
|
|
user: apache
|
|
group: apache
|
|
configfile: /etc/httpd/conf/httpd.conf
|
|
|
|
mod_ssl: mod_ssl
|
|
mod_wsgi: mod_wsgi
|
|
conf_mod_wsgi: /etc/httpd/conf.d/wsgi.conf
|
|
mod_php5: php
|
|
mod_fcgid: mod_fcgid
|
|
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm
|
|
mod_geoip: mod_geoip
|
|
mod_geoip_database: GeoIP
|
|
|
|
vhostdir: /etc/httpd/vhosts.d
|
|
vhostdir_ng: /etc/httpd/conf.d
|
|
confdir: /etc/httpd/conf.d
|
|
confext: .conf
|
|
default_site: default
|
|
default_site_ssl: default-ssl
|
|
logdir: /var/log/httpd
|
|
logrotatedir: /etc/logrotate.d/httpd
|
|
wwwdir: /var/www
|
|
default_charset: UTF-8
|
|
use_require: False
|
|
moddir: /etc/httpd/conf.modules.d
|
|
|
|
Gentoo:
|
|
server: www-servers/apache
|
|
service: apache2
|
|
user: apache
|
|
group: apache
|
|
configfile: /etc/apache2/httpd.conf
|
|
|
|
mod_wsgi: www-apache/mod_wsgi
|
|
mod_fcgid: www-apache/mod_fcgid
|
|
|
|
vhostdir: /etc/apache2/vhosts.d
|
|
confdir: /etc/conf.d/apache2
|
|
confext: .conf
|
|
default_site: default
|
|
default_site_ssl: default-ssl
|
|
logdir: /var/log/apache2
|
|
logrotatedir: /etc/logrotate.d/apache2
|
|
wwwdir: /var/www
|
|
|
|
Suse:
|
|
server: apache2
|
|
service: apache2
|
|
user: wwwrun
|
|
group: www
|
|
configfile: /etc/apache2/httpd.conf
|
|
|
|
mod_wsgi: apache2-mod_wsgi
|
|
mod_php5: apache2-mod_php5
|
|
mod_fcgid: apache2-mod_fcgid
|
|
|
|
vhostdir: /etc/apache2/vhosts.d
|
|
confdir: /etc/apache2/conf.d
|
|
confext: .conf
|
|
default_site: vhost.template
|
|
default_site_ssl: vhost-ssl.template
|
|
logdir: /var/log/apache2
|
|
wwwdir: /srv/www
|
|
|
|
FreeBSD:
|
|
server: apache24
|
|
service: apache24
|
|
user: www
|
|
group: www
|
|
configfile: /usr/local/etc/apache24/httpd.conf
|
|
portsfile: /usr/local/etc/apache24/ports.conf
|
|
|
|
mod_php5: mod_php56
|
|
mod_perl2: ap24-mod_perl2
|
|
mod_wsgi: ap24-mod_wsgi3
|
|
|
|
vhostdir: /usr/local/etc/apache24/Includes
|
|
confdir: /usr/local/etc/apache24/extra
|
|
modulesdir: /usr/local/etc/apache24/modules.d
|
|
global_document_root: /usr/local/www/apache24/data
|
|
|
|
confext:
|
|
default_site: default
|
|
default_site_ssl: default-ssl
|
|
logdir: /var/log/
|
|
wwwdir: /usr/local/www/apache24/
|
|
|
|
Arch:
|
|
server: apache
|
|
service: httpd
|
|
user: http
|
|
group: http
|
|
configfile: /etc/httpd/conf/httpd.conf
|
|
|
|
mod_wsgi: mod_wsgi
|
|
|
|
vhostdir: /etc/httpd/conf/vhosts
|
|
confdir: /etc/httpd/conf/extra
|
|
modulesdir: /usr/lib/httpd/modules
|
|
confext: .conf
|
|
logdir: /var/log/httpd
|
|
wwwdir: /srv/http
|
|
default_site: default
|
|
default_site_ssl: default-ssl
|