apache-formula/apache/osfamilymap.yaml
karim Hamza 9662e8b4ab Feature (rhel7/httpd 2.4) : hardening apache and code refactoring (#251)
* Feature (rhel7/httpd 2.4) : hardening apache and code refactoring

* remove hard returns

* Add default Listen 80 in httpd.conf

In case there no vhosts defined in pillar httpd will listen on port 80.
 Without this default it will not start

* empty file autoindex.conf instead of deleting it

* explicit hardening items and references from CIS

* add #3.5 hardening rule

* explain CIS recommendations categories

* add dependencies before start service

* add recommendation #7.1 Install mod_ssl

* link in readme to hardening doc
2019-02-22 10:10:30 +01:00

138 lines
3.2 KiB
YAML

# -*- coding: utf-8 -*-
# vim: ft=yaml
Debian:
server: apache2
service: apache2
user: www-data
group: www-data
configfile: /etc/apache2/apache2.conf
portsfile: /etc/apache2/ports.conf
mod_wsgi: libapache2-mod-wsgi
mod_php5: libapache2-mod-php5
mod_perl2: libapache2-mod-perl2
mod_fcgid: libapache2-mod-fcgid
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
mod_xsendfile: libapache2-mod-xsendfile
mod_fastcgi: libapache2-mod-fastcgi
mod_geoip: libapache2-mod-geoip
mod_geoip_database: geoip-database
vhostdir: /etc/apache2/sites-available
confdir: /etc/apache2/conf-available
confext: .conf
default_site: default
default_site_ssl: default-ssl
logdir: /var/log/apache2
logrotatedir: /etc/logrotate.d/apache2
wwwdir: /srv
RedHat:
server: httpd
service: httpd
user: apache
group: apache
configfile: /etc/httpd/conf/httpd.conf
mod_ssl: mod_ssl
mod_wsgi: mod_wsgi
conf_mod_wsgi: /etc/httpd/conf.d/wsgi.conf
mod_php5: php
mod_fcgid: mod_fcgid
mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm
mod_geoip: mod_geoip
mod_geoip_database: GeoIP
vhostdir: /etc/httpd/vhosts.d
vhostdir_ng: /etc/httpd/conf.d
confdir: /etc/httpd/conf.d
confext: .conf
default_site: default
default_site_ssl: default-ssl
logdir: /var/log/httpd
logrotatedir: /etc/logrotate.d/httpd
wwwdir: /var/www
default_charset: UTF-8
use_require: False
moddir: /etc/httpd/conf.modules.d
Gentoo:
server: www-servers/apache
service: apache2
user: apache
group: apache
configfile: /etc/apache2/httpd.conf
mod_wsgi: www-apache/mod_wsgi
mod_fcgid: www-apache/mod_fcgid
vhostdir: /etc/apache2/vhosts.d
confdir: /etc/conf.d/apache2
confext: .conf
default_site: default
default_site_ssl: default-ssl
logdir: /var/log/apache2
logrotatedir: /etc/logrotate.d/apache2
wwwdir: /var/www
Suse:
server: apache2
service: apache2
user: wwwrun
group: www
configfile: /etc/apache2/httpd.conf
mod_wsgi: apache2-mod_wsgi
mod_php5: apache2-mod_php5
mod_fcgid: apache2-mod_fcgid
vhostdir: /etc/apache2/vhosts.d
confdir: /etc/apache2/conf.d
confext: .conf
default_site: vhost.template
default_site_ssl: vhost-ssl.template
logdir: /var/log/apache2
wwwdir: /srv/www
FreeBSD:
server: apache24
service: apache24
user: www
group: www
configfile: /usr/local/etc/apache24/httpd.conf
portsfile: /usr/local/etc/apache24/ports.conf
mod_php5: mod_php56
mod_perl2: ap24-mod_perl2
mod_wsgi: ap24-mod_wsgi3
vhostdir: /usr/local/etc/apache24/Includes
confdir: /usr/local/etc/apache24/extra
modulesdir: /usr/local/etc/apache24/modules.d
global_document_root: /usr/local/www/apache24/data
confext:
default_site: default
default_site_ssl: default-ssl
logdir: /var/log/
wwwdir: /usr/local/www/apache24/
Arch:
server: apache
service: httpd
user: http
group: http
configfile: /etc/httpd/conf/httpd.conf
mod_wsgi: mod_wsgi
vhostdir: /etc/httpd/conf/vhosts
confdir: /etc/httpd/conf/extra
modulesdir: /usr/lib/httpd/modules
confext: .conf
logdir: /var/log/httpd
wwwdir: /srv/http
default_site: default
default_site_ssl: default-ssl