saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
226eea5756
firewalld-formula/firewalld/config.sls

31 lines
812 B
Plaintext
Raw Normal View History

improvements to formula with defaults.yaml
2016-01-19 22:15:08 +01:00
# == State: firewalld._config
#
# This state configures firewalld.
#
{% from "firewalld/map.jinja" import firewalld with context %}
directory_firewalld:
file.directory: # make sure this is a directory
- name: /etc/firewalld
- user: root
- group: root
- mode: 750
- require:
- pkg: package_firewalld # make sure package is installed
config_firewalld:
file.managed:
- name: /etc/firewalld/firewalld.conf
- user: root
- group: root
Default file permission for firewalld.conf is 644 not 640 (CentOS). Even if I think that "others" don't need to read that, it always shows up as file with non-default permissions from default rpm package in security scans. e.g. "rpm -Va |grep ^.M" or more salty way: "salt '*' pkg.verify" / salt '*' pkg.modified firewalld mode=True; manual fix e.g. rpm --setperms firewalld-*.el7.noarch
2017-12-28 02:45:05 +01:00
- mode: 644
improvements to formula with defaults.yaml
2016-01-19 22:15:08 +01:00
- source: salt://firewalld/files/firewalld.conf
- template: jinja
- require:
- pkg: package_firewalld # make sure package is installed
- file: directory_firewalld
Reload, rather than restart, the FirewallD service
2017-03-10 20:14:51 +01:00
- require_in:
- service: service_firewalld
- watch_in:
- cmd: reload_firewalld # reload firewalld config
Reference in New Issue Copy Permalink