From 0c3b23c3a3f48f1fbc2e59e76245a847de53ab92 Mon Sep 17 00:00:00 2001 From: "Sridhar K. N. Rao" Date: Sun, 18 Apr 2021 13:39:40 +0530 Subject: [WIP]: Openstack Security Check This patch adds openstack security checking. This is based on https://docs.openstack.org/security-guide/checklist.html Support reading configuration from default file and environment Added reference security.conf Update the Documentation. Update index to include security Fix bug reported by Parth, and another. JIRA: CIRV-49 Signed-off-by: Sridhar K. N. Rao Change-Id: I72579a861409c3aaf464f44f0cdc24dc33cd4345 --- sdv/docker/sdvsecurity/nfvsec/conf/01_horizon.conf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 sdv/docker/sdvsecurity/nfvsec/conf/01_horizon.conf (limited to 'sdv/docker/sdvsecurity/nfvsec/conf/01_horizon.conf') diff --git a/sdv/docker/sdvsecurity/nfvsec/conf/01_horizon.conf b/sdv/docker/sdvsecurity/nfvsec/conf/01_horizon.conf new file mode 100644 index 0000000..e184143 --- /dev/null +++ b/sdv/docker/sdvsecurity/nfvsec/conf/01_horizon.conf @@ -0,0 +1,16 @@ + +HORIZON_DICT_KEYS = ['DISALLOW_IFRAME_EMBED', 'CSRF_COOKIE_SECURE', + 'SESSION_COOKIE_SECURE', 'SESSION_COOKIE_HTTPONLY', + 'PASSWORD_AUTOCOMPLETE', 'DISABLE_PASSWORD_REVEAL', + 'ENFORCE_PASSWORD_CHECK', 'PASSWORD_VALIDATOR', + 'SECURE_PROXY_SSL_HEADER'] + +HORIZON_LOCAL_SETTINGS = "/etc/openstack-dashboard/local_settings" + +HOP_FILES = ['/etc/openstack-dashboard/local_settings'] + +HORIZON_APACHE_FILES = ['/etc/openstack-dashboard/local_setting', + '/etc/openstack-dashboard/nova_policy.json', + '/etc/openstack-dashboard/cinder_policy.json', + '/etc/openstack-dashboard/keystone_policy.json', + '/etc/openstack-dashboard/neutron_policy.json'] -- cgit 1.2.3-korg