aboutsummaryrefslogtreecommitdiffstats
path: root/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/config.py
diff options
context:
space:
mode:
Diffstat (limited to 'charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/config.py')
-rw-r--r--charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/config.py100
1 files changed, 0 insertions, 100 deletions
diff --git a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/config.py b/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/config.py
deleted file mode 100644
index 8249ca0..0000000
--- a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/config.py
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright 2016 Canonical Limited.
-#
-# This file is part of charm-helpers.
-#
-# charm-helpers is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License version 3 as
-# published by the Free Software Foundation.
-#
-# charm-helpers is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.
-
-import os
-import re
-import subprocess
-
-
-from charmhelpers.core.hookenv import (
- log,
- INFO,
-)
-from charmhelpers.contrib.hardening.audits.file import (
- FilePermissionAudit,
- DirectoryPermissionAudit,
- NoReadWriteForOther,
- TemplatedFile,
-)
-from charmhelpers.contrib.hardening.audits.apache import DisabledModuleAudit
-from charmhelpers.contrib.hardening.apache import TEMPLATES_DIR
-from charmhelpers.contrib.hardening import utils
-
-
-def get_audits():
- """Get Apache hardening config audits.
-
- :returns: dictionary of audits
- """
- if subprocess.call(['which', 'apache2'], stdout=subprocess.PIPE) != 0:
- log("Apache server does not appear to be installed on this node - "
- "skipping apache hardening", level=INFO)
- return []
-
- context = ApacheConfContext()
- settings = utils.get_settings('apache')
- audits = [
- FilePermissionAudit(paths='/etc/apache2/apache2.conf', user='root',
- group='root', mode=0o0640),
-
- TemplatedFile(os.path.join(settings['common']['apache_dir'],
- 'mods-available/alias.conf'),
- context,
- TEMPLATES_DIR,
- mode=0o0755,
- user='root',
- service_actions=[{'service': 'apache2',
- 'actions': ['restart']}]),
-
- TemplatedFile(os.path.join(settings['common']['apache_dir'],
- 'conf-enabled/hardening.conf'),
- context,
- TEMPLATES_DIR,
- mode=0o0640,
- user='root',
- service_actions=[{'service': 'apache2',
- 'actions': ['restart']}]),
-
- DirectoryPermissionAudit(settings['common']['apache_dir'],
- user='root',
- group='root',
- mode=0o640),
-
- DisabledModuleAudit(settings['hardening']['modules_to_disable']),
-
- NoReadWriteForOther(settings['common']['apache_dir']),
- ]
-
- return audits
-
-
-class ApacheConfContext(object):
- """Defines the set of key/value pairs to set in a apache config file.
-
- This context, when called, will return a dictionary containing the
- key/value pairs of setting to specify in the
- /etc/apache/conf-enabled/hardening.conf file.
- """
- def __call__(self):
- settings = utils.get_settings('apache')
- ctxt = settings['hardening']
-
- out = subprocess.check_output(['apache2', '-v'])
- ctxt['apache_version'] = re.search(r'.+version: Apache/(.+?)\s.+',
- out).group(1)
- ctxt['apache_icondir'] = '/usr/share/apache2/icons/'
- ctxt['traceenable'] = settings['hardening']['traceenable']
- return ctxt