6 files changed, 0 insertions, 199 deletions
diff --git a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/__init__.py b/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/__init__.py
deleted file mode 100644
index 277b8c7..0000000
--- a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/__init__.py
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright 2016 Canonical Limited.
-#
-# This file is part of charm-helpers.
-#
-# charm-helpers is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License version 3 as
-# published by the Free Software Foundation.
-#
-# charm-helpers is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
-
-from os import path
-
-TEMPLATES_DIR = path.join(path.dirname(__file__), 'templates')
diff --git a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/__init__.py b/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/__init__.py
deleted file mode 100644
index d130479..0000000
--- a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/__init__.py
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright 2016 Canonical Limited.
-#
-# This file is part of charm-helpers.
-#
-# charm-helpers is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License version 3 as
-# published by the Free Software Foundation.
-#
-# charm-helpers is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
-
-from charmhelpers.core.hookenv import (
-    log,
-    DEBUG,
-)
-from charmhelpers.contrib.hardening.apache.checks import config
-
-
-def run_apache_checks():
-    log("Starting Apache hardening checks.", level=DEBUG)
-    checks = config.get_audits()
-    for check in checks:
-        log("Running '%s' check" % (check.__class__.__name__), level=DEBUG)
-        check.ensure_compliance()
-
-    log("Apache hardening checks complete.", level=DEBUG)
diff --git a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/config.py b/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/config.py
deleted file mode 100644
index 8249ca0..0000000
--- a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/checks/config.py
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright 2016 Canonical Limited.
-#
-# This file is part of charm-helpers.
-#
-# charm-helpers is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License version 3 as
-# published by the Free Software Foundation.
-#
-# charm-helpers is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
-
-import os
-import re
-import subprocess
-
-
-from charmhelpers.core.hookenv import (
-    log,
-    INFO,
-)
-from charmhelpers.contrib.hardening.audits.file import (
-    FilePermissionAudit,
-    DirectoryPermissionAudit,
-    NoReadWriteForOther,
-    TemplatedFile,
-)
-from charmhelpers.contrib.hardening.audits.apache import DisabledModuleAudit
-from charmhelpers.contrib.hardening.apache import TEMPLATES_DIR
-from charmhelpers.contrib.hardening import utils
-
-
-def get_audits():
-    """Get Apache hardening config audits.
-
-    :returns:  dictionary of audits
-    """
-    if subprocess.call(['which', 'apache2'], stdout=subprocess.PIPE) != 0:
-        log("Apache server does not appear to be installed on this node - "
-            "skipping apache hardening", level=INFO)
-        return []
-
-    context = ApacheConfContext()
-    settings = utils.get_settings('apache')
-    audits = [
-        FilePermissionAudit(paths='/etc/apache2/apache2.conf', user='root',
-                            group='root', mode=0o0640),
-
-        TemplatedFile(os.path.join(settings['common']['apache_dir'],
-                                   'mods-available/alias.conf'),
-                      context,
-                      TEMPLATES_DIR,
-                      mode=0o0755,
-                      user='root',
-                      service_actions=[{'service': 'apache2',
-                                        'actions': ['restart']}]),
-
-        TemplatedFile(os.path.join(settings['common']['apache_dir'],
-                                   'conf-enabled/hardening.conf'),
-                      context,
-                      TEMPLATES_DIR,
-                      mode=0o0640,
-                      user='root',
-                      service_actions=[{'service': 'apache2',
-                                        'actions': ['restart']}]),
-
-        DirectoryPermissionAudit(settings['common']['apache_dir'],
-                                 user='root',
-                                 group='root',
-                                 mode=0o640),
-
-        DisabledModuleAudit(settings['hardening']['modules_to_disable']),
-
-        NoReadWriteForOther(settings['common']['apache_dir']),
-    ]
-
-    return audits
-
-
-class ApacheConfContext(object):
-    """Defines the set of key/value pairs to set in a apache config file.
-
-    This context, when called, will return a dictionary containing the
-    key/value pairs of setting to specify in the
-    /etc/apache/conf-enabled/hardening.conf file.
-    """
-    def __call__(self):
-        settings = utils.get_settings('apache')
-        ctxt = settings['hardening']
-
-        out = subprocess.check_output(['apache2', '-v'])
-        ctxt['apache_version'] = re.search(r'.+version: Apache/(.+?)\s.+',
-                                           out).group(1)
-        ctxt['apache_icondir'] = '/usr/share/apache2/icons/'
-        ctxt['traceenable'] = settings['hardening']['traceenable']
-        return ctxt
diff --git a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/templates/__init__.py b/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/templates/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/templates/__init__.py
+++ /dev/null
diff --git a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/templates/alias.conf b/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/templates/alias.conf
deleted file mode 100644
index e46a58a..0000000
--- a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/templates/alias.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-###############################################################################
-# WARNING: This configuration file is maintained by Juju. Local changes may
-#          be overwritten.
-###############################################################################
-<IfModule alias_module>
-  #
-  # Aliases: Add here as many aliases as you need (with no limit). The format is
-  # Alias fakename realname
-  #
-  # Note that if you include a trailing / on fakename then the server will
-  # require it to be present in the URL.  So "/icons" isn't aliased in this
-  # example, only "/icons/".  If the fakename is slash-terminated, then the
-  # realname must also be slash terminated, and if the fakename omits the
-  # trailing slash, the realname must also omit it.
-  #
-  # We include the /icons/ alias for FancyIndexed directory listings.  If
-  # you do not use FancyIndexing, you may comment this out.
-  #
-  Alias /icons/ "{{ apache_icondir }}/"
-
-  <Directory "{{ apache_icondir }}">
-    Options -Indexes -MultiViews -FollowSymLinks
-    AllowOverride None
-{% if apache_version == '2.4' -%}
-    Require all granted
-{% else -%}
-    Order allow,deny
-    Allow from all
-{% endif %}
-  </Directory>
-</IfModule>
diff --git a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/templates/hardening.conf b/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/templates/hardening.conf
deleted file mode 100644
index 0794541..0000000
--- a/charms/trusty/ceilometer/charmhelpers/contrib/hardening/apache/templates/hardening.conf
+++ /dev/null
@@ -1,18 +0,0 @@
-###############################################################################
-# WARNING: This configuration file is maintained by Juju. Local changes may
-#          be overwritten.
-###############################################################################
-
-<Location / >
-  <LimitExcept {{ allowed_http_methods }} > 
-    # http://httpd.apache.org/docs/2.4/upgrading.html
-    {% if apache_version > '2.2' -%}
-    Require all granted
-    {% else -%}
-    Order Allow,Deny 
-    Deny from all 
-    {% endif %}
-  </LimitExcept>
-</Location>
-
-TraceEnable {{ traceenable }}