← Back to branch summary

~openstack-charmers-next/charms/xenial/nova-compute/trunk

~openstack-charmers-next/charms/xenial/nova-compute/trunk

« back to all changes in this revision

Viewing changes to hooks/charmhelpers/contrib/hardening/README.hardening.md

Committer: Edward Hope-Morley
Date: 2016-03-24 11:18:41 UTC
mto: This revision was merged to the branch mainline in revision 211.
Revision ID: edward.hope-morley@canonical.com-20160324111841-99ruo5hjzrpqktlx

Add hardening support

Add charmhelpers.contrib.hardening and calls to install,
config-changed, upgrade-charm and update-status hooks.
Also add new config option to allow one or more hardening
modules to be applied at runtime.

Change-Id: I525c15a14662175f2a68cdcd25a3ab2c92237850

files added:
hardening.yaml

hooks/charmhelpers/contrib/hardening

hooks/charmhelpers/contrib/hardening/README.hardening.md

hooks/charmhelpers/contrib/hardening/__init__.py

hooks/charmhelpers/contrib/hardening/apache

hooks/charmhelpers/contrib/hardening/apache/__init__.py

hooks/charmhelpers/contrib/hardening/apache/checks

hooks/charmhelpers/contrib/hardening/apache/checks/__init__.py

hooks/charmhelpers/contrib/hardening/apache/checks/config.py

hooks/charmhelpers/contrib/hardening/apache/templates

hooks/charmhelpers/contrib/hardening/apache/templates/__init__.py

hooks/charmhelpers/contrib/hardening/apache/templates/alias.conf

hooks/charmhelpers/contrib/hardening/apache/templates/hardening.conf

hooks/charmhelpers/contrib/hardening/audits

hooks/charmhelpers/contrib/hardening/audits/__init__.py

hooks/charmhelpers/contrib/hardening/audits/apache.py

hooks/charmhelpers/contrib/hardening/audits/apt.py

hooks/charmhelpers/contrib/hardening/audits/file.py

hooks/charmhelpers/contrib/hardening/defaults

hooks/charmhelpers/contrib/hardening/defaults/__init__.py

hooks/charmhelpers/contrib/hardening/defaults/apache.yaml

hooks/charmhelpers/contrib/hardening/defaults/apache.yaml.schema

hooks/charmhelpers/contrib/hardening/defaults/mysql.yaml

hooks/charmhelpers/contrib/hardening/defaults/mysql.yaml.schema

hooks/charmhelpers/contrib/hardening/defaults/os.yaml

hooks/charmhelpers/contrib/hardening/defaults/os.yaml.schema

hooks/charmhelpers/contrib/hardening/defaults/ssh.yaml

hooks/charmhelpers/contrib/hardening/defaults/ssh.yaml.schema

hooks/charmhelpers/contrib/hardening/harden.py

hooks/charmhelpers/contrib/hardening/host

hooks/charmhelpers/contrib/hardening/host/__init__.py

hooks/charmhelpers/contrib/hardening/host/checks

hooks/charmhelpers/contrib/hardening/host/checks/__init__.py

hooks/charmhelpers/contrib/hardening/host/checks/apt.py

hooks/charmhelpers/contrib/hardening/host/checks/limits.py

hooks/charmhelpers/contrib/hardening/host/checks/login.py

hooks/charmhelpers/contrib/hardening/host/checks/minimize_access.py

hooks/charmhelpers/contrib/hardening/host/checks/pam.py

hooks/charmhelpers/contrib/hardening/host/checks/profile.py

hooks/charmhelpers/contrib/hardening/host/checks/securetty.py

hooks/charmhelpers/contrib/hardening/host/checks/suid_sgid.py

hooks/charmhelpers/contrib/hardening/host/checks/sysctl.py

hooks/charmhelpers/contrib/hardening/host/templates

hooks/charmhelpers/contrib/hardening/host/templates/10.hardcore.conf

hooks/charmhelpers/contrib/hardening/host/templates/99-juju-hardening.conf

hooks/charmhelpers/contrib/hardening/host/templates/__init__.py

hooks/charmhelpers/contrib/hardening/host/templates/login.defs

hooks/charmhelpers/contrib/hardening/host/templates/modules

hooks/charmhelpers/contrib/hardening/host/templates/passwdqc.conf

hooks/charmhelpers/contrib/hardening/host/templates/pinerolo_profile.sh

hooks/charmhelpers/contrib/hardening/host/templates/securetty

hooks/charmhelpers/contrib/hardening/host/templates/tally2

hooks/charmhelpers/contrib/hardening/mysql

hooks/charmhelpers/contrib/hardening/mysql/__init__.py

hooks/charmhelpers/contrib/hardening/mysql/checks

hooks/charmhelpers/contrib/hardening/mysql/checks/__init__.py

hooks/charmhelpers/contrib/hardening/mysql/checks/config.py

hooks/charmhelpers/contrib/hardening/mysql/templates

hooks/charmhelpers/contrib/hardening/mysql/templates/__init__.py

hooks/charmhelpers/contrib/hardening/mysql/templates/hardening.cnf

hooks/charmhelpers/contrib/hardening/ssh

hooks/charmhelpers/contrib/hardening/ssh/__init__.py

hooks/charmhelpers/contrib/hardening/ssh/checks

hooks/charmhelpers/contrib/hardening/ssh/checks/__init__.py

hooks/charmhelpers/contrib/hardening/ssh/checks/config.py

hooks/charmhelpers/contrib/hardening/ssh/templates

hooks/charmhelpers/contrib/hardening/ssh/templates/__init__.py

hooks/charmhelpers/contrib/hardening/ssh/templates/ssh_config

hooks/charmhelpers/contrib/hardening/ssh/templates/sshd_config

hooks/charmhelpers/contrib/hardening/templating.py

hooks/charmhelpers/contrib/hardening/utils.py

hooks/charmhelpers/contrib/openstack/templates/section-keystone-authtoken-legacy

files modified:
charm-helpers-hooks.yaml

config.yaml

hooks/charmhelpers/contrib/openstack/amulet/utils.py

hooks/charmhelpers/contrib/openstack/templates/section-keystone-authtoken

hooks/charmhelpers/contrib/openstack/utils.py

hooks/charmhelpers/contrib/storage/linux/ceph.py

hooks/charmhelpers/core/hookenv.py

hooks/charmhelpers/core/host.py

hooks/nova_compute_hooks.py

tests/charmhelpers/contrib/amulet/utils.py

tests/charmhelpers/contrib/openstack/amulet/utils.py

unit_tests/test_actions_git_reinstall.py

unit_tests/test_nova_compute_hooks.py

Show diffs side-by-side

added added

removed removed

hooks/charmhelpers/contrib/hardening/README.hardening.md

1

# Juju charm-helpers hardening library

2

3

## Description

4

5

This library provides multiple implementations of system and application

6

hardening that conform to the standards of http://hardening.io/.

7

8

Current implementations include:

9

10

* OS

11

* SSH

12

* MySQL

13

* Apache

14

15

## Requirements

16

17

* Juju Charms

18

19

## Usage

20

21

1. Synchronise this library into your charm and add the harden() decorator

22

(from contrib.hardening.harden) to any functions or methods you want to use

23

to trigger hardening of your application/system.

24

25

2. Add a config option called 'harden' to your charm config.yaml and set it to

26

a space-delimited list of hardening modules you want to run e.g. "os ssh"

27

28

3. Override any config defaults (contrib.hardening.defaults) by adding a file

29

called hardening.yaml to your charm root containing the name(s) of the

30

modules whose settings you want override at root level and then any settings

31

with overrides e.g.

32

33

os:

34

general:

35

desktop_enable: True

36

37

4. Now just run your charm as usual and hardening will be applied each time the

38

hook runs.

Older »