← Back to branch summary

~openstack-charmers-next/charms/xenial/swift-storage/trunk

~openstack-charmers-next/charms/xenial/swift-storage/trunk

« back to all changes in this revision

Viewing changes to charmhelpers/contrib/hardening/ssh/checks/__init__.py

Committer: Edward Hope-Morley
Date: 2016-03-24 11:11:58 UTC
Revision ID: edward.hope-morley@canonical.com-20160324111158-4whr78jd2v9yihw2

Add hardening support

Add charmhelpers.contrib.hardening and calls to install,
config-changed, upgrade-charm and update-status hooks.
Also add new config option to allow one or more hardening
modules to be applied at runtime.

Change-Id: If0d1e10b58ed506e0aca659f30120b8d5c96c04f

files added:
charmhelpers/contrib/hardening

charmhelpers/contrib/hardening/README.hardening.md

charmhelpers/contrib/hardening/__init__.py

charmhelpers/contrib/hardening/apache

charmhelpers/contrib/hardening/apache/__init__.py

charmhelpers/contrib/hardening/apache/checks

charmhelpers/contrib/hardening/apache/checks/__init__.py

charmhelpers/contrib/hardening/apache/checks/config.py

charmhelpers/contrib/hardening/apache/templates

charmhelpers/contrib/hardening/apache/templates/__init__.py

charmhelpers/contrib/hardening/apache/templates/alias.conf

charmhelpers/contrib/hardening/apache/templates/hardening.conf

charmhelpers/contrib/hardening/audits

charmhelpers/contrib/hardening/audits/__init__.py

charmhelpers/contrib/hardening/audits/apache.py

charmhelpers/contrib/hardening/audits/apt.py

charmhelpers/contrib/hardening/audits/file.py

charmhelpers/contrib/hardening/defaults

charmhelpers/contrib/hardening/defaults/__init__.py

charmhelpers/contrib/hardening/defaults/apache.yaml

charmhelpers/contrib/hardening/defaults/apache.yaml.schema

charmhelpers/contrib/hardening/defaults/mysql.yaml

charmhelpers/contrib/hardening/defaults/mysql.yaml.schema

charmhelpers/contrib/hardening/defaults/os.yaml

charmhelpers/contrib/hardening/defaults/os.yaml.schema

charmhelpers/contrib/hardening/defaults/ssh.yaml

charmhelpers/contrib/hardening/defaults/ssh.yaml.schema

charmhelpers/contrib/hardening/harden.py

charmhelpers/contrib/hardening/host

charmhelpers/contrib/hardening/host/__init__.py

charmhelpers/contrib/hardening/host/checks

charmhelpers/contrib/hardening/host/checks/__init__.py

charmhelpers/contrib/hardening/host/checks/apt.py

charmhelpers/contrib/hardening/host/checks/limits.py

charmhelpers/contrib/hardening/host/checks/login.py

charmhelpers/contrib/hardening/host/checks/minimize_access.py

charmhelpers/contrib/hardening/host/checks/pam.py

charmhelpers/contrib/hardening/host/checks/profile.py

charmhelpers/contrib/hardening/host/checks/securetty.py

charmhelpers/contrib/hardening/host/checks/suid_sgid.py

charmhelpers/contrib/hardening/host/checks/sysctl.py

charmhelpers/contrib/hardening/host/templates

charmhelpers/contrib/hardening/host/templates/10.hardcore.conf

charmhelpers/contrib/hardening/host/templates/99-juju-hardening.conf

charmhelpers/contrib/hardening/host/templates/__init__.py

charmhelpers/contrib/hardening/host/templates/login.defs

charmhelpers/contrib/hardening/host/templates/modules

charmhelpers/contrib/hardening/host/templates/passwdqc.conf

charmhelpers/contrib/hardening/host/templates/pinerolo_profile.sh

charmhelpers/contrib/hardening/host/templates/securetty

charmhelpers/contrib/hardening/host/templates/tally2

charmhelpers/contrib/hardening/mysql

charmhelpers/contrib/hardening/mysql/__init__.py

charmhelpers/contrib/hardening/mysql/checks

charmhelpers/contrib/hardening/mysql/checks/__init__.py

charmhelpers/contrib/hardening/mysql/checks/config.py

charmhelpers/contrib/hardening/mysql/templates

charmhelpers/contrib/hardening/mysql/templates/__init__.py

charmhelpers/contrib/hardening/mysql/templates/hardening.cnf

charmhelpers/contrib/hardening/ssh

charmhelpers/contrib/hardening/ssh/__init__.py

charmhelpers/contrib/hardening/ssh/checks

charmhelpers/contrib/hardening/ssh/checks/__init__.py

charmhelpers/contrib/hardening/ssh/checks/config.py

charmhelpers/contrib/hardening/ssh/templates

charmhelpers/contrib/hardening/ssh/templates/__init__.py

charmhelpers/contrib/hardening/ssh/templates/ssh_config

charmhelpers/contrib/hardening/ssh/templates/sshd_config

charmhelpers/contrib/hardening/templating.py

charmhelpers/contrib/hardening/utils.py

charmhelpers/contrib/openstack/templates/section-keystone-authtoken-legacy

hardening.yaml

hooks/update-status

files modified:
charm-helpers-hooks.yaml

charmhelpers/contrib/openstack/amulet/utils.py

charmhelpers/contrib/openstack/templates/section-keystone-authtoken

charmhelpers/contrib/storage/linux/ceph.py

config.yaml

hooks/swift_storage_hooks.py

tests/charmhelpers/contrib/amulet/utils.py

tests/charmhelpers/contrib/openstack/amulet/utils.py

unit_tests/test_actions.py

unit_tests/test_actions_openstack_upgrade.py

unit_tests/test_swift_storage_relations.py

Show diffs side-by-side

added added

removed removed

charmhelpers/contrib/hardening/ssh/checks/__init__.py

1

# Copyright 2016 Canonical Limited.

2

#

3

# This file is part of charm-helpers.

4

#

5

# charm-helpers is free software: you can redistribute it and/or modify

6

# it under the terms of the GNU Lesser General Public License version 3 as

7

# published by the Free Software Foundation.

8

#

9

# charm-helpers is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU Lesser General Public License for more details.

13

#

14

# You should have received a copy of the GNU Lesser General Public License

15

# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.

16

17

from charmhelpers.core.hookenv import (

18

log,

19

DEBUG,

20

)

21

from charmhelpers.contrib.hardening.ssh.checks import config

22

23

24

def run_ssh_checks():

25

log("Starting SSH hardening checks.", level=DEBUG)

26

checks = config.get_audits()

27

for check in checks:

28

log("Running '%s' check" % (check.__class__.__name__), level=DEBUG)

29

check.ensure_compliance()

30

31

log("SSH hardening checks complete.", level=DEBUG)

Older »