From b2ad14d45611d8b808cebcf4fedd3d83fe3f2500 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Tue, 20 Jun 2017 10:18:30 +0100 Subject: [PATCH] added all file controls --- manifests/params.pp | 5 ++- manifests/server/files.pp | 39 +++++++++++++++++++- templates/autoindex_conf.erb | 11 ++++-- templates/magic.erb | 26 ++++++++----- templates/ssl_conf.erb | 4 ++ templates/{userdir.conf => userdir_conf.erb} | 10 ++++- 6 files changed, 77 insertions(+), 18 deletions(-) rename templates/{userdir.conf => userdir_conf.erb} (71%) diff --git a/manifests/params.pp b/manifests/params.pp index 0fdaeab..86cc938 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -37,7 +37,7 @@ $ae_user_shell = '/bin/false', # configuration files $ae_manage_cfg = false, $ae_manage_dirs = true, - +$ae_allow_user_dirs = false, ) { @@ -74,6 +74,9 @@ $ae_magic_file_erb = 'cd_apache/magic.erb' $ae_ssl_file = "${ae_conf_d_dir}/ssl.conf" $ae_ssl_file_erb = 'cd_apache/ssl_conf.erb' $ae_autoindex_file = "${ae_conf_d_dir}/autoindex.conf" +$ae_autoindex_erb = 'cd_apache/autoindex_conf.erb' +$ae_userdir_file = "${ae_conf_d_dir}/userdir.conf" +$ae_userdir_erb = 'cd_apache/userdir_conf.erb' # includes must be last diff --git a/manifests/server/files.pp b/manifests/server/files.pp index fc22a7a..0741bba 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -48,7 +48,7 @@ class cd_apache::server::files ( # manage magic file - file { $ae_magic_file: + file { $ae_magic_file: ensure => file, path => $ae_magic_file, owner => 'root', @@ -64,7 +64,7 @@ class cd_apache::server::files ( # manage main ssl config file - file { $ae_ssl_file: + file { $ae_ssl_file: ensure => file, path => $ae_ssl_file, owner => 'root', @@ -78,4 +78,39 @@ class cd_apache::server::files ( notify => Service['httpd'], } + # manage autoindex.conf + + file { $ae_autoindex_file: + ensure => file, + path => $ae_autoindex_file, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ae_autoindex_erb), + notify => Service['httpd'], + } + + if $ae_allow_user_dirs == true { + + # manage userdir.conf + + file { $ae_userdir_file: + ensure => file, + path => $ae_userdir_file, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ae_userdir_erb), + notify => Service['httpd'], + } + } + } } diff --git a/templates/autoindex_conf.erb b/templates/autoindex_conf.erb index a85cf5d..cf90141 100644 --- a/templates/autoindex_conf.erb +++ b/templates/autoindex_conf.erb @@ -1,4 +1,10 @@ -# +################################################################################ +## autoindex.conf generated by puppet - manual changed will be overwritten ## +################################################################################ +########## full reference file is available under ########### +##### https://confdroid.com/2017/06/apache-autoindex-conf-v-2-4/ ##### +################################################################################ + # Directives controlling the display of server-generated directory listings. # # Required modules: mod_authz_core, mod_authz_host, @@ -82,7 +88,7 @@ DefaultIcon /icons/unknown.gif # default, and append to directory listings. # # HeaderName is the name of a file which should be prepended to -# directory indexes. +# directory indexes. ReadmeName README.html HeaderName HEADER.html @@ -91,4 +97,3 @@ HeaderName HEADER.html # and not include in the listing. Shell-style wildcarding is permitted. # IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - diff --git a/templates/magic.erb b/templates/magic.erb index 7c56119..f06e39b 100644 --- a/templates/magic.erb +++ b/templates/magic.erb @@ -1,3 +1,10 @@ +################################################################################ +## magic file generated by puppet - manual changed will be overwritten ## +################################################################################ +########## full reference file is available under ########### +########## https://confdroid.com/2017/06/apache-magic-v-2-4/ ########### +################################################################################ + # Magic data for mod_mime_magic Apache module (originally for file(1) command) # The module is described in /manual/mod/mod_mime_magic.html # @@ -43,7 +50,7 @@ # DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format # that uses little-endian encoding and has a different magic number # (0x0064732E in little-endian encoding). -0 lelong 0x0064732E +0 lelong 0x0064732E >12 lelong 1 audio/x-dec-basic >12 lelong 2 audio/x-dec-basic >12 lelong 3 audio/x-dec-basic @@ -56,23 +63,23 @@ # Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" # AIFF audio data -8 string AIFF audio/x-aiff +8 string AIFF audio/x-aiff # AIFF-C audio data -8 string AIFC audio/x-aiff +8 string AIFC audio/x-aiff # IFF/8SVX audio data -8 string 8SVX audio/x-aiff +8 string 8SVX audio/x-aiff # Creative Labs AUDIO stuff # Standard MIDI data -0 string MThd audio/unknown +0 string MThd audio/unknown #>9 byte >0 (format %d) #>11 byte >1 using %d channels # Creative Music (CMF) data -0 string CTMF audio/unknown +0 string CTMF audio/unknown # SoundBlaster instrument data -0 string SBI audio/unknown +0 string SBI audio/unknown # Creative Labs voice data -0 string Creative\ Voice\ File audio/unknown +0 string Creative\ Voice\ File audio/unknown ## is this next line right? it came this way... #>19 byte 0x1A #>23 byte >0 - version %d @@ -337,7 +344,7 @@ #0 string \367\203 TeX generic font data #0 string \367\131 TeX packed font data #0 string \367\312 TeX virtual font data -#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ TeX, TeX transcript text #0 string This\ is\ METAFONT, METAFONT transcript text # There is no way to detect TeX Font Metric (*.tfm) files without @@ -382,4 +389,3 @@ # from Apple quicktime file format documentation. 4 string moov video/quicktime 4 string mdat video/quicktime - diff --git a/templates/ssl_conf.erb b/templates/ssl_conf.erb index 5369289..f9182e0 100644 --- a/templates/ssl_conf.erb +++ b/templates/ssl_conf.erb @@ -1,6 +1,10 @@ ################################################################################ ##### ssl.conf generated by puppet - manual changed will be overwritten ##### ################################################################################ +########## full reference file is available under ########### +########## https://confdroid.com/2017/06/apache-ssl-conf-v-2-4/ ########### +################################################################################ + # When we also provide SSL we have to listen to the # the HTTPS port in addition. # diff --git a/templates/userdir.conf b/templates/userdir_conf.erb similarity index 71% rename from templates/userdir.conf rename to templates/userdir_conf.erb index b5d7a49..7335b91 100644 --- a/templates/userdir.conf +++ b/templates/userdir_conf.erb @@ -1,3 +1,10 @@ +################################################################################ +## userdir.conf generated by puppet - manual changed will be overwritten ## +################################################################################ +########## full reference file is available under ########### +##### https://confdroid.com/2017/06/apache-userdir-conf-v-2-4/ ########### +################################################################################ + # # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. @@ -20,7 +27,7 @@ # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disabled" line above, and uncomment # the following line instead: - # + # #UserDir public_html @@ -33,4 +40,3 @@ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS -