7d42f6e060
Install apparmor profile for ceph-osd processes, and provide associated configuration option to place any ceph-osd processes into enforce, complain, or disable apparmor profile mode. As this is the first release of this feature, default to disabled and allow charm users to test and provide feedback for this release. Change-Id: I4524c587ac70de13aa3a0cb912033e6eb44b0403 |
||
---|---|---|
.. | ||
apache | ||
audits | ||
defaults | ||
host | ||
mysql | ||
ssh | ||
README.hardening.md | ||
__init__.py | ||
harden.py | ||
templating.py | ||
utils.py |
README.hardening.md
Juju charm-helpers hardening library
Description
This library provides multiple implementations of system and application hardening that conform to the standards of http://hardening.io/.
Current implementations include:
- OS
- SSH
- MySQL
- Apache
Requirements
- Juju Charms
Usage
-
Synchronise this library into your charm and add the harden() decorator (from contrib.hardening.harden) to any functions or methods you want to use to trigger hardening of your application/system.
-
Add a config option called 'harden' to your charm config.yaml and set it to a space-delimited list of hardening modules you want to run e.g. "os ssh"
-
Override any config defaults (contrib.hardening.defaults) by adding a file called hardening.yaml to your charm root containing the name(s) of the modules whose settings you want override at root level and then any settings with overrides e.g.
os: general: desktop_enable: True
-
Now just run your charm as usual and hardening will be applied each time the hook runs.