9d3bb3e3d0
Add support for rabbitmq using the certificates relation to secure traffic with clients. Support for users supplying their own certs and for rabbit acting as its own Certificate Authority should be unchanged. The follwoing additional changes were needed: * Charm helper sync * Update rabbit to use get_relation_ip from charm helpers which is the standard helper for calculating endpoint ip addresses. * Create network helpers file to avoid circular dependancies. Change-Id: Ie60893e660efe1f8b0a0d42aaaecfbd9aae6f97c |
||
|---|---|---|
| .. | ||
| apache | ||
| audits | ||
| defaults | ||
| host | ||
| mysql | ||
| ssh | ||
| README.hardening.md | ||
| __init__.py | ||
| harden.py | ||
| templating.py | ||
| utils.py | ||
README.hardening.md
Juju charm-helpers hardening library
Description
This library provides multiple implementations of system and application hardening that conform to the standards of http://hardening.io/.
Current implementations include:
- OS
- SSH
- MySQL
- Apache
Requirements
- Juju Charms
Usage
-
Synchronise this library into your charm and add the harden() decorator (from contrib.hardening.harden) to any functions or methods you want to use to trigger hardening of your application/system.
-
Add a config option called 'harden' to your charm config.yaml and set it to a space-delimited list of hardening modules you want to run e.g. "os ssh"
-
Override any config defaults (contrib.hardening.defaults) by adding a file called hardening.yaml to your charm root containing the name(s) of the modules whose settings you want override at root level and then any settings with overrides e.g.
os: general: desktop_enable: True
-
Now just run your charm as usual and hardening will be applied each time the hook runs.