lp://qastaging/~shaner/charm-helpers/lp1712203
- Get this branch:
- bzr branch lp://qastaging/~shaner/charm-helpers/lp1712203
Branch merges
- Alex Kavanagh: Approve
-
Diff: 35 lines (+11/-2)2 files modifiedcharmhelpers/contrib/hardening/audits/apache.py (+2/-2)
tests/contrib/hardening/audits/test_apache_audits.py (+9/-0)
Related bugs
Bug #1712203: apache hardening DisabledModuleAudit doesn't work | Undecided | Fix Released |
Related blueprints
Branch information
Recent revisions
- 786. By Shane Peters
-
[shaner,r=] Fixes parsing of currently loaded apache modules
When hardening apache, the returned list of currently
enabled modules is always empty.This change splits on linefeeds from the output of
'apachectl -M' instead of spaces which allows the
regex to match.Since the returned list of modules could potentitialy
be used as input to '_disable_module' the regex was tweaked
to truncate the module name, removing the '_module' since
this is what a2dismod expects.Closes-Bug: #1712203
- 785. By Shane Peters
-
[shaner,r=] Fixes parsing of currently loaded apache modules
When hardening apache, the returned list of currently
enabled modules is always empty.This change splits on linefeeds from the output of
'apachectl -M' instead of spaces which allows the
regex to match.Since the returned list of modules could potentitialy
be used as input to '_disable_module' the regex was tweaked
to truncate the module name, removing the '_module' since
this is what a2dismod expects.Closes-Bug: #1712203
- 784. By Alex Kavanagh
-
[joeborg, r=tinwood] Adding test coverage for FilePermissionAudit
(note tinwood had to patch the test slightly to get it to merge due
to recent changes in charm-helpers). - 783. By Alex Kavanagh
-
[stub, r=tinwood] A feature of the PostgreSQL charm had stopped working, as
charm-helpers was attempting to do more validation of GPG key formats and the
PG charm happens to add comments to its keys so they don't get mixed up.While fixing this, noticed that insecure usage still seems to be promoted.
Clearly flag this cases in the docstring and add WARNING messages to logs when
people open themselves up to attack (the key retrieval protocol is unencrypted
for historical reasons and the same man-in-the-middle attack that poisons an
archive can also make people trust keys retrieved this way). - 782. By David Ames
-
[tinwood, r=thedac] Update the core.host.
write_file( ...) function to do less work The primary motivation for this change is to do less work, touch the
filesystem less, and try to clean the logs up a bit. This change is
to the rendering of configuration files, which generates noise in the
logs (at INFO) level, and often results in writing the exact same
content, thus updating the atime of the file even when the contents
haven't changed.This change detects if the content will change, and if not, doesn't
write the file. It does detect if the uid,gid is changing and takes
the appropriate action. The logs are demoted to the lowest level of
DEBUG/TRACE, and are only generated IFF the file is actually written
or the uid/gid is changed. - 780. By David Ames
-
[jamespage, r=thedac,tinwood] Refactoring ApacheSSLContext for network-space support
- 778. By Liam Young
-
[gnuoy, r=james-page] Change name of OpenStack extensions
The neutron-api charm already manages the extensions setting within a context
inside the charm. In the neutron-api charm it is called 'extension_drivers'
rather than 'extensions'. In a bid to keep things consistent this change
updates the recently added patch to switch from 'extensions' to
'extension_drivers'
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/charm-helpers