Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Present the 'misp_webserver_harden' variable #15

Merged
merged 2 commits into from
Feb 11, 2023
Merged

Present the 'misp_webserver_harden' variable #15

merged 2 commits into from
Feb 11, 2023

Conversation

egypcio
Copy link
Contributor

@egypcio egypcio commented Feb 7, 2023
edited
Loading

Description

Present the misp_webserver_harden variable, so we avoid depending on juju4/ansible-harden-apache, should we plan to have a clean setup also serving HTTPS.

Motivation and Context

templates/apache2-misp.conf.j2 was set to enforce the use of https://github.com/juju4/ansible-harden-apache, should we ended up setting the MISP role to serve HTTPS traffic by default. There was no option available to disable the inclusion of a particular configuration file which hardens the Apache virtual host.

Here we work that out, and present misp_webserver_harden (set to true by default), which gives folks an option to disable that if they want to.

How Has This Been Tested?

After changing the misp_base_port to 443 (which would require setting up TLS certificates), we:

  • Applied this role, against (fresh installed) Ubuntu machines using the particular versions affected by this change request;
  • Verified the presence (or not) of a included file for the misp.conf virtual host.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed including pre-commit and github actions.
  • Used in production.

@egypcio
Set 'misp_webserver_harden' to handle hardening
ed46daa 
  * This variable has its default value set to 'true';
  * Value can be changed in a playbook, while applying the role.
@egypcio
Ensure we use misp_webserver_harden properly
1903fe3 
  * This variable is useful to avoid unrequired role dependency;
  * Should one does not to depend on juju4/ansible-harden-apache, just
    set to false.
@juju4
Copy link
Owner

juju4 commented Feb 11, 2023

LGTM

@juju4 juju4 merged commit fa270de into juju4:devel Feb 11, 2023
@egypcio egypcio mentioned this pull request Feb 12, 2023
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@egypcio @juju4