Ticket #230: selinux-manifests.patch

File selinux-manifests.patch, 6.8 KB (added by lmacken, 6 years ago)

selinux-manifests.patch

  • servergroups/db.pp

    RCS file: /cvs/puppet/manifests/servergroups/db.pp,v
    retrieving revision 1.12
    diff -u -p -r1.12 db.pp
    class db { 
    55    include mysqlServer 
    66    include postgresServer 
    77    include fas 
     8    include selinux 
    89 
    910# firewall Rules 
    1011    $tcpPorts = [ 3306, 5432 ] 
  • servergroups/dns.pp

    RCS file: /cvs/puppet/manifests/servergroups/dns.pp,v
    retrieving revision 1.1
    diff -u -p -r1.1 dns.pp
     
    11class dns { 
    22    include global 
     3    include selinux 
    34} 
  • servergroups/gateway.pp

    RCS file: /cvs/puppet/manifests/servergroups/gateway.pp,v
    retrieving revision 1.27
    diff -u -p -r1.27 gateway.pp
    class gateway{ 
    55    include smtp 
    66    include snmp-utils 
    77    include vpn-server 
     8    include selinux 
    89 
    910    # Firewall Rules, allow SMTP traffic through 
    1011    $tcpPorts = [ 25, 1194 ] 
  • servergroups/hosted.pp

    RCS file: /cvs/puppet/manifests/servergroups/hosted.pp,v
    retrieving revision 1.7
    diff -u -p -r1.7 hosted.pp
    class hosted { 
    44    include fas 
    55    include hosted-server 
    66#    include hosted-proxy 
     7    include selinux 
     8 
    79    # Firewall Rules, allow http/https through. 
    810    $tcpPorts = [ 80, 443, 873, 9418 ] 
    911    $udpPorts = [ ] 
  • servergroups/noc.pp

    RCS file: /cvs/puppet/manifests/servergroups/noc.pp,v
    retrieving revision 1.6
    diff -u -p -r1.6 noc.pp
    class noc { 
    44    include global 
    55    include nagios-server 
    66    include cacti-server 
     7    include selinux 
    78 
    89    # Firewall Rules, allow HTTP traffic through 
    910    $tcpPorts = [ 80, 443, 873 ] 
  • servergroups/people.pp

    RCS file: /cvs/puppet/manifests/servergroups/people.pp,v
    retrieving revision 1.4
    diff -u -p -r1.4 people.pp
     
    11class people { 
    22    include global 
    33    include backupKey 
     4    include selinux 
    45 
    56    # Allow Web traffic 
    67    $tcpPorts = [  80, 443 ] 
  • servergroups/planet.pp

    RCS file: /cvs/puppet/manifests/servergroups/planet.pp,v
    retrieving revision 1.6
    diff -u -p -r1.6 planet.pp
     
    11class planet { 
    22    include global 
     3    include selinux 
    34 
    45    # Allow Web traffic 
    56    $tcpPorts = [  80, 443 ] 
  • servergroups/proxy.pp

    RCS file: /cvs/puppet/manifests/servergroups/proxy.pp,v
    retrieving revision 1.26
    diff -u -p -r1.26 proxy.pp
    class proxy { 
    3030    include mirrors-list 
    3131    include mod_ssl 
    3232    include bugzfedoraproject-proxy 
     33    include selinux 
    3334 
    3435    # Firewall Rules, allow HTTP traffic through 
    3536    $tcpPorts = [ 80, 443, 873 ] 
  • servergroups/puppet.pp

    RCS file: /cvs/puppet/manifests/servergroups/puppet.pp,v
    retrieving revision 1.5
    diff -u -p -r1.5 puppet.pp
    class puppetServer { 
    66    include puppetMaster 
    77    include infrastructure-repo 
    88    include rsyncContent 
     9    include selinux 
    910 
    1011 
    1112    # Firewall Rules, allow web, smolt, Plone, mirrormanager, noc, pkgdb, and bodhi traffic through 
  • servergroups/torrent.pp

    RCS file: /cvs/puppet/manifests/servergroups/torrent.pp,v
    retrieving revision 1.6
    diff -u -p -r1.6 torrent.pp
     
    11class torrent { 
    22    include global 
    33    include apacheLogUser 
     4    include selinux 
    45 
    56    # Allow DNS, Web traffic and Torrent traffic 
    67    $tcpPorts = [ 53, 80, 443, '6881:6999' ] 
  • servergroups/xen-guest.pp

    RCS file: /cvs/puppet/manifests/servergroups/xen-guest.pp,v
    retrieving revision 1.6
    diff -u -p -r1.6 xen-guest.pp
     
    11class xen-guest { 
    22    include global 
     3    include selinux 
    34#    include generic-iptables 
    45} 
  • servergroups/xen-server.pp

    RCS file: /cvs/puppet/manifests/servergroups/xen-server.pp,v
    retrieving revision 1.7
    diff -u -p -r1.7 xen-server.pp
    class xen-server { 
    55    include xenHost 
    66    include ipmi 
    77    include nagiosPhysical 
     8    include selinux 
    89 
    910 
    1011    # Firewall Rules, allow only web 
  • services/global.pp

    RCS file: /cvs/puppet/manifests/services/global.pp,v
    retrieving revision 1.54
    diff -u -p -r1.54 global.pp
    class global { 
    4747    configfile { "/etc/sysctl.conf": 
    4848        source => "system/sysctl.conf" 
    4949    } 
    50     configfile { '/etc/selinux/config': 
    51         source => 'system/config' 
    52     } 
    5350    configfile { '/etc/yum.repos.d/infrastructure.repo': 
    5451        source => 'system/infrastructure.repo', 
    5552    } 
  • new file services/selinux.pp

    RCS file: services/selinux.pp
    diff -N services/selinux.pp
    - +  
     1class selinux { 
     2        package { selinux-policy: 
     3                ensure => present, 
     4        } 
     5        configfile { '/etc/selinux/config': 
     6                source => 'system/config' 
     7        } 
     8}