diff --git a/cookbooks/basics/files/default/selinux_config b/cookbooks/basics/files/default/selinux_config new file mode 100644 index 0000000..631f939 --- /dev/null +++ b/cookbooks/basics/files/default/selinux_config @@ -0,0 +1,4 @@ +# MANAGED WITH CHEF. DO NOT CHANGE BY HAND + +SELINUX=enforcing +SELINUXTYPE=targeted diff --git a/cookbooks/basics/recipes/default.rb b/cookbooks/basics/recipes/default.rb index c9c2d2c..e4748ed 100644 --- a/cookbooks/basics/recipes/default.rb +++ b/cookbooks/basics/recipes/default.rb @@ -1,6 +1,17 @@ # enable EPEL repository by default package 'epel-release' +# replicate production security setup +package 'selinux-policy' +package 'policycoreutils-python' +cookbook_file '/etc/selinux/config' do + source 'selinux_config' + owner 'root' + group 'root' + mode 0644 +end +execute 'setenforce Enforcing' + package 'vim' package 'bash-completion' package 'rsyslog' -- libgit2 0.21.2