From cf8c73a7d3e4da8f79ea7071f3724e4deb1529c2 Mon Sep 17 00:00:00 2001 From: Antonio Terceiro Date: Thu, 2 Apr 2015 14:34:49 -0300 Subject: [PATCH] Add SELinux --- cookbooks/basics/files/default/selinux_config | 4 ++++ cookbooks/basics/recipes/default.rb | 11 +++++++++++ 2 files changed, 15 insertions(+), 0 deletions(-) create mode 100644 cookbooks/basics/files/default/selinux_config diff --git a/cookbooks/basics/files/default/selinux_config b/cookbooks/basics/files/default/selinux_config new file mode 100644 index 0000000..631f939 --- /dev/null +++ b/cookbooks/basics/files/default/selinux_config @@ -0,0 +1,4 @@ +# MANAGED WITH CHEF. DO NOT CHANGE BY HAND + +SELINUX=enforcing +SELINUXTYPE=targeted diff --git a/cookbooks/basics/recipes/default.rb b/cookbooks/basics/recipes/default.rb index c9c2d2c..e4748ed 100644 --- a/cookbooks/basics/recipes/default.rb +++ b/cookbooks/basics/recipes/default.rb @@ -1,6 +1,17 @@ # enable EPEL repository by default package 'epel-release' +# replicate production security setup +package 'selinux-policy' +package 'policycoreutils-python' +cookbook_file '/etc/selinux/config' do + source 'selinux_config' + owner 'root' + group 'root' + mode 0644 +end +execute 'setenforce Enforcing' + package 'vim' package 'bash-completion' package 'rsyslog' -- libgit2 0.21.2