History

Ryan Beisner 6f4d50af4f Sync charm-helpers Change-Id: Id5af5290a60fbf7d12ef1a5803897b3eed6792a4		2018-11-09 09:18:08 -08:00
..
apache	Sync charm-helpers	2018-11-09 09:18:08 -08:00
audits	Sync charm-helpers	2018-11-09 09:18:08 -08:00
defaults	Enable Zesty-Ocata Amulet Tests	2017-05-16 23:06:09 +00:00
host	Enable Zesty-Ocata Amulet Tests	2017-05-16 23:06:09 +00:00
mysql	Add initial tests and repo review configs	2016-11-07 20:50:16 +00:00
ssh	Enable Zesty-Ocata Amulet Tests	2017-05-16 23:06:09 +00:00
README.hardening.md	Add initial tests and repo review configs	2016-11-07 20:50:16 +00:00
__init__.py	Add initial tests and repo review configs	2016-11-07 20:50:16 +00:00
harden.py	Sync charm-helpers	2018-11-09 09:18:08 -08:00
templating.py	Enable Ocata Amulet Tests	2017-03-09 14:35:08 -08:00
utils.py	Add initial tests and repo review configs	2016-11-07 20:50:16 +00:00

Juju charm-helpers hardening library

Description

This library provides multiple implementations of system and application hardening that conform to the standards of http://hardening.io/.

Current implementations include:

Synchronise this library into your charm and add the harden() decorator (from contrib.hardening.harden) to any functions or methods you want to use to trigger hardening of your application/system.
Add a config option called 'harden' to your charm config.yaml and set it to a space-delimited list of hardening modules you want to run e.g. "os ssh"
Override any config defaults (contrib.hardening.defaults) by adding a file called hardening.yaml to your charm root containing the name(s) of the modules whose settings you want override at root level and then any settings with overrides e.g.

os: general: desktop_enable: True
Now just run your charm as usual and hardening will be applied each time the hook runs.