1
+ ---
2
+ - name : " (Install: SELinux) Install Required CentOS Dependencies"
3
+ package :
4
+ name : policycoreutils-python, setools
5
+ state : present
6
+
7
+ - name : " (Install: SELinux: Booleans) Allow HTTP network connection"
8
+ seboolean :
9
+ name : httpd_can_network_connect
10
+ state : yes
11
+ persistent : yes
12
+
13
+ - name : " (Install: SELinux: Booleans) Allow HTTP relay connection"
14
+ seboolean :
15
+ name : httpd_can_network_relay
16
+ state : yes
17
+ persistent : yes
18
+
19
+ - name : " (Install: SELinux: Booleans) Allow HTTP mod auth pam"
20
+ seboolean :
21
+ name : httpd_mod_auth_pam
22
+ state : yes
23
+ persistent : yes
24
+
25
+ - name : " (Install: SELinux: Booleans) enable NIS"
26
+ seboolean :
27
+ name : nis_enabled
28
+ state : yes
29
+ persistent : yes
30
+
31
+ - name : " (Install: SELinux: Contexts) App Protect Logs"
32
+ sefcontext :
33
+ target : ' /var/log/app_protect(/.*)?'
34
+ setype : httpd_log_t
35
+ state : present
36
+
37
+ - name : " (Install: SELinux: Contexts) App Protect Opt"
38
+ sefcontext :
39
+ target : ' /opt/app_protect(/.*)?'
40
+ setype : httpd_var_run_t
41
+ state : present
42
+
43
+ - name : " (Install: SELinux: Contexts) App Protect Pipe"
44
+ sefcontext :
45
+ target : ' /opt/app_protect/pipe(/.*)?'
46
+ setype : httpd_initrc_exec_t
47
+ state : present
48
+
49
+ - name : " (Install: SELinux: Contexts) App Protect Config"
50
+ sefcontext :
51
+ target : ' /opt/app_protect/config(/.*)?'
52
+ setype : httpd_config_t
53
+ state : present
54
+
55
+ - name : " (Install: SELinux: Contexts) App Protect bin"
56
+ sefcontext :
57
+ target : ' /opt/app_protect/bin(/.*)?'
58
+ setype : httpd_exec_t
59
+ state : present
60
+
61
+ - name : " (Install: SELinux: Contexts) App Protect lock"
62
+ sefcontext :
63
+ target : ' /opt/app_protect/lock(/.*)?'
64
+ setype : httpd_lock_t
65
+ state : present
66
+
67
+ - name : " (Install: SELinux: Contexts) App Protect Temp"
68
+ sefcontext :
69
+ target : ' /opt/app_protect/temp(/.*)?'
70
+ setype : httpd_tmp_t
71
+ state : present
72
+
73
+ - name : " (Install: SELinux: Contexts) App Protect Tmp"
74
+ sefcontext :
75
+ target : ' /opt/app_protect/tmp(/.*)?'
76
+ setype : httpd_tmp_t
77
+ state : present
78
+
79
+ - name : " (Install: SELinux: Contexts) Apply contexts to opt"
80
+ command : restorecon -iRv /opt/app_protect
81
+
82
+ - name : " (Install: SELinux: Contexts) Apply contexts to log"
83
+ command : restorecon -iRv /var/log/app_protect
84
+
85
+ - name : " (Install: SELinux: Custom) Copy custom policy"
86
+ copy :
87
+ src : " {{ role_path }}/files/my-appprotect.te"
88
+ dest : /tmp/my-appprotect.te
89
+
90
+ - name : " (Install: SELinux: Custom) Convert custom policy"
91
+ command : checkmodule -M -m -o /tmp/my-appprotect.mod /tmp/my-appprotect.te
92
+
93
+ - name : " (Install: SELinux: Custom) Compile custom policy"
94
+ command : semodule_package -o /tmp/my-appprotect.pp -m /tmp/my-appprotect.mod
95
+
96
+ - name : " (Install: SELinux: Custom) Apply custom policy"
97
+ command : semanage -i /tmp/my-appprotect.pp
98
+
99
+ - name : " (Install: SELinux: Custom) Remove temporary files"
100
+ file :
101
+ path : /tmp/my-appprotect.*
102
+ state : absent
103
+
104
+ - name : " (Install: SELinux) Enforce SELinux"
105
+ selinux :
106
+ state : enforcing
0 commit comments