digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 11:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

separate apache modules for kali and stretch/buster

Browse Source
This commit is contained in:
Z. Cliffe Schreuders
2022-09-29 12:04:36 +01:00
parent dda38d1814
commit 158283d667
571 changed files with 38064 additions and 8189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
modules/services/unix/http/apache_stretch_compatible/apache/.geppetto-rc.json → modules/services/unix/http/apache_kali_compatible/apache/.geppetto-rc.json
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/auto_release.yml → modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/auto_release.yml vendored
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/nightly.yml → modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/nightly.yml vendored
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/pr_test.yml → modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/pr_test.yml vendored
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/release.yml → modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/release.yml vendored
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/spec.yml → modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/spec.yml vendored
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.github_changelog_generator → modules/services/unix/http/apache_kali_compatible/apache/.github_changelog_generator
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.gitpod.Dockerfile → modules/services/unix/http/apache_kali_compatible/apache/.gitpod.Dockerfile vendored
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.gitpod.yml → modules/services/unix/http/apache_kali_compatible/apache/.gitpod.yml
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.nodeset.yml → modules/services/unix/http/apache_kali_compatible/apache/.nodeset.yml
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/.rubocop_todo.yml → modules/services/unix/http/apache_kali_compatible/apache/.rubocop_todo.yml
View File

1482
modules/services/unix/http/apache_kali_compatible/apache/CHANGELOG.md Normal file
View File

File diff suppressed because it is too large Load Diff

0
modules/services/unix/http/apache_stretch_compatible/apache/CODEOWNERS → modules/services/unix/http/apache_kali_compatible/apache/CODEOWNERS
View File

3
modules/services/unix/http/apache_kali_compatible/apache/CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,3 @@
# Contributing to Puppet modules
Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need.

0
modules/services/unix/http/apache_stretch_compatible/apache/HISTORY.md → modules/services/unix/http/apache_kali_compatible/apache/HISTORY.md
View File

202
modules/services/unix/http/apache_kali_compatible/apache/LICENSE Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

15
modules/services/unix/http/apache_kali_compatible/apache/NOTICE Normal file
View File

@@ -0,0 +1,15 @@
Puppet Module - puppetlabs-apache
Copyright 2018 Puppet, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

1008
modules/services/unix/http/apache_kali_compatible/apache/README.md Executable file
View File

File diff suppressed because it is too large Load Diff

0
modules/services/unix/http/apache_stretch_compatible/apache/REFERENCE.md → modules/services/unix/http/apache_kali_compatible/apache/REFERENCE.md
View File

29
modules/services/unix/http/apache_kali_compatible/apache/apache.pp Normal file
View File

@@ -0,0 +1,29 @@
#
# apache::fastcgi::server { 'php':
# host => '127.0.0.1:9000',
# timeout => 15,
# flush => false,
# faux_path => '/var/www/php.fcgi',
# fcgi_alias => '/php.fcgi',
# file_type => 'application/x-httpd-php'
# }
#
# apache::vhost { 'www':
# custom_fragment => 'AddType application/x-httpd-php .php',
# docroot => '/var/www/wordpress'
# }
class { 'apache':
mpm_module => 'prefork'
}
exec { 'apache2-systemd-reload':
command => 'systemctl daemon-reload; systemctl enable apache2',
path => [ '/usr/bin', '/bin', '/usr/sbin' ],
}
#->
#service { 'apache2':
# ensure => running,
# provider => systemd,
# enable => true,
#}

0
modules/services/unix/http/apache_stretch_compatible/apache/data/common.yaml → modules/services/unix/http/apache_kali_compatible/apache/data/common.yaml
View File

6
modules/services/unix/http/apache_kali_compatible/apache/examples/apache.pp Normal file
View File

@@ -0,0 +1,6 @@
include apache
include apache::mod::php
include apache::mod::cgi
include apache::mod::userdir
include apache::mod::disk_cache
include apache::mod::proxy_http

1
modules/services/unix/http/apache_kali_compatible/apache/examples/dev.pp Normal file
View File

@@ -0,0 +1 @@
include apache::mod::dev

1
modules/services/unix/http/apache_kali_compatible/apache/examples/init.pp Normal file
View File

@@ -0,0 +1 @@
include apache

10
modules/services/unix/http/apache_kali_compatible/apache/examples/mod_load_params.pp Normal file
View File

@@ -0,0 +1,10 @@
# Tests the path and identifier parameters for the apache::mod class
# Base class for clarity:
class { 'apache': }
# Exaple parameter usage:
apache::mod { 'testmod':
path => '/usr/some/path/mod_testmod.so',
id => 'testmod_custom_name',
}

8
modules/services/unix/http/apache_kali_compatible/apache/examples/mods.pp Normal file
View File

@@ -0,0 +1,8 @@
## Default mods
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot, and declaring our default set of modules.
class { 'apache':
default_mods => true,
}

15
modules/services/unix/http/apache_kali_compatible/apache/examples/mods_custom.pp Normal file
View File

@@ -0,0 +1,15 @@
## custom mods
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot, and declaring a custom set of modules.
class { 'apache':
default_mods => [
'info',
'alias',
'mime',
'env',
'setenv',
'expires',
],
}

4
modules/services/unix/http/apache_kali_compatible/apache/examples/php.pp Normal file
View File

@@ -0,0 +1,4 @@
class { 'apache':
mpm_module => 'prefork',
}
include apache::mod::php

256
modules/services/unix/http/apache_kali_compatible/apache/examples/vhost.pp Normal file
View File

@@ -0,0 +1,256 @@
## Default vhosts, and custom vhosts
# NB: Please see the other vhost_*.pp example files for further
# examples.
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot
class { 'apache': }
# Most basic vhost
apache::vhost { 'first.example.com':
port => '80',
docroot => '/var/www/first',
}
# Vhost with different docroot owner/group/mode
apache::vhost { 'second.example.com':
port => '80',
docroot => '/var/www/second',
docroot_owner => 'third',
docroot_group => 'third',
docroot_mode => '0770',
}
# Vhost with serveradmin
apache::vhost { 'third.example.com':
port => '80',
docroot => '/var/www/third',
serveradmin => 'admin@example.com',
}
# Vhost with ssl (uses default ssl certs)
apache::vhost { 'ssl.example.com':
port => '443',
docroot => '/var/www/ssl',
ssl => true,
}
# Vhost with ssl and specific ssl certs
apache::vhost { 'fourth.example.com':
port => '443',
docroot => '/var/www/fourth',
ssl => true,
ssl_cert => '/etc/ssl/fourth.example.com.cert',
ssl_key => '/etc/ssl/fourth.example.com.key',
}
# Vhost with english title and servername parameter
apache::vhost { 'The fifth vhost':
servername => 'fifth.example.com',
port => '80',
docroot => '/var/www/fifth',
}
# Vhost with server aliases
apache::vhost { 'sixth.example.com':
serveraliases => [
'sixth.example.org',
'sixth.example.net',
],
port => '80',
docroot => '/var/www/fifth',
}
# Vhost with alternate options
apache::vhost { 'seventh.example.com':
port => '80',
docroot => '/var/www/seventh',
options => [
'Indexes',
'MultiViews',
],
}
# Vhost with AllowOverride for .htaccess
apache::vhost { 'eighth.example.com':
port => '80',
docroot => '/var/www/eighth',
override => 'All',
}
# Vhost with access and error logs disabled
apache::vhost { 'ninth.example.com':
port => '80',
docroot => '/var/www/ninth',
access_log => false,
error_log => false,
}
# Vhost with custom access and error logs and logroot
apache::vhost { 'tenth.example.com':
port => '80',
docroot => '/var/www/tenth',
access_log_file => 'tenth_vhost.log',
error_log_file => 'tenth_vhost_error.log',
logroot => '/var/log',
}
# Vhost with a cgi-bin
apache::vhost { 'eleventh.example.com':
port => '80',
docroot => '/var/www/eleventh',
scriptalias => '/usr/lib/cgi-bin',
}
# Vhost with a proxypass configuration
apache::vhost { 'twelfth.example.com':
port => '80',
docroot => '/var/www/twelfth',
proxy_dest => 'http://internal.example.com:8080/twelfth',
no_proxy_uris => ['/login','/logout'],
}
# Vhost to redirect /login and /logout
apache::vhost { 'thirteenth.example.com':
port => '80',
docroot => '/var/www/thirteenth',
redirect_source => [
'/login',
'/logout',
],
redirect_dest => [
'http://10.0.0.10/login',
'http://10.0.0.10/logout',
],
}
# Vhost to permamently redirect
apache::vhost { 'fourteenth.example.com':
port => '80',
docroot => '/var/www/fourteenth',
redirect_source => '/blog',
redirect_dest => 'http://blog.example.com',
redirect_status => 'permanent',
}
# Vhost with a rack configuration
apache::vhost { 'fifteenth.example.com':
port => '80',
docroot => '/var/www/fifteenth',
rack_base_uris => ['/rackapp1', '/rackapp2'],
}
# Vhost to redirect non-ssl to ssl
apache::vhost { 'sixteenth.example.com non-ssl':
servername => 'sixteenth.example.com',
port => '80',
docroot => '/var/www/sixteenth',
rewrites => [
{
comment => 'redirect non-SSL traffic to SSL site',
rewrite_cond => ['%{HTTPS} off'],
rewrite_rule => ['(.*) https://%{HTTP_HOST}%{REQUEST_URI}'],
}
],
}
# Rewrite a URL to lower case
apache::vhost { 'sixteenth.example.com non-ssl':
servername => 'sixteenth.example.com',
port => '80',
docroot => '/var/www/sixteenth',
rewrites => [
{ comment => 'Rewrite to lower case',
rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
rewrite_map => ['lc int:tolower'],
rewrite_rule => ["(.*) \${lc:\$1} [R=301,L]"],
}
],
}
apache::vhost { 'sixteenth.example.com ssl':
servername => 'sixteenth.example.com',
port => '443',
docroot => '/var/www/sixteenth',
ssl => true,
}
# Vhost to redirect non-ssl to ssl using old rewrite method
apache::vhost { 'sixteenth.example.com non-ssl old rewrite':
servername => 'sixteenth.example.com',
port => '80',
docroot => '/var/www/sixteenth',
rewrite_cond => '%{HTTPS} off',
rewrite_rule => '(.*) https://%{HTTP_HOST}%{REQUEST_URI}',
}
apache::vhost { 'sixteenth.example.com ssl old rewrite':
servername => 'sixteenth.example.com',
port => '443',
docroot => '/var/www/sixteenth',
ssl => true,
}
# Vhost to block repository files
apache::vhost { 'seventeenth.example.com':
port => '80',
docroot => '/var/www/seventeenth',
block => 'scm',
}
# Vhost with special environment variables
apache::vhost { 'eighteenth.example.com':
port => '80',
docroot => '/var/www/eighteenth',
setenv => ['SPECIAL_PATH /foo/bin','KILROY was_here'],
}
apache::vhost { 'nineteenth.example.com':
port => '80',
docroot => '/var/www/nineteenth',
setenvif => 'Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1',
}
# Vhost with additional include files
apache::vhost { 'twentyieth.example.com':
port => '80',
docroot => '/var/www/twelfth',
additional_includes => ['/tmp/proxy_group_a','/tmp/proxy_group_b'],
}
# Vhost with alias for subdomain mapped to same named directory
# http://example.com.loc => /var/www/example.com
apache::vhost { 'subdomain.loc':
vhost_name => '*',
port => '80',
virtual_docroot => '/var/www/%-2+',
docroot => '/var/www',
serveraliases => ['*.loc',],
}
# Vhost with SSL (SSLProtocol, SSLCipherSuite & SSLHonorCipherOrder from default)
apache::vhost { 'securedomain.com':
priority => '10',
vhost_name => 'www.securedomain.com',
port => '443',
docroot => '/var/www/secure',
ssl => true,
ssl_cert => '/etc/ssl/securedomain.cert',
ssl_key => '/etc/ssl/securedomain.key',
ssl_chain => '/etc/ssl/securedomain.crt',
add_listen => false,
}
# Vhost with access log environment variables writing control
apache::vhost { 'twentyfirst.example.com':
port => '80',
docroot => '/var/www/twentyfirst',
access_log_env_var => 'admin',
}
# Vhost with a passenger_base configuration
apache::vhost { 'twentysecond.example.com':
port => '80',
docroot => '/var/www/twentysecond',
rack_base_uris => ['/passengerapp1', '/passengerapp2'],
}

43
modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_directories.pp Normal file
View File

@@ -0,0 +1,43 @@
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot
class { 'apache': }
# Example from README adapted.
apache::vhost { 'readme.example.net':
docroot => '/var/www/readme',
directories => [
{
'path' => '/var/www/readme',
'ServerTokens' => 'prod' ,
},
{
'path' => '/usr/share/empty',
'allow' => 'from all',
},
],
}
# location test
apache::vhost { 'location.example.net':
docroot => '/var/www/location',
directories => [
{
'path' => '/location',
'provider' => 'location',
'ServerTokens' => 'prod'
},
],
}
# files test, curedly disable access to accidental backup files.
apache::vhost { 'files.example.net':
docroot => '/var/www/files',
directories => [
{
'path' => '(\.swp|\.bak|~)$',
'provider' => 'filesmatch',
'deny' => 'from all'
},
],
}

16
modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_filter.pp Normal file
View File

@@ -0,0 +1,16 @@
# Base class. Declares default vhost on port 80 with filters.
class { 'apache': }
# Example from README adapted.
apache::vhost { 'readme.example.net':
docroot => '/var/www/html',
filters => [
'FilterDeclare COMPRESS',
'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',
'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css',
'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain',
'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml',
'FilterChain COMPRESS',
'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',
],
}

25
modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_ip_based.pp Normal file
View File

@@ -0,0 +1,25 @@
## IP-based vhosts on any listen port
# IP-based vhosts respond to requests on specific IP addresses.
# Base class. Turn off the default vhosts; we will be declaring
# all vhosts below.
class { 'apache':
default_vhost => false,
}
# Listen on port 80 and 81; required because the following vhosts
# are not declared with a port parameter.
apache::listen { '80': }
apache::listen { '81': }
# IP-based vhosts
apache::vhost { 'first.example.com':
ip => '10.0.0.10',
docroot => '/var/www/first',
ip_based => true,
}
apache::vhost { 'second.example.com':
ip => '10.0.0.11',
docroot => '/var/www/second',
ip_based => true,
}

66
modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_proxypass.pp Normal file
View File

@@ -0,0 +1,66 @@
## vhost with proxyPass directive
# NB: Please see the other vhost_*.pp example files for further
# examples.
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot
class { 'apache': }
# Most basic vhost with proxy_pass
apache::vhost { 'first.example.com':
port => 80,
docroot => '/var/www/first',
proxy_pass => [
{
'path' => '/first',
'url' => 'http://localhost:8080/first'
},
],
}
# vhost with proxy_pass and parameters
apache::vhost { 'second.example.com':
port => 80,
docroot => '/var/www/second',
proxy_pass => [
{
'path' => '/second',
'url' => 'http://localhost:8080/second',
'params' => {
'retry' => '0',
'timeout' => '5',
}
},
],
}
# vhost with proxy_pass and keywords
apache::vhost { 'third.example.com':
port => 80,
docroot => '/var/www/third',
proxy_pass => [
{
'path' => '/third',
'url' => 'http://localhost:8080/third',
'keywords' => ['noquery', 'interpolate']
},
],
}
# vhost with proxy_pass, parameters and keywords
apache::vhost { 'fourth.example.com':
port => 80,
docroot => '/var/www/fourth',
proxy_pass => [
{
'path' => '/fourth',
'url' => 'http://localhost:8080/fourth',
'params' => {
'retry' => '0',
'timeout' => '5',
},
'keywords' => ['noquery', 'interpolate']
},
],
}

23
modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_ssl.pp Normal file
View File

@@ -0,0 +1,23 @@
## SSL-enabled vhosts
# SSL-enabled vhosts respond only to HTTPS queries.
# Base class. Turn off the default vhosts; we will be declaring
# all vhosts below.
class { 'apache':
default_vhost => false,
}
# Non-ssl vhost
apache::vhost { 'first.example.com non-ssl':
servername => 'first.example.com',
port => '80',
docroot => '/var/www/first',
}
# SSL vhost at the same domain
apache::vhost { 'first.example.com ssl':
servername => 'first.example.com',
port => '443',
docroot => '/var/www/first',
ssl => true,
}

52
modules/services/unix/http/apache_kali_compatible/apache/examples/vhosts_without_listen.pp Normal file
View File

@@ -0,0 +1,52 @@
## Declare ip-based and name-based vhosts
# Mixing Name-based vhost with IP-specific vhosts requires `add_listen =>
# 'false'` on the non-IP vhosts
# Base class. Turn off the default vhosts; we will be declaring
# all vhosts below.
class { 'apache':
default_vhost => false,
}
# Add two an IP-based vhost on 10.0.0.10, ssl and non-ssl
apache::vhost { 'The first IP-based vhost, non-ssl':
servername => 'first.example.com',
ip => '10.0.0.10',
port => '80',
ip_based => true,
docroot => '/var/www/first',
}
apache::vhost { 'The first IP-based vhost, ssl':
servername => 'first.example.com',
ip => '10.0.0.10',
port => '443',
ip_based => true,
docroot => '/var/www/first-ssl',
ssl => true,
}
# Two name-based vhost listening on 10.0.0.20
apache::vhost { 'second.example.com':
ip => '10.0.0.20',
port => '80',
docroot => '/var/www/second',
}
apache::vhost { 'third.example.com':
ip => '10.0.0.20',
port => '80',
docroot => '/var/www/third',
}
# Two name-based vhosts without IPs specified, so that they will answer on either 10.0.0.10 or 10.0.0.20 . It is requried to declare
# `add_listen => 'false'` to disable declaring "Listen 80" which will conflict
# with the IP-based preceeding vhosts.
apache::vhost { 'fourth.example.com':
port => '80',
docroot => '/var/www/fourth',
add_listen => false,
}
apache::vhost { 'fifth.example.com':
port => '80',
docroot => '/var/www/fifth',
add_listen => false,
}

24
modules/services/unix/http/apache_kali_compatible/apache/files/httpd Normal file
View File

@@ -0,0 +1,24 @@
# Configuration file for the httpd service.
#
# The default processing model (MPM) is the process-based
# 'prefork' model. A thread-based model, 'worker', is also
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
#HTTPD=/usr/sbin/httpd.worker
#
# To pass additional options (for instance, -D definitions) to the
# httpd binary at startup, set OPTIONS here.
#
#OPTIONS=
#OPTIONS=-DDOWN
#
# By default, the httpd process is started in the C locale; to
# change the locale in which the server runs, the HTTPD_LANG
# variable can be set.
#
#HTTPD_LANG=C
export SHORTHOST=`hostname -s`

0
modules/services/unix/http/apache_stretch_compatible/apache/hiera.yaml → modules/services/unix/http/apache_kali_compatible/apache/hiera.yaml
View File

29
modules/services/unix/http/apache_kali_compatible/apache/lib/facter/apache_version.rb Normal file
View File

@@ -0,0 +1,29 @@
# frozen_string_literal: true
Facter.add(:apache_version) do
confine kernel: ['FreeBSD', 'Linux']
setcode do
apache_version = nil
if Facter::Util::Resolution.which('httpd')
apache_version = Facter::Util::Resolution.exec('httpd -V 2>&1')
Facter.debug "Matching httpd '#{apache_version}'"
elsif Facter::Util::Resolution.which('apache2')
apache_version = Facter::Util::Resolution.exec('apache2 -V 2>&1')
Facter.debug "Matching apache2 '#{apache_version}'"
elsif Facter::Util::Resolution.which('apachectl')
apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1')
Facter.debug "Matching apachectl '#{apache_version}'"
elsif Facter::Util::Resolution.which('apache2ctl')
apache_version = Facter::Util::Resolution.exec('apache2ctl -v 2>&1')
Facter.debug "Matching apache2ctl '#{apache_version}'"
end
unless apache_version.nil?
match = %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)
unless match.nil?
match[1]
end
end
end
end

0
modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache/apache_pw_hash.rb → modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache/apache_pw_hash.rb
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache/bool2httpd.rb → modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache/bool2httpd.rb
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache/pw_hash.rb → modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache/pw_hash.rb
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache_pw_hash.rb → modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache_pw_hash.rb
View File

0
modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/bool2httpd.rb → modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/bool2httpd.rb
View File

43
modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod.rb Normal file
View File

@@ -0,0 +1,43 @@
# frozen_string_literal: true
# a2mod.rb
class Puppet::Provider::A2mod < Puppet::Provider
# Fetches the mod provider
def self.prefetch(mods)
instances.each do |prov|
mod = mods[prov.name]
if mod
mod.provider = prov
end
end
end
# Clear's the property_hash
def flush
@property_hash.clear
end
# Returns a copy of the property_hash
def properties
if @property_hash.empty?
@property_hash = query || { ensure: :absent }
@property_hash[:ensure] = :absent if @property_hash.empty?
end
@property_hash.dup
end
# Returns the properties of the given mod if it exists.
def query
self.class.instances.each do |mod|
if mod.name == name || mod.name.downcase == name
return mod.properties
end
end
nil
end
# Return's if the ensure property is absent or not
def exists?
properties[:ensure] != :absent
end
end

37
modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/a2mod.rb Normal file
View File

@@ -0,0 +1,37 @@
# frozen_string_literal: true
require 'puppet/provider/a2mod'
Puppet::Type.type(:a2mod).provide(:a2mod, parent: Puppet::Provider::A2mod) do
desc 'Manage Apache 2 modules on Debian and Ubuntu'
optional_commands encmd: 'a2enmod'
optional_commands discmd: 'a2dismod'
commands apache2ctl: 'apache2ctl'
confine osfamily: :debian
defaultfor operatingsystem: [:debian, :ubuntu]
def self.instances
modules = apache2ctl('-M').lines.map { |line|
m = line.match(%r{(\w+)_module \(shared\)$})
m[1] if m
}.compact
modules.map do |mod|
new(
name: mod,
ensure: :present,
provider: :a2mod,
)
end
end
def create
encmd resource[:name]
end
def destroy
discmd resource[:name]
end
end

116
modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/gentoo.rb Normal file
View File

@@ -0,0 +1,116 @@
# frozen_string_literal: true
require 'puppet/util/filetype'
Puppet::Type.type(:a2mod).provide(:gentoo, parent: Puppet::Provider) do
desc 'Manage Apache 2 modules on Gentoo'
confine operatingsystem: :gentoo
defaultfor operatingsystem: :gentoo
attr_accessor :property_hash
def create
@property_hash[:ensure] = :present
end
def exists?
(!@property_hash[:ensure].nil? && @property_hash[:ensure] == :present)
end
def destroy
@property_hash[:ensure] = :absent
end
def flush
self.class.flush
end
class << self
attr_reader :conf_file
end
def self.clear
@mod_resources = []
@modules = []
@other_args = ''
end
def self.initvars
@conf_file = '/etc/conf.d/apache2'
@filetype = Puppet::Util::FileType.filetype(:flat).new(conf_file)
@mod_resources = []
@modules = []
@other_args = ''
end
initvars
# Retrieve an array of all existing modules
def self.modules
if @modules.length <= 0
# Locate the APACHE_OPTS variable
records = filetype.read.split(%r{\n})
apache2_opts = records.grep(%r{^\s*APACHE2_OPTS=}).first
# Extract all defines
@modules << Regexp.last_match(1).downcase while apache2_opts.sub!(%r{-D\s+(\w+)}, '')
# Hang on to any remaining options.
if apache2_opts =~ %r{APACHE2_OPTS="(.+)"}
@other_args = Regexp.last_match(1).strip
end
@modules.sort!.uniq!
end
@modules
end
def self.prefetch(resources = {})
# Match resources with existing providers
instances.each do |provider|
resource = resources[provider.name]
if resource
resource.provider = provider
end
end
# Store all resources using this provider for flushing
resources.each do |_name, resource|
@mod_resources << resource
end
end
def self.instances
modules.map { |mod| new(name: mod, provider: :gentoo, ensure: :present) }
end
def self.flush
mod_list = modules
mods_to_remove = @mod_resources.select { |mod| mod.should(:ensure) == :absent }.map { |mod| mod[:name] }
mods_to_add = @mod_resources.select { |mod| mod.should(:ensure) == :present }.map { |mod| mod[:name] }
mod_list -= mods_to_remove
mod_list += mods_to_add
mod_list.sort!.uniq!
return unless modules != mod_list
opts = @other_args + ' '
opts << mod_list.map { |mod| "-D #{mod.upcase}" }.join(' ')
opts.strip!
opts.gsub!(%r{\s+}, ' ')
apache2_opts = %(APACHE2_OPTS="#{opts}")
Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}")
records = filetype.read.split(%r{\n})
opts_index = records.find_index { |i| i.match(%r{^\s*APACHE2_OPTS}) }
records[opts_index] = apache2_opts
filetype.backup
filetype.write(records.join("\n"))
@modules = mod_list
end
end

13
modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/modfix.rb Normal file
View File

@@ -0,0 +1,13 @@
# frozen_string_literal: true
Puppet::Type.type(:a2mod).provide :modfix do
desc "Dummy provider for A2mod.
Fake nil resources when there is no crontab binary available. Allows
puppetd to run on a bootstrapped machine before a Cron package has been
installed. Workaround for: http://projects.puppetlabs.com/issues/2384
"
def self.instances
[]
end
end

62
modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/redhat.rb Normal file
View File

@@ -0,0 +1,62 @@
# frozen_string_literal: true
require 'puppet/provider/a2mod'
Puppet::Type.type(:a2mod).provide(:redhat, parent: Puppet::Provider::A2mod) do
desc 'Manage Apache 2 modules on RedHat family OSs'
commands apachectl: 'apachectl'
confine osfamily: :redhat
defaultfor osfamily: :redhat
require 'pathname'
# modpath: Path to default apache modules directory /etc/httpd/mod.d
# modfile: Path to module load configuration file; Default: resides under modpath directory
# libfile: Path to actual apache module library. Added in modfile LoadModule
attr_accessor :modfile, :libfile
class << self
attr_accessor :modpath
def preinit
@modpath = '/etc/httpd/mod.d'
end
end
preinit
def create
File.open(modfile, 'w') do |f|
f.puts "LoadModule #{resource[:identifier]} #{libfile}"
end
end
def destroy
File.delete(modfile)
end
def self.instances
modules = apachectl('-M').lines.map { |line|
m = line.match(%r{(\w+)_module \(shared\)$})
m[1] if m
}.compact
modules.map do |mod|
new(
name: mod,
ensure: :present,
provider: :redhat,
)
end
end
def modfile
"#{self.class.modpath}/#{resource[:name]}.load"
end
# Set libfile path: If absolute path is passed, then maintain it. Else, make it default from 'modules' dir.
def libfile
Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}"
end
end

30
modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/type/a2mod.rb Normal file
View File

@@ -0,0 +1,30 @@
# frozen_string_literal: true
Puppet::Type.newtype(:a2mod) do
@doc = 'Manage Apache 2 modules'
ensurable
newparam(:name) do
Puppet.warning 'The a2mod provider is deprecated, please use apache::mod instead'
desc 'The name of the module to be managed'
isnamevar
end
newparam(:lib) do
desc 'The name of the .so library to be loaded'
defaultto { "mod_#{@resource[:name]}.so" }
end
newparam(:identifier) do
desc 'Module identifier string used by LoadModule. Default: module-name_module'
# http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier
defaultto { "#{resource[:name]}_module" }
end
autorequire(:package) { catalog.resource(:package, 'httpd') }
end

106
modules/services/unix/http/apache_kali_compatible/apache/manifests/balancer.pp Normal file
View File

@@ -0,0 +1,106 @@
# @summary
# This type will create an apache balancer cluster file inside the conf.d
# directory.
#
# Each balancer cluster needs one or more balancer members (that can
# be declared with the apache::balancermember defined resource type). Using
# storeconfigs, you can export the apache::balancermember resources on all
# balancer members, and then collect them on a single apache load balancer
# server.
#
# @note
# Currently requires the puppetlabs/concat module on the Puppet Forge and uses
# storeconfigs on the Puppet Server to export/collect resources from all
# balancer members.
#
# @param name
# The namevar of the defined resource type is the balancer clusters name.<br />
# This name is also used in the name of the conf.d file
#
# @param proxy_set
# Configures key-value pairs to be used as a ProxySet lines in the configuration.
#
# @param target
# The path to the file the balancer definition will be written in.
#
# @param collect_exported
# Determines whether to use exported resources.<br />
# If you statically declare all of your backend servers, set this parameter to false to rely
# on existing, declared balancer member resources. Also, use apache::balancermember with array
# arguments.<br />
# To dynamically declare backend servers via exported resources collected on a central node,
# set this parameter to true to collect the balancer member resources exported by the balancer
# member nodes.<br />
# If you don't use exported resources, a single Puppet run configures all balancer members. If
# you use exported resources, Puppet has to run on the balanced nodes first, then run on the
# balancer.
#
# @param options
# Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)
# after the balancer URL, and accepts any key-value pairs available to `ProxyPass`.
#
# @example
# apache::balancer { 'puppet00': }
#
define apache::balancer (
$proxy_set = {},
$collect_exported = true,
$target = undef,
$options = [],
) {
include apache::mod::proxy_balancer
if versioncmp($apache::mod::proxy_balancer::apache_version, '2.4') >= 0 {
$lbmethod = $proxy_set['lbmethod'] ? {
undef => 'byrequests',
default => $proxy_set['lbmethod'],
}
ensure_resource('apache::mod', "lbmethod_${lbmethod}", {
'loadfile_name' => "proxy_balancer_lbmethod_${lbmethod}.load"
})
}
if $target {
$_target = $target
} else {
$_target = "${apache::confd_dir}/balancer_${name}.conf"
}
if !empty($options) {
$_options = " ${join($options, ' ')}"
} else {
$_options = ''
}
concat { "apache_balancer_${name}":
owner => '0',
group => '0',
path => $_target,
mode => $apache::file_mode,
notify => Class['Apache::Service'],
}
concat::fragment { "00-${name}-header":
target => "apache_balancer_${name}",
order => '01',
content => "<Proxy balancer://${name}${_options}>\n",
}
if $collect_exported {
Apache::Balancermember <<| balancer_cluster == $name |>>
}
# else: the resources have been created and they introduced their
# concat fragments. We don't have to do anything about them.
concat::fragment { "01-${name}-proxyset":
target => "apache_balancer_${name}",
order => '19',
content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"),
}
concat::fragment { "01-${name}-footer":
target => "apache_balancer_${name}",
order => '20',
content => "</Proxy>\n",
}
}

50
modules/services/unix/http/apache_kali_compatible/apache/manifests/balancermember.pp Normal file
View File

@@ -0,0 +1,50 @@
# @summary
# Defines members of `mod_proxy_balancer`
#
# Sets up a balancer member inside a listening service configuration block in
# the load balancer's `apache.cfg`.
#
# This type will setup a balancer member inside a listening service
# configuration block in /etc/apache/apache.cfg on the load balancer.
# Currently it only has the ability to specify the instance name, url and an
# array of options. More features can be added as needed. The best way to
# implement this is to export this resource for all apache balancer member
# servers, and then collect them on the main apache load balancer.
#
# @note
# Currently requires the puppetlabs/concat module on the Puppet Forge and
# uses storeconfigs on the Puppet Server to export/collect resources
# from all balancer members.
#
# @param name
# The title of the resource is arbitrary and only utilized in the concat
# fragment name.
#
# @param balancer_cluster
# The apache service's instance name (or, the title of the apache::balancer
# resource). This must match up with a declared apache::balancer resource.
#
# @param url
# The url used to contact the balancer member server.
#
# @param options
# Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)
# after the URL, and accepts any key-value pairs available to `ProxyPass`.
#
# @example
# @@apache::balancermember { 'apache':
# balancer_cluster => 'puppet00',
# url => "ajp://${::fqdn}:8009"
# options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
# }
#
define apache::balancermember (
$balancer_cluster,
$url = "http://${::fqdn}/",
$options = [],
) {
concat::fragment { "BalancerMember ${name}":
target => "apache_balancer_${balancer_cluster}",
content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"),
}
}

14
modules/services/unix/http/apache_kali_compatible/apache/manifests/confd/no_accf.pp Normal file
View File

@@ -0,0 +1,14 @@
# @summary
# Manages the `no-accf.conf` file.
#
# @api private
class apache::confd::no_accf {
# Template uses no variables
file { 'no-accf.conf':
ensure => 'file',
path => "${apache::confd_dir}/no-accf.conf",
content => template('apache/confd/no-accf.conf.erb'),
require => Exec["mkdir ${apache::confd_dir}"],
before => File[$apache::confd_dir],
}
}

125
modules/services/unix/http/apache_kali_compatible/apache/manifests/custom_config.pp Normal file
View File

@@ -0,0 +1,125 @@
# @summary
# Adds a custom configuration file to the Apache server's `conf.d` directory.
#
# If the file is invalid and this defined type's `verify_config` parameter's value is
# `true`, Puppet throws an error during a Puppet run.
#
# @param ensure
# Specifies whether the configuration file should be present.
#
# @param confdir
# Sets the directory in which Puppet places configuration files.
#
# @param content
# Sets the configuration file's content. The `content` and `source` parameters are exclusive
# of each other.
#
# @param filename
# Sets the name of the file under `confdir` in which Puppet stores the configuration.
#
# @param priority
# Sets the configuration file's priority by prefixing its filename with this parameter's
# numeric value, as Apache processes configuration files in alphanumeric order.<br />
# To omit the priority prefix in the configuration file's name, set this parameter to `false`.
#
# @param source
# Points to the configuration file's source. The `content` and `source` parameters are
# exclusive of each other.
#
# @param verify_command
# Specifies the command Puppet uses to verify the configuration file. Use a fully qualified
# command.<br />
# This parameter is used only if the `verify_config` parameter's value is `true`. If the
# `verify_command` fails, the Puppet run deletes the configuration file and raises an error,
# but does not notify the Apache service.
#
# @param verify_config
# Specifies whether to validate the configuration file before notifying the Apache service.
#
# @param owner
# File owner of configuration file
#
# @param group
# File group of configuration file
#
# @param file_mode
# File mode of configuration file
#
# @param show_diff
# show_diff property for configuration file resource
#
define apache::custom_config (
Enum['absent', 'present'] $ensure = 'present',
$confdir = $apache::confd_dir,
$content = undef,
$priority = '25',
$source = undef,
$verify_command = $apache::params::verify_command,
Boolean $verify_config = true,
$filename = undef,
$owner = undef,
$group = undef,
$file_mode = undef,
Boolean $show_diff = true,
) {
if $content and $source {
fail('Only one of $content and $source can be specified.')
}
if $ensure == 'present' and ! $content and ! $source {
fail('One of $content and $source must be specified.')
}
if $filename {
$_filename = $filename
} else {
if $priority {
$priority_prefix = "${priority}-"
} else {
$priority_prefix = ''
}
## Apache include does not always work with spaces in the filename
$filename_middle = regsubst($name, ' ', '_', 'G')
$_filename = "${priority_prefix}${filename_middle}.conf"
}
if ! $verify_config or $ensure == 'absent' {
$notifies = Class['Apache::Service']
} else {
$notifies = undef
}
$_file_mode = pick($file_mode, $apache::file_mode)
file { "apache_${name}":
ensure => $ensure,
path => "${confdir}/${_filename}",
owner => $owner,
group => $group,
mode => $_file_mode,
content => $content,
source => $source,
show_diff => $show_diff,
require => Package['httpd'],
notify => $notifies,
}
if $ensure == 'present' and $verify_config {
exec { "syntax verification for ${name}":
command => $verify_command,
subscribe => File["apache_${name}"],
refreshonly => true,
notify => Class['Apache::Service'],
before => Exec["remove ${name} if invalid"],
require => Anchor['::apache::modules_set_up'],
}
exec { "remove ${name} if invalid":
command => "/bin/rm ${confdir}/${_filename}",
unless => $verify_command,
subscribe => File["apache_${name}"],
refreshonly => true,
}
}
}

19
modules/services/unix/http/apache_kali_compatible/apache/manifests/default_confd_files.pp Normal file
View File

@@ -0,0 +1,19 @@
# @summary
# Helper for setting up default conf.d files.
#
# @api private
class apache::default_confd_files (
$all = true,
) {
# The rest of the conf.d/* files only get loaded if we want them
if $all {
case $::osfamily {
'freebsd': {
include apache::confd::no_accf
}
default: {
# do nothing
}
}
}
}

186
modules/services/unix/http/apache_kali_compatible/apache/manifests/default_mods.pp Normal file
View File

@@ -0,0 +1,186 @@
# @summary
# Installs and congfigures default mods for Apache
#
# @api private
class apache::default_mods (
$all = true,
$mods = undef,
$apache_version = $apache::apache_version,
$use_systemd = $apache::use_systemd,
) {
# These are modules required to run the default configuration.
# They are not configurable at this time, so we just include
# them to make sure it works.
case $::osfamily {
'redhat': {
::apache::mod { 'log_config': }
if versioncmp($apache_version, '2.4') >= 0 {
# Lets fork it
# Do not try to load mod_systemd on RHEL/CentOS 6 SCL.
if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemmajrelease, '7') == -1) and !($::operatingsystem == 'Amazon') ) {
if ($use_systemd) {
::apache::mod { 'systemd': }
}
}
if ($::operatingsystem == 'Amazon' and $::operatingsystemrelease == '2') {
::apache::mod { 'systemd': }
}
::apache::mod { 'unixd': }
}
}
'freebsd': {
::apache::mod { 'log_config': }
::apache::mod { 'unixd': }
}
'Suse': {
::apache::mod { 'log_config': }
}
default: {}
}
case $::osfamily {
'gentoo': {}
default: {
::apache::mod { 'authz_host': }
}
}
# The rest of the modules only get loaded if we want all modules enabled
if $all {
case $::osfamily {
'debian': {
include apache::mod::authn_core
include apache::mod::reqtimeout
if versioncmp($apache_version, '2.4') < 0 {
::apache::mod { 'authn_alias': }
}
}
'redhat': {
include apache::mod::actions
include apache::mod::authn_core
include apache::mod::cache
include apache::mod::ext_filter
include apache::mod::mime
include apache::mod::mime_magic
include apache::mod::rewrite
include apache::mod::speling
include apache::mod::suexec
include apache::mod::version
include apache::mod::vhost_alias
::apache::mod { 'auth_digest': }
::apache::mod { 'authn_anon': }
::apache::mod { 'authn_dbm': }
::apache::mod { 'authz_dbm': }
::apache::mod { 'authz_owner': }
::apache::mod { 'expires': }
::apache::mod { 'include': }
::apache::mod { 'logio': }
::apache::mod { 'substitute': }
::apache::mod { 'usertrack': }
if versioncmp($apache_version, '2.4') < 0 {
::apache::mod { 'authn_alias': }
::apache::mod { 'authn_default': }
}
}
'freebsd': {
include apache::mod::actions
include apache::mod::authn_core
include apache::mod::cache
include apache::mod::disk_cache
include apache::mod::headers
include apache::mod::info
include apache::mod::mime_magic
include apache::mod::reqtimeout
include apache::mod::rewrite
include apache::mod::userdir
include apache::mod::version
include apache::mod::vhost_alias
include apache::mod::speling
include apache::mod::filter
::apache::mod { 'asis': }
::apache::mod { 'auth_digest': }
::apache::mod { 'auth_form': }
::apache::mod { 'authn_anon': }
::apache::mod { 'authn_dbm': }
::apache::mod { 'authn_socache': }
::apache::mod { 'authz_dbd': }
::apache::mod { 'authz_dbm': }
::apache::mod { 'authz_owner': }
::apache::mod { 'dumpio': }
::apache::mod { 'expires': }
::apache::mod { 'file_cache': }
::apache::mod { 'imagemap': }
::apache::mod { 'include': }
::apache::mod { 'logio': }
::apache::mod { 'request': }
::apache::mod { 'session': }
::apache::mod { 'unique_id': }
}
default: {}
}
case $apache::mpm_module {
'prefork': {
include apache::mod::cgi
}
'worker': {
include apache::mod::cgid
}
default: {
# do nothing
}
}
include apache::mod::alias
include apache::mod::authn_file
include apache::mod::autoindex
include apache::mod::dav
include apache::mod::dav_fs
include apache::mod::deflate
include apache::mod::dir
include apache::mod::mime
include apache::mod::negotiation
include apache::mod::setenvif
::apache::mod { 'auth_basic': }
if versioncmp($apache_version, '2.4') >= 0 {
# filter is needed by mod_deflate
include apache::mod::filter
# authz_core is needed for 'Require' directive
::apache::mod { 'authz_core':
id => 'authz_core_module',
}
# lots of stuff seems to break without access_compat
::apache::mod { 'access_compat': }
} else {
include apache::mod::authz_default
}
include apache::mod::authz_user
::apache::mod { 'authz_groupfile': }
include apache::mod::env
} elsif $mods {
::apache::default_mods::load { $mods: }
if versioncmp($apache_version, '2.4') >= 0 {
# authz_core is needed for 'Require' directive
::apache::mod { 'authz_core':
id => 'authz_core_module',
}
# filter is needed by mod_deflate
include apache::mod::filter
}
} else {
if versioncmp($apache_version, '2.4') >= 0 {
# authz_core is needed for 'Require' directive
::apache::mod { 'authz_core':
id => 'authz_core_module',
}
# filter is needed by mod_deflate
include apache::mod::filter
}
}
}

11
modules/services/unix/http/apache_kali_compatible/apache/manifests/default_mods/load.pp Normal file
View File

@@ -0,0 +1,11 @@
# @summary
# Helper used by `apache::default_mods`
#
# @api private
define apache::default_mods::load ($module = $title) {
if defined("apache::mod::${module}") {
include "::apache::mod::${module}"
} else {
::apache::mod { $module: }
}
}

22
modules/services/unix/http/apache_kali_compatible/apache/manifests/dev.pp Normal file
View File

@@ -0,0 +1,22 @@
# @summary
# Installs Apache development libraries.
#
# The libraries installed depends on the `dev_packages` parameter of the `apache::params`
# class, based on your operating system:
# - **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev`
# - **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`.
# - **Gentoo**: `undef`.
# - **Red Hat**: `httpd-devel`.
class apache::dev {
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
$packages = $apache::dev_packages
if $packages { # FreeBSD doesn't have dev packages to install
package { $packages:
ensure => present,
require => Package['httpd'],
}
}
}

59
modules/services/unix/http/apache_kali_compatible/apache/manifests/fastcgi/server.pp Normal file
View File

@@ -0,0 +1,59 @@
# @summary
# Defines one or more external FastCGI servers to handle specific file types. Use this
# defined type with `mod_fastcgi`.
#
# @param host
# Determines the FastCGI's hostname or IP address and TCP port number (1-65535).
#
# @param timeout
# Sets the number of seconds a [FastCGI](http://www.fastcgi.com/) application can be inactive before aborting the
# request and logging the event at the error LogLevel. The inactivity timer applies only as
# long as a connection is pending with the FastCGI application. If a request is queued to an
# application, but the application doesn't respond by writing and flushing within this period,
# the request is aborted. If communication is complete with the application but incomplete with
# the client (the response is buffered), the timeout does not apply.
#
# @param flush
# Forces `mod_fastcgi` to write to the client as data is received from the
# application. By default, `mod_fastcgi` buffers data in order to free the application
# as quickly as possible.
#
# @param faux_path
# Apache has FastCGI handle URIs that resolve to this filename. The path set in this
# parameter does not have to exist in the local filesystem.
#
# @param fcgi_alias
# Internally links actions with the FastCGI server. This alias must be unique.
#
# @param file_type
# Sets the MIME `content-type` of the file to be processed by the FastCGI server.
#
define apache::fastcgi::server (
$host = '127.0.0.1:9000',
$timeout = 15,
$flush = false,
$faux_path = "/var/www/${name}.fcgi",
$fcgi_alias = "/${name}.fcgi",
$file_type = 'application/x-httpd-php',
$pass_header = undef,
) {
include apache::mod::fastcgi
Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title]
if $host =~ Stdlib::Absolutepath {
$socket = $host
}
file { "fastcgi-pool-${name}.conf":
ensure => file,
path => "${apache::confd_dir}/fastcgi-pool-${name}.conf",
owner => 'root',
group => $apache::params::root_group,
mode => $apache::file_mode,
content => template('apache/fastcgi/server.erb'),
require => Exec["mkdir ${apache::confd_dir}"],
before => File[$apache::confd_dir],
notify => Class['apache::service'],
}
}

870
modules/services/unix/http/apache_kali_compatible/apache/manifests/init.pp Executable file
View File

@@ -0,0 +1,870 @@
# @summary
# Guides the basic setup and installation of Apache on your system.
#
# When this class is declared with the default options, Puppet:
# - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.
# - Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system.
# - Configures the server with a default virtual host and standard port (`80`) and address (`\*`) bindings.
# - Creates a document root directory determined by your operating system, typically `/var/www`.
# - Starts the Apache service.
#
# @example
# class { 'apache': }
#
# @param allow_encoded_slashes
# Sets the server default for the `AllowEncodedSlashes` declaration, which modifies the
# responses to URLs containing '\' and '/' characters. If not specified, this parameter omits
# the declaration from the server's configuration and uses Apache's default setting of 'off'.
#
# @param apache_version
# Configures module template behavior, package names, and default Apache modules by defining
# the version of Apache to use. We do not recommend manually configuring this parameter
# without reason.
#
# @param conf_dir
# Sets the directory where the Apache server's main configuration file is located.
#
# @param conf_template
# Defines the template used for the main Apache configuration file. Modifying this
# parameter is potentially risky, as the apache module is designed to use a minimal
# configuration file customized by `conf.d` entries.
#
# @param confd_dir
# Sets the location of the Apache server's custom configuration directory.
#
# @param default_charset
# Used as the `AddDefaultCharset` directive in the main configuration file.
#
# @param default_confd_files
# Determines whether Puppet generates a default set of includable Apache configuration files
# in the directory defined by the `confd_dir` parameter. These configuration files
# correspond to what is typically installed with the Apache package on the server's
# operating system.
#
# @param default_mods
# Determines whether to configure and enable a set of default Apache modules depending on
# your operating system.<br />
# If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work
# on your operating system, and you can declare any other modules separately using the
# `apache::mod::<MODULE NAME>` class or `apache::mod` defined type.<br />
# If `true`, Puppet installs additional modules, depending on the operating system and
# the values of `apache_version` and `mpm_module` parameters. Because these lists of
# modules can change frequently, consult the Puppet module's code for up-to-date lists.<br />
# If this parameter contains an array, Puppet instead enables all passed Apache modules.
#
# @param default_ssl_ca
# Sets the default certificate authority for the Apache server.<br />
# Although the default value results in a functioning Apache server, you **must** update
# this parameter with your certificate authority information before deploying this server in
# a production environment.
#
# @param default_ssl_cert
# Sets the SSL encryption certificate location.<br />
# Although the default value results in a functioning Apache server, you **must** update this
# parameter with your certificate location before deploying this server in a production environment.
#
# @param default_ssl_chain
# Sets the default SSL chain location.<br />
# Although this default value results in a functioning Apache server, you **must** update
# this parameter with your SSL chain before deploying this server in a production environment.
#
# @param default_ssl_crl
# Sets the path of the default certificate revocation list (CRL) file to use.<br />
# Although this default value results in a functioning Apache server, you **must** update
# this parameter with the CRL file path before deploying this server in a production
# environment. You can use this parameter with or in place of the `default_ssl_crl_path`.
#
# @param default_ssl_crl_path
# Sets the server's certificate revocation list path, which contains your CRLs.<br />
# Although this default value results in a functioning Apache server, you **must** update
# this parameter with the CRL file path before deploying this server in a production environment.
#
# @param default_ssl_crl_check
# Sets the default certificate revocation check level via the `SSLCARevocationCheck` directive.
# This parameter applies only to Apache 2.4 or higher and is ignored on older versions.<br />
# Although this default value results in a functioning Apache server, you **must** specify
# this parameter when using certificate revocation lists in a production environment.
#
# @param default_ssl_key
# Sets the SSL certificate key file location.
# Although the default values result in a functioning Apache server, you **must** update
# this parameter with your SSL key's location before deploying this server in a production
# environment.
#
# @param default_ssl_reload_on_change
# Enable reloading of apache if the content of ssl files have changed.
#
# @param default_ssl_vhost
# Configures a default SSL virtual host.
# If `true`, Puppet automatically configures the following virtual host using the
# `apache::vhost` defined type:
# ```puppet
# apache::vhost { 'default-ssl':
# port => 443,
# ssl => true,
# docroot => $docroot,
# scriptalias => $scriptalias,
# serveradmin => $serveradmin,
# access_log_file => "ssl_${access_log_file}",
# }
# ```
# **Note**: SSL virtual hosts only respond to HTTPS queries.
#
# @param default_type
# _Apache 2.2 only_. Sets the MIME `content-type` sent if the server cannot otherwise
# determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and
# newer, and is only for backwards compatibility in configuration files.
#
# @param default_vhost
# Configures a default virtual host when the class is declared.<br />
# To configure customized virtual hosts, set this parameter's
# value to `false`.<br />
# > **Note**: Apache will not start without at least one virtual host. If you set this
# to `false` you must configure a virtual host elsewhere.
#
# @param dev_packages
# Configures a specific dev package to use.<br />
# For example, using httpd 2.4 from the IUS yum repo:<br />
# ``` puppet
# include ::apache::dev
# class { 'apache':
# apache_name => 'httpd24u',
# dev_packages => 'httpd24u-devel',
# }
# ```
#
# @param docroot
# Sets the default `DocumentRoot` location.
#
# @param error_documents
# Determines whether to enable [custom error documents](https://httpd.apache.org/docs/current/custom-error.html) on the Apache server.
#
# @param group
# Sets the group ID that owns any Apache processes spawned to answer requests.<br />
# By default, Puppet attempts to manage this group as a resource under the `apache`
# class, determining the group based on the operating system as detected by the
# `apache::params` class. To prevent the group resource from being created and use a group
# created by another Puppet module, set the `manage_group` parameter's value to `false`.<br />
# > **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn
# child processes to access resources. It does not change the user that owns the parent server
# process.
#
# @param httpd_dir
# Sets the Apache server's base configuration directory. This is useful for specially
# repackaged Apache server builds but might have unintended consequences when combined
# with the default distribution packages.
#
# @param http_protocol_options
# Specifies the strictness of HTTP protocol checks.<br />
# Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`,
# `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`.
#
# @param keepalive
# Determines whether to enable persistent HTTP connections with the `KeepAlive` directive.
# If you set this to `On`, use the `keepalive_timeout` and `max_keepalive_requests` parameters
# to set relevant options.<br />
#
# @param keepalive_timeout
# Sets the `KeepAliveTimeout` directive, which determines the amount of time the Apache
# server waits for subsequent requests on a persistent HTTP connection. This parameter is
# only relevant if the `keepalive` parameter is enabled.
#
# @param max_keepalive_requests
# Limits the number of requests allowed per connection when the `keepalive` parameter is enabled.
#
# @param hostname_lookups
# This directive enables DNS lookups so that host names can be logged and passed to
# CGIs/SSIs in REMOTE_HOST.<br />
# > **Note**: If enabled, it impacts performance significantly.
#
# @param ldap_trusted_mode
# The following modes are supported:
#
# NONE - no encryption
# SSL - ldaps:// encryption on default port 636
# TLS - STARTTLS encryption on default port 389
# Not all LDAP toolkits support all the above modes. An error message will be logged at
# runtime if a mode is not supported, and the connection to the LDAP server will fail.
#
#If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.
#
# @param ldap_verify_server_cert
# Specifies whether to force the verification of a server certificate when establishing an SSL
# connection to the LDAP server.
# On|Off
#
# @param lib_path
# Specifies the location whereApache module files are stored.<br />
# > **Note**: Do not configure this parameter manually without special reason.
#
# @param log_level
# Configures the apache [LogLevel](https://httpd.apache.org/docs/current/mod/core.html#loglevel) directive
# which adjusts the verbosity of the messages recorded in the error logs.
#
# @param log_formats
# Define additional `LogFormat` directives. Values: A hash, such as:
# ``` puppet
# $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
# ```
# There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates:
# ``` httpd
# LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
# LogFormat "%h %l %u %t \"%r\" %>s %b" common
# LogFormat "%{Referer}i -> %U" referer
# LogFormat "%{User-agent}i" agent
# LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
# ```
# If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition.
#
# @param logroot
# Changes the directory of Apache log files for the virtual host.
#
# @param logroot_mode
# Overrides the default `logroot` directory's mode.<br />
# > **Note**: Do _not_ grant write access to the directory where the logs are stored
# without being aware of the consequences. See the [Apache documentation](https://httpd.apache.org/docs/current/logs.html#security)
# for details.
#
# @param manage_group
# When `false`, stops Puppet from creating the group resource.<br />
# If you have a group created from another Puppet module that you want to use to run Apache,
# set this to `false`. Without this parameter, attempting to use a previously established
# group results in a duplicate resource error.
#
# @param supplementary_groups
# A list of groups to which the user belongs. These groups are in addition to the primary group.<br />
# Notice: This option only has an effect when `manage_user` is set to true.
#
# @param manage_user
# When `false`, stops Puppet from creating the user resource.<br />
# This is for instances when you have a user, created from another Puppet module, you want
# to use to run Apache. Without this parameter, attempting to use a previously established
# user would result in a duplicate resource error.
#
# @param mod_dir
# Sets where Puppet places configuration files for your Apache modules.
#
# @param mod_libs
# Allows the user to override default module library names.
# ```puppet
# include apache::params
# class { 'apache':
# mod_libs => merge($::apache::params::mod_libs, {
# 'wsgi' => 'mod_wsgi_python3.so',
# })
# }
# ```
#
# @param mod_packages
# Allows the user to override default module package names.
# ```puppet
# include apache::params
# class { 'apache':
# mod_packages => merge($::apache::params::mod_packages, {
# 'auth_kerb' => 'httpd24-mod_auth_kerb',
# })
# }
# ```
#
# @param mpm_module
# Determines which [multi-processing module](https://httpd.apache.org/docs/current/mpm.html) (MPM) is loaded and configured for the
# HTTPD process. Valid values are: `event`, `itk`, `peruser`, `prefork`, `worker` or `false`.<br />
# You must set this to `false` to explicitly declare the following classes with custom parameters:
# - `apache::mod::event`
# - `apache::mod::itk`
# - `apache::mod::peruser`
# - `apache::mod::prefork`
# - `apache::mod::worker`
#
# @param package_ensure
# Controls the `package` resource's `ensure` attribute. Valid values are: `absent`, `installed`
# (or equivalent `present`), or a version string.
#
# @param pidfile
# Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.
#
# @param ports_file
# Sets the path to the file containing Apache ports configuration.
#
# @param protocols
# Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)
# directive, which lists available protocols for the server.
#
# @param protocols_honor_order
# Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
# directive which determines whether the order of Protocols sets precedence during negotiation.
#
# @param purge_configs
# Removes all other Apache configs and virtual hosts.<br />
# Setting this to `false` is a stopgap measure to allow the apache module to coexist with
# existing or unmanaged configurations. We recommend moving your configuration to resources
# within this module. For virtual host configurations, see `purge_vhost_dir`.
#
# @param purge_vhost_dir
# If the `vhost_dir` parameter's value differs from the `confd_dir` parameter's, this parameter
# determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed
# by Puppet.<br />
# Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to
# coexist with existing or otherwise unmanaged configurations within `vhost_dir`.
#
# @param rewrite_lock
# Allows setting a custom location for a rewrite lock - considered best practice if using
# a RewriteMap of type prg in the `rewrites` parameter of your virtual host. This parameter
# only applies to Apache version 2.2 or lower and is ignored on newer versions.
#
# @param sendfile
# Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the
# `EnableSendfile` directive.
#
# @param serveradmin
# Sets the Apache server administrator's contact information via Apache's `ServerAdmin` directive.
#
# @param servername
# Sets the Apache server name via Apache's `ServerName` directive.
# Setting to `false` will not set ServerName at all.
#
# @param server_root
# Sets the Apache server's root directory via Apache's `ServerRoot` directive.
#
# @param server_signature
# Configures a trailing footer line to display at the bottom of server-generated documents,
# such as error documents and output of certain Apache modules, via Apache's `ServerSignature`
# directive. Valid values are: `On` or `Off`.
#
# @param server_tokens
# Controls how much information Apache sends to the browser about itself and the operating
# system, via Apache's `ServerTokens` directive.
#
# @param service_enable
# Determines whether Puppet enables the Apache HTTPD service when the system is booted.
#
# @param service_ensure
# Determines whether Puppet should make sure the service is running.
# Valid values are: `true` (or `running`) or `false` (or `stopped`).<br />
# The `false` or `stopped` values set the 'httpd' service resource's `ensure` parameter
# to `false`, which is useful when you want to let the service be managed by another
# application, such as Pacemaker.<br />
#
# @param service_name
# Sets the name of the Apache service.
#
# @param service_manage
# Determines whether Puppet manages the HTTPD service's state.
#
# @param service_restart
# Determines whether Puppet should use a specific command to restart the HTTPD service.
# Values: a command to restart the Apache service.
#
# @param timeout
# Sets Apache's `TimeOut` directive, which defines the number of seconds Apache waits for
# certain events before failing a request.
#
# @param trace_enable
# Controls how Apache handles `TRACE` requests (per RFC 2616) via the `TraceEnable` directive.
#
# @param use_canonical_name
# Controls Apache's `UseCanonicalName` directive which controls how Apache handles
# self-referential URLs. If not specified, this parameter omits the declaration from the
# server's configuration and uses Apache's default setting of 'off'.
#
# @param use_systemd
# Controls whether the systemd module should be installed on Centos 7 servers, this is
# especially useful if using custom-built RPMs.
#
# @param file_mode
# Sets the desired permissions mode for config files.
# Valid values are: a string, with permissions mode in symbolic or numeric notation.
#
# @param root_directory_options
# Array of the desired options for the `/` directory in httpd.conf.
#
# @param root_directory_secured
# Sets the default access policy for the `/` directory in httpd.conf. A value of `false`
# allows access to all resources that are missing a more specific access policy. A value of
# `true` denies access to all resources by default. If `true`, more specific rules must be
# used to allow access to these resources (for example, in a directory block using the
# `directories` parameter).
#
# @param vhost_dir
# Changes your virtual host configuration files' location.
#
# @param vhost_include_pattern
# Defines the pattern for files included from the `vhost_dir`.
# If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in
# this directory (such as files created by version control systems or editor backups) are
# *not* included in your server configuration.<br />
# Some operating systems use a value of `*.conf`. By default, this module creates configuration
# files ending in `.conf`.
#
# @param user
# Changes the user that Apache uses to answer requests. Apache's parent process continues
# to run as root, but child processes access resources as the user defined by this parameter.
# To prevent Puppet from managing the user, set the `manage_user` parameter to `false`.
#
# @param apache_name
# The name of the Apache package to install. If you are using a non-standard Apache package
# you might need to override the default setting.<br />
# For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`.
#
# @param error_log
# The name of the error log file for the main server instance. If the string starts with
# `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with
# `$logroot`.
#
# @param scriptalias
# Directory to use for global script alias
#
# @param access_log_file
# The name of the access log file for the main server instance.
#
# @param limitreqfields
# The `limitreqfields` parameter sets the maximum number of request header fields in
# an HTTP request. This directive gives the server administrator greater control over
# abnormal client request behavior, which may be useful for avoiding some forms of
# denial-of-service attacks. The value should be increased if normal clients see an error
# response from the server that indicates too many fields were sent in the request.
#
# @param limitreqfieldsize
# The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will
# be allowed within a request header.
#
# @param ip
# Specifies the ip address
#
# @param purge_vdir
# Removes all other Apache configs and virtual hosts.<br />
# > **Note**: This parameter is deprecated in favor of the `purge_config` parameter.<br />
#
# @param conf_enabled
# Whether the additional config files in `/etc/apache2/conf-enabled` should be managed.
#
# @param vhost_enable_dir
# Set's whether the vhost definitions will be stored in sites-availible and if
# they will be symlinked to and from sites-enabled.
#
# @param mod_enable_dir
# Set's whether the mods-enabled directory should be managed.
#
# @param ssl_file
# This parameter allows you to set an ssl.conf file to be managed in order to implement
# an SSL Certificate.
#
# @param file_e_tag
# Sets the server default for the `FileETag` declaration, which modifies the response header
# field for static files.
#
# @param use_optional_includes
# Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for
# `additional_includes` in Apache 2.4 or newer.
#
# @param mime_types_additional
# Specifies any idditional Internet media (mime) types that you wish to be configured.
#
class apache (
$apache_name = $apache::params::apache_name,
$service_name = $apache::params::service_name,
$default_mods = true,
Boolean $default_vhost = true,
$default_charset = undef,
Boolean $default_confd_files = true,
Boolean $default_ssl_vhost = false,
$default_ssl_cert = $apache::params::default_ssl_cert,
$default_ssl_key = $apache::params::default_ssl_key,
$default_ssl_chain = undef,
$default_ssl_ca = undef,
$default_ssl_crl_path = undef,
$default_ssl_crl = undef,
$default_ssl_crl_check = undef,
Boolean $default_ssl_reload_on_change = false,
$default_type = 'none',
$dev_packages = $apache::params::dev_packages,
$ip = undef,
Boolean $service_enable = true,
Boolean $service_manage = true,
$service_ensure = 'running',
$service_restart = undef,
$purge_configs = true,
$purge_vhost_dir = undef,
$purge_vdir = false,
$serveradmin = 'root@localhost',
Enum['On', 'Off', 'on', 'off'] $sendfile = 'On',
$ldap_verify_server_cert = undef,
$ldap_trusted_mode = undef,
$error_documents = false,
$timeout = '60',
$httpd_dir = $apache::params::httpd_dir,
$server_root = $apache::params::server_root,
$conf_dir = $apache::params::conf_dir,
$confd_dir = $apache::params::confd_dir,
Enum['Off', 'On', 'Double', 'off', 'on', 'double'] $hostname_lookups = $apache::params::hostname_lookups,
$conf_enabled = $apache::params::conf_enabled,
$vhost_dir = $apache::params::vhost_dir,
$vhost_enable_dir = $apache::params::vhost_enable_dir,
$mod_libs = $apache::params::mod_libs,
$mod_packages = $apache::params::mod_packages,
$vhost_include_pattern = $apache::params::vhost_include_pattern,
$mod_dir = $apache::params::mod_dir,
$mod_enable_dir = $apache::params::mod_enable_dir,
$mpm_module = $apache::params::mpm_module,
$lib_path = $apache::params::lib_path,
$conf_template = $apache::params::conf_template,
$servername = $apache::params::servername,
$pidfile = $apache::params::pidfile,
Optional[Stdlib::Absolutepath] $rewrite_lock = undef,
Boolean $manage_user = true,
Boolean $manage_group = true,
$user = $apache::params::user,
$group = $apache::params::group,
$http_protocol_options = $apache::params::http_protocol_options,
$supplementary_groups = [],
$keepalive = $apache::params::keepalive,
$keepalive_timeout = $apache::params::keepalive_timeout,
$max_keepalive_requests = $apache::params::max_keepalive_requests,
$limitreqfieldsize = '8190',
$limitreqfields = '100',
$logroot = $apache::params::logroot,
$logroot_mode = $apache::params::logroot_mode,
Apache::LogLevel $log_level = $apache::params::log_level,
$log_formats = {},
$ssl_file = undef,
$ports_file = $apache::params::ports_file,
$docroot = $apache::params::docroot,
$apache_version = $apache::version::default,
$server_tokens = 'Prod',
$server_signature = 'On',
$trace_enable = 'On',
Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef,
$file_e_tag = undef,
Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]
$use_canonical_name = undef,
$package_ensure = 'installed',
Boolean $use_optional_includes = $apache::params::use_optional_includes,
$use_systemd = $apache::params::use_systemd,
$mime_types_additional = $apache::params::mime_types_additional,
$file_mode = $apache::params::file_mode,
$root_directory_options = $apache::params::root_directory_options,
Boolean $root_directory_secured = false,
$error_log = $apache::params::error_log,
$scriptalias = $apache::params::scriptalias,
$access_log_file = $apache::params::access_log_file,
Array[Enum['h2', 'h2c', 'http/1.1']] $protocols = [],
Optional[Boolean] $protocols_honor_order = undef,
) inherits ::apache::params {
$valid_mpms_re = $apache_version ? {
'2.4' => '(event|itk|peruser|prefork|worker)',
default => '(event|itk|prefork|worker)'
}
if $::osfamily == 'RedHat' and $facts['operatingsystemmajrelease'] == '7' {
# On redhat 7 the ssl.conf lives in /etc/httpd/conf.d (the confd_dir)
# when all other module configs live in /etc/httpd/conf.modules.d (the
# mod_dir). On all other platforms and versions, ssl.conf lives in the
# mod_dir. This should maintain the expected location of ssl.conf
$_ssl_file = $ssl_file ? {
undef => "${apache::confd_dir}/ssl.conf",
default => $ssl_file
}
} else {
$_ssl_file = $ssl_file ? {
undef => "${apache::mod_dir}/ssl.conf",
default => $ssl_file
}
}
if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans
assert_type(Pattern[$valid_mpms_re], $mpm_module)
}
# NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.
# NOTE: the same strategy may be introduced for other OSes. For this, you
# should delete the 'if' block below and modify all MPM modules' manifests
# such that they include apache::package class (currently event.pp, itk.pp,
# peruser.pp, prefork.pp, worker.pp).
if $::osfamily != 'FreeBSD' {
package { 'httpd':
ensure => $package_ensure,
name => $apache_name,
notify => Class['Apache::Service'],
}
}
# declare the web server user and group
# Note: requiring the package means the package ought to create them and not puppet
if $manage_user {
user { $user:
ensure => present,
gid => $group,
groups => $supplementary_groups,
require => Package['httpd'],
}
}
if $manage_group {
group { $group:
ensure => present,
require => Package['httpd'],
}
}
class { 'apache::service':
service_name => $service_name,
service_enable => $service_enable,
service_manage => $service_manage,
service_ensure => $service_ensure,
service_restart => $service_restart,
}
# Deprecated backwards-compatibility
if $purge_vdir {
warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs')
$purge_confd = $purge_vdir
} else {
$purge_confd = $purge_configs
}
# Set purge vhostd appropriately
if $purge_vhost_dir == undef {
$purge_vhostd = $purge_confd
} else {
$purge_vhostd = $purge_vhost_dir
}
Exec {
path => '/bin:/sbin:/usr/bin:/usr/sbin',
}
exec { "mkdir ${confd_dir}":
creates => $confd_dir,
require => Package['httpd'],
}
file { $confd_dir:
ensure => directory,
recurse => true,
purge => $purge_confd,
force => $purge_confd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
if $conf_enabled and ! defined(File[$conf_enabled]) {
file { $conf_enabled:
ensure => directory,
recurse => true,
purge => $purge_confd,
force => $purge_confd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
}
if ! defined(File[$mod_dir]) {
exec { "mkdir ${mod_dir}":
creates => $mod_dir,
require => Package['httpd'],
}
# Don't purge available modules if an enable dir is used
$purge_mod_dir = $purge_configs and !$mod_enable_dir
file { $mod_dir:
ensure => directory,
recurse => true,
purge => $purge_mod_dir,
notify => Class['Apache::Service'],
require => Package['httpd'],
before => Anchor['::apache::modules_set_up'],
}
}
if $mod_enable_dir and ! defined(File[$mod_enable_dir]) {
$mod_load_dir = $mod_enable_dir
exec { "mkdir ${mod_enable_dir}":
creates => $mod_enable_dir,
require => Package['httpd'],
}
file { $mod_enable_dir:
ensure => directory,
recurse => true,
purge => $purge_configs,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
} else {
$mod_load_dir = $mod_dir
}
if ! defined(File[$vhost_dir]) {
exec { "mkdir ${vhost_dir}":
creates => $vhost_dir,
require => Package['httpd'],
}
file { $vhost_dir:
ensure => directory,
recurse => true,
purge => $purge_vhostd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
}
if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) {
$vhost_load_dir = $vhost_enable_dir
exec { "mkdir ${vhost_load_dir}":
creates => $vhost_load_dir,
require => Package['httpd'],
}
file { $vhost_enable_dir:
ensure => directory,
recurse => true,
purge => $purge_vhostd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
} else {
$vhost_load_dir = $vhost_dir
}
concat { $ports_file:
ensure => present,
owner => 'root',
group => $apache::params::root_group,
mode => $apache::file_mode,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
concat::fragment { 'Apache ports header':
target => $ports_file,
content => template('apache/ports_header.erb'),
}
if $apache::conf_dir and $apache::params::conf_file {
if $::osfamily == 'gentoo' {
$error_documents_path = '/usr/share/apache2/error'
if $default_mods =~ Array {
if versioncmp($apache_version, '2.4') >= 0 {
if defined('apache::mod::ssl') {
::portage::makeconf { 'apache2_modules':
content => concat($default_mods, ['authz_core', 'socache_shmcb']),
}
} else {
::portage::makeconf { 'apache2_modules':
content => concat($default_mods, 'authz_core'),
}
}
} else {
::portage::makeconf { 'apache2_modules':
content => $default_mods,
}
}
}
file { [
'/etc/apache2/modules.d/.keep_www-servers_apache-2',
'/etc/apache2/vhosts.d/.keep_www-servers_apache-2',
]:
ensure => absent,
require => Package['httpd'],
}
}
$apxs_workaround = $::osfamily ? {
'freebsd' => true,
default => false
}
# Template uses:
# - $pidfile
# - $user
# - $group
# - $logroot
# - $error_log
# - $sendfile
# - $mod_dir
# - $ports_file
# - $confd_dir
# - $vhost_dir
# - $error_documents
# - $error_documents_path
# - $apxs_workaround
# - $http_protocol_options
# - $keepalive
# - $keepalive_timeout
# - $max_keepalive_requests
# - $server_root
# - $server_tokens
# - $server_signature
# - $trace_enable
# - $rewrite_lock
# - $root_directory_secured
file { "${apache::conf_dir}/${apache::params::conf_file}":
ensure => file,
mode => $apache::file_mode,
content => template($conf_template),
notify => Class['Apache::Service'],
require => [Package['httpd'], Concat[$ports_file]],
}
# preserve back-wards compatibility to the times when default_mods was
# only a boolean value. Now it can be an array (too)
if $default_mods =~ Array {
class { 'apache::default_mods':
all => false,
mods => $default_mods,
}
} else {
class { 'apache::default_mods':
all => $default_mods,
}
}
class { 'apache::default_confd_files':
all => $default_confd_files,
}
if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans
include "::apache::mod::${mpm_module}"
}
$default_vhost_ensure = $default_vhost ? {
true => 'present',
false => 'absent'
}
$default_ssl_vhost_ensure = $default_ssl_vhost ? {
true => 'present',
false => 'absent'
}
::apache::vhost { 'default':
ensure => $default_vhost_ensure,
port => '80',
docroot => $docroot,
scriptalias => $scriptalias,
serveradmin => $serveradmin,
access_log_file => $access_log_file,
priority => '15',
ip => $ip,
logroot_mode => $logroot_mode,
manage_docroot => $default_vhost,
use_servername_for_filenames => true,
use_port_for_filenames => true,
}
$ssl_access_log_file = $::osfamily ? {
'freebsd' => $access_log_file,
default => "ssl_${access_log_file}",
}
::apache::vhost { 'default-ssl':
ensure => $default_ssl_vhost_ensure,
port => '443',
ssl => true,
docroot => $docroot,
scriptalias => $scriptalias,
serveradmin => $serveradmin,
access_log_file => $ssl_access_log_file,
priority => '15',
ip => $ip,
logroot_mode => $logroot_mode,
manage_docroot => $default_ssl_vhost,
use_servername_for_filenames => true,
use_port_for_filenames => true,
}
}
# This anchor can be used as a reference point for things that need to happen *after*
# all modules have been put in place.
anchor { '::apache::modules_set_up': }
}

15
modules/services/unix/http/apache_kali_compatible/apache/manifests/listen.pp Normal file
View File

@@ -0,0 +1,15 @@
# @summary
# Adds `Listen` directives to `ports.conf` that define the
# Apache server's or a virtual host's listening address and port.
#
# The `apache::vhost` class uses this defined type, and titles take the form
# `<PORT>`, `<IPV4>:<PORT>`, or `<IPV6>:<PORT>`.
define apache::listen {
$listen_addr_port = $name
# Template uses: $listen_addr_port
concat::fragment { "Listen ${listen_addr_port}":
target => $apache::ports_file,
content => template('apache/listen.erb'),
}
}

210
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod.pp Normal file
View File

@@ -0,0 +1,210 @@
# @summary
# Installs packages for an Apache module that doesn't have a corresponding
# `apache::mod::<MODULE NAME>` class.
#
# Checks for or places the module's default configuration files in the Apache server's
# `module` and `enable` directories. The default locations depend on your operating system.
#
# @param package
# **Required**.<br />
# Names the package Puppet uses to install the Apache module.
#
# @param package_ensure
# Determines whether Puppet ensures the Apache module should be installed.
#
# @param lib
# Defines the module's shared object name. Do not configure manually without special reason.
#
# @param lib_path
# Specifies a path to the module's libraries. Do not manually set this parameter
# without special reason. The `path` parameter overrides this value.
#
# @param loadfile_name
# Sets the filename for the module's `LoadFile` directive, which can also set
# the module load order as Apache processes them in alphanumeric order.
#
# @param id
# Specifies the package id
#
# @param loadfiles
# Specifies an array of `LoadFile` directives.
#
# @param path
# Specifies a path to the module. Do not manually set this parameter without a special reason.
#
define apache::mod (
$package = undef,
$package_ensure = 'present',
$lib = undef,
$lib_path = $apache::lib_path,
$id = undef,
$path = undef,
$loadfile_name = undef,
$loadfiles = undef,
) {
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
$mod = $name
#include apache #This creates duplicate resources in rspec-puppet
$mod_dir = $apache::mod_dir
# Determine if we have special lib
$mod_libs = $apache::mod_libs
if $lib {
$_lib = $lib
} elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack
$_lib = $mod_libs[$mod]
} else {
$_lib = "mod_${mod}.so"
}
# Determine if declaration specified a path to the module
if $path {
$_path = $path
} else {
$_path = "${lib_path}/${_lib}"
}
if $id {
$_id = $id
} else {
$_id = "${mod}_module"
}
if $loadfile_name {
$_loadfile_name = $loadfile_name
} else {
$_loadfile_name = "${mod}.load"
}
# Determine if we have a package
$mod_packages = $apache::mod_packages
if $package {
$_package = $package
} elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack
if ($apache::apache_version == '2.4' and $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease != '2') {
# On amazon linux we need to prefix our package name with mod24 instead of mod to support apache 2.4
$_package = regsubst($mod_packages[$mod],'^(mod_)?(.*)','mod24_\2')
} else {
$_package = $mod_packages[$mod]
}
} else {
$_package = undef
}
if $_package and ! defined(Package[$_package]) {
# note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters
# httpd.conf with 'LoadModule' directives; here, by proper resource
# ordering, we ensure that our version of httpd.conf is reverted after
# the module gets installed.
$package_before = $::osfamily ? {
'freebsd' => [
File[$_loadfile_name],
File["${apache::conf_dir}/${apache::params::conf_file}"]
],
default => [
File[$_loadfile_name],
File[$apache::confd_dir],
],
}
# if there are any packages, they should be installed before the associated conf file
Package[$_package] -> File<| title == "${mod}.conf" |>
# $_package may be an array
package { $_package:
ensure => $package_ensure,
require => Package['httpd'],
before => $package_before,
notify => Class['apache::service'],
}
}
file { $_loadfile_name:
ensure => file,
path => "${mod_dir}/${_loadfile_name}",
owner => 'root',
group => $apache::params::root_group,
mode => $apache::file_mode,
content => template('apache/mod/load.erb'),
require => [
Package['httpd'],
Exec["mkdir ${mod_dir}"],
],
before => File[$mod_dir],
notify => Class['apache::service'],
}
if $::osfamily == 'Debian' {
$enable_dir = $apache::mod_enable_dir
file { "${_loadfile_name} symlink":
ensure => link,
path => "${enable_dir}/${_loadfile_name}",
target => "${mod_dir}/${_loadfile_name}",
owner => 'root',
group => $apache::params::root_group,
mode => $apache::file_mode,
require => [
File[$_loadfile_name],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Class['apache::service'],
}
# Each module may have a .conf file as well, which should be
# defined in the class apache::mod::module
# Some modules do not require this file.
if defined(File["${mod}.conf"]) {
file { "${mod}.conf symlink":
ensure => link,
path => "${enable_dir}/${mod}.conf",
target => "${mod_dir}/${mod}.conf",
owner => 'root',
group => $apache::params::root_group,
mode => $apache::file_mode,
require => [
File["${mod}.conf"],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Class['apache::service'],
}
}
} elsif $::osfamily == 'Suse' {
$enable_dir = $apache::mod_enable_dir
file { "${_loadfile_name} symlink":
ensure => link,
path => "${enable_dir}/${_loadfile_name}",
target => "${mod_dir}/${_loadfile_name}",
owner => 'root',
group => $apache::params::root_group,
mode => $apache::file_mode,
require => [
File[$_loadfile_name],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Class['apache::service'],
}
# Each module may have a .conf file as well, which should be
# defined in the class apache::mod::module
# Some modules do not require this file.
if defined(File["${mod}.conf"]) {
file { "${mod}.conf symlink":
ensure => link,
path => "${enable_dir}/${mod}.conf",
target => "${mod_dir}/${mod}.conf",
owner => 'root',
group => $apache::params::root_group,
mode => $apache::file_mode,
require => [
File["${mod}.conf"],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Class['apache::service'],
}
}
}
Apache::Mod[$name] -> Anchor['::apache::modules_set_up']
}

8
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/actions.pp Normal file
View File

@@ -0,0 +1,8 @@
# @summary
# Installs Apache mod_actions
#
# @see https://httpd.apache.org/docs/current/mod/mod_actions.html for additional documentation.
#
class apache::mod::actions {
apache::mod { 'actions': }
}

46
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/alias.pp Normal file
View File

@@ -0,0 +1,46 @@
# @summary
# Installs and configures `mod_alias`.
#
# @param apache_version
# The version of Apache, if not set will be retrieved from the init class.
#
# @param icons_options
# Disables directory listings for the icons directory, via Apache [Options](https://httpd.apache.org/docs/current/mod/core.html#options)
# directive.
#
# @param icons_path
# Sets the local path for an /icons/ Alias. Default depends on operating system:
# - Debian: /usr/share/apache2/icons
# - FreeBSD: /usr/local/www/apache24/icons
# - Gentoo: /var/www/icons
# - Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons
#
# @param icons_path
# Change the alias for /icons/.
#
# @see https://httpd.apache.org/docs/current/mod/mod_alias.html for additional documentation.
#
class apache::mod::alias (
$apache_version = undef,
$icons_options = 'Indexes MultiViews',
# set icons_path to false to disable the alias
$icons_path = $apache::params::alias_icons_path,
$icons_prefix = $apache::params::icons_prefix
) inherits ::apache::params {
include apache
$_apache_version = pick($apache_version, $apache::apache_version)
apache::mod { 'alias': }
# Template uses $icons_path, $_apache_version
if $icons_path {
file { 'alias.conf':
ensure => file,
path => "${apache::mod_dir}/alias.conf",
mode => $apache::file_mode,
content => template('apache/mod/alias.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
}

0
modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/apreq2.pp → modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/apreq2.pp
View File

8
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_basic.pp Normal file
View File

@@ -0,0 +1,8 @@
# @summary
# Installs `mod_auth_basic`
#
# @see https://httpd.apache.org/docs/current/mod/mod_auth_basic.html for additional documentation.
#
class apache::mod::auth_basic {
::apache::mod { 'auth_basic': }
}

136
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_cas.pp Normal file
View File

@@ -0,0 +1,136 @@
# @summary
# Installs and configures `mod_auth_cas`.
#
# @param cas_login_url
# Sets the URL to which the module redirects users when they attempt to access a
# CAS-protected resource and don't have an active session.
#
# @param cas_validate_url
# Sets the URL to use when validating a client-presented ticket in an HTTP query string.
#
# @param cas_cookie_path
# Sets the location where information on the current session should be stored. This should
# be writable by the web server only.
#
# @param cas_cookie_path_mode
# The mode of cas_cookie_path.
#
# @param cas_version
# The version of the CAS protocol to adhere to.
#
# @param cas_debug
# Whether to enable or disable debug mode.
#
# @param cas_validate_server
# Whether to validate the presented certificate. This has been deprecated and
# removed from Version 1.1-RC1 onward.
#
# @param cas_validatedepth
# The maximum depth for chained certificate validation.
#
# @param cas_proxy_validate_url
# The URL to use when performing a proxy validation.
#
# @param cas_root_proxied_as
# Sets the URL end users see when access to this Apache server is proxied per vhost.
# This URL should not include a trailing slash.
#
# @param cas_cookie_entropy
# When creating a local session, this many random bytes are used to create a unique
# session identifier.
#
# @param cas_timeout
# The hard limit, in seconds, for a mod_auth_cas session.
#
# @param cas_idle_timeout
# The limit, in seconds, of how long a mod_auth_cas session can be idle.
#
# @param cas_cache_clean_interval
# The minimum amount of time that must pass inbetween cache cleanings.
#
# @param cas_cookie_domain
# The value for the 'Domain=' parameter in the Set-Cookie header.
#
# @param cas_cookie_http_only
# Setting this flag prevents the mod_auth_cas cookies from being accessed by
# client side Javascript.
#
# @param cas_authoritative
# Determines whether an optional authorization directive is authoritative and thus binding.
#
# @param cas_validate_saml
# Parse response from CAS server for SAML.
#
# @param cas_sso_enabled
# Enables experimental support for single sign out (may mangle POST data).
#
# @param cas_attribute_prefix
# Adds a header with the value of this header being the attribute values when SAML
# validation is enabled.
#
# @param cas_attribute_delimiter
# Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
#
# @param cas_scrub_request_headers
# Remove inbound request headers that may have special meaning within mod_auth_cas.
#
# @param suppress_warning
# Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).
#
# @note The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
#
# @see https://github.com/apereo/mod_auth_cas for additional documentation.
#
class apache::mod::auth_cas (
String $cas_login_url,
String $cas_validate_url,
String $cas_cookie_path = $apache::params::cas_cookie_path,
$cas_cookie_path_mode = '0750',
$cas_version = 2,
$cas_debug = 'Off',
$cas_validate_server = undef,
$cas_validate_depth = undef,
$cas_certificate_path = undef,
$cas_proxy_validate_url = undef,
$cas_root_proxied_as = undef,
$cas_cookie_entropy = undef,
$cas_timeout = undef,
$cas_idle_timeout = undef,
$cas_cache_clean_interval = undef,
$cas_cookie_domain = undef,
$cas_cookie_http_only = undef,
$cas_authoritative = undef,
$cas_validate_saml = undef,
$cas_sso_enabled = undef,
$cas_attribute_prefix = undef,
$cas_attribute_delimiter = undef,
$cas_scrub_request_headers = undef,
$suppress_warning = false,
) inherits ::apache::params {
if $::osfamily == 'RedHat' and ! $suppress_warning {
warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.')
}
include apache
::apache::mod { 'auth_cas': }
file { $cas_cookie_path:
ensure => directory,
before => File['auth_cas.conf'],
mode => $cas_cookie_path_mode,
owner => $apache::user,
group => $apache::group,
}
# Template uses
# - All variables beginning with cas_
file { 'auth_cas.conf':
ensure => file,
path => "${apache::mod_dir}/auth_cas.conf",
mode => $apache::file_mode,
content => template('apache/mod/auth_cas.conf.erb'),
require => [Exec["mkdir ${apache::mod_dir}"],],
before => File[$apache::mod_dir],
notify => Class['Apache::Service'],
}
}

0
modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_gssapi.pp → modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_gssapi.pp
View File

9
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_kerb.pp Normal file
View File

@@ -0,0 +1,9 @@
# @summary
# Installs `mod_auth_kerb`
#
# @see http://modauthkerb.sourceforge.net for additional documentation.
class apache::mod::auth_kerb {
include apache
include apache::mod::authn_core
::apache::mod { 'auth_kerb': }
}

50
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_mellon.pp Normal file
View File

@@ -0,0 +1,50 @@
# @summary
# Installs and configures `mod_auth_mellon`.
#
# @param mellon_cache_size
# Maximum number of sessions which can be active at once.
#
# @param mellon_lock_file
# Full path to a file used for synchronizing access to the session data.
#
# @param mellon_post_directory
# Full path of a directory where POST requests are saved during authentication.
#
# @param mellon_cache_entry_size
# Maximum size for a single session entry in bytes.
#
# @param mellon_post_ttl
# Delay in seconds before a saved POST request can be flushed.
#
# @param mellon_post_size
# Maximum size for saved POST requests.
#
# @param mellon_post_count
# Maximum amount of saved POST requests.
#
# @see https://github.com/Uninett/mod_auth_mellon for additional documentation.
#
class apache::mod::auth_mellon (
$mellon_cache_size = $apache::params::mellon_cache_size,
$mellon_lock_file = $apache::params::mellon_lock_file,
$mellon_post_directory = $apache::params::mellon_post_directory,
$mellon_cache_entry_size = undef,
$mellon_post_ttl = undef,
$mellon_post_size = undef,
$mellon_post_count = undef
) inherits ::apache::params {
include apache
::apache::mod { 'auth_mellon': }
# Template uses
# - All variables beginning with mellon_
file { 'auth_mellon.conf':
ensure => file,
path => "${apache::mod_dir}/auth_mellon.conf",
mode => $apache::file_mode,
content => template('apache/mod/auth_mellon.conf.erb'),
require => [Exec["mkdir ${apache::mod_dir}"],],
before => File[$apache::mod_dir],
notify => Class['Apache::Service'],
}
}

0
modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_openidc.pp → modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_openidc.pp
View File

15
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_core.pp Normal file
View File

@@ -0,0 +1,15 @@
# @summary
# Installs `mod_authn_core`.
#
# @param apache_version
# The version of apache being run.
#
# @see https://httpd.apache.org/docs/current/mod/mod_authn_core.html for additional documentation.
#
class apache::mod::authn_core (
$apache_version = $apache::apache_version
) {
if versioncmp($apache_version, '2.4') >= 0 {
::apache::mod { 'authn_core': }
}
}

59
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_dbd.pp Normal file
View File

@@ -0,0 +1,59 @@
# @summary
# Installs `mod_authn_dbd`.
#
# @param authn_dbd_params
# The params needed for the mod to function.
#
# @param authn_dbd_dbdriver
# Selects an apr_dbd driver by name.
#
# @param authn_dbd_query
#
# @param authn_dbd_min
# Set the minimum number of connections per process.
#
# @param authn_dbd_max
# Set the maximum number of connections per process.
#
# @param authn_dbd_keep
# Set the maximum number of connections per process to be sustained.
#
# @param authn_dbd_exptime
# Set the time to keep idle connections alive when the number of
# connections specified in DBDKeep has been exceeded.
#
# @param authn_dbd_alias
# Sets an alias for `AuthnProvider.
#
# @see https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html for additional documentation.
#
class apache::mod::authn_dbd (
$authn_dbd_params,
$authn_dbd_dbdriver = 'mysql',
$authn_dbd_query = undef,
$authn_dbd_min = '4',
$authn_dbd_max = '20',
$authn_dbd_keep = '8',
$authn_dbd_exptime = '300',
$authn_dbd_alias = undef,
) inherits ::apache::params {
include apache
include apache::mod::dbd
::apache::mod { 'authn_dbd': }
if $authn_dbd_alias {
include apache::mod::authn_core
}
# Template uses
# - All variables beginning with authn_dbd
file { 'authn_dbd.conf':
ensure => file,
path => "${apache::mod_dir}/authn_dbd.conf",
mode => $apache::file_mode,
content => template('apache/mod/authn_dbd.conf.erb'),
require => [Exec["mkdir ${apache::mod_dir}"],],
before => File[$apache::mod_dir],
notify => Class['Apache::Service'],
}
}

8
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_file.pp Normal file
View File

@@ -0,0 +1,8 @@
# @summary
# Installs `mod_authn_file`.
#
# @see https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html for additional documentation.
#
class apache::mod::authn_file {
::apache::mod { 'authn_file': }
}

33
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authnz_ldap.pp Normal file
View File

@@ -0,0 +1,33 @@
# @summary
# Installs `mod_authnz_ldap`.
#
# @param verify_server_cert
# Whether to force te verification of a server cert or not.
#
# @param package_name
# The name of the ldap package.
#
# @see https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html for additional documentation.
# @note Unsupported platforms: RedHat: 6, 8; CentOS: 6, 8; OracleLinux: 6, 8; Ubuntu: all; Debian: all; SLES: all
class apache::mod::authnz_ldap (
Boolean $verify_server_cert = true,
$package_name = undef,
) {
include apache
include 'apache::mod::ldap'
::apache::mod { 'authnz_ldap':
package => $package_name,
}
# Template uses:
# - $verify_server_cert
file { 'authnz_ldap.conf':
ensure => file,
path => "${apache::mod_dir}/authnz_ldap.conf",
mode => $apache::file_mode,
content => template('apache/mod/authnz_ldap.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

9
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authnz_pam.pp Normal file
View File

@@ -0,0 +1,9 @@
# @summary
# Installs `mod_authnz_pam`.
#
# @see https://www.adelton.com/apache/mod_authnz_pam for additional documentation.
#
class apache::mod::authnz_pam {
include apache
::apache::mod { 'authnz_pam': }
}

17
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authz_default.pp Normal file
View File

@@ -0,0 +1,17 @@
# @summary
# Installs and configures `mod_authz_default`.
#
# @param apache_version
# Version of Apache to install module on.
#
# @see https://httpd.apache.org/docs/current/mod/mod_authz_default.html for additional documentation.
#
class apache::mod::authz_default (
$apache_version = $apache::apache_version
) {
if versioncmp($apache_version, '2.4') >= 0 {
warning('apache::mod::authz_default has been removed in Apache 2.4')
} else {
::apache::mod { 'authz_default': }
}
}

8
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authz_user.pp Normal file
View File

@@ -0,0 +1,8 @@
# @summary
# Installs `mod_authz_user`
#
# @see https://httpd.apache.org/docs/current/mod/mod_authz_user.html for additional documentation.
#
class apache::mod::authz_user {
::apache::mod { 'authz_user': }
}

31
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/autoindex.pp Normal file
View File

@@ -0,0 +1,31 @@
# @summary
# Installs `mod_autoindex`
#
# @see https://httpd.apache.org/docs/current/mod/mod_autoindex.html for additional documentation.
#
class apache::mod::autoindex (
$icons_prefix = $apache::params::icons_prefix
) inherits ::apache::params {
include apache
::apache::mod { 'autoindex': }
# Determine icon filename suffix for autoindex.conf.erb
case $::operatingsystem {
'Debian', 'Ubuntu': {
$icon_suffix = '-20x22'
}
default: {
$icon_suffix = ''
}
}
file { 'autoindex.conf':
ensure => file,
path => "${apache::mod_dir}/autoindex.conf",
mode => $apache::file_mode,
content => template('apache/mod/autoindex.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

8
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cache.pp Normal file
View File

@@ -0,0 +1,8 @@
# @summary
# Installs `mod_cache`
#
# @see https://httpd.apache.org/docs/current/mod/mod_cache.html for additional documentation.
#
class apache::mod::cache {
::apache::mod { 'cache': }
}

28
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cgi.pp Normal file
View File

@@ -0,0 +1,28 @@
# @summary
# Installs `mod_cgi`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_cgi.html for additional documentation.
#
class apache::mod::cgi {
include apache
case $::osfamily {
'FreeBSD': {}
default: {
if defined(Class['::apache::mod::itk']) {
Class['::apache::mod::itk'] -> Class['::apache::mod::cgi']
} elsif defined(Class['::apache::mod::peruser']) {
Class['::apache::mod::peruser'] -> Class['::apache::mod::cgi']
} else {
Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi']
}
}
}
if $::osfamily == 'Suse' {
::apache::mod { 'cgi':
lib_path => '/usr/lib64/apache2-prefork',
}
} else {
::apache::mod { 'cgi': }
}
}

47
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cgid.pp Normal file
View File

@@ -0,0 +1,47 @@
# @summary
# Installs `mod_cgid`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_cgid.html
#
class apache::mod::cgid {
include apache
case $::osfamily {
'FreeBSD': {}
default: {
if defined(Class['::apache::mod::event']) {
Class['::apache::mod::event'] -> Class['::apache::mod::cgid']
} else {
Class['::apache::mod::worker'] -> Class['::apache::mod::cgid']
}
}
}
# Debian specifies it's cgid sock path, but RedHat uses the default value
# with no config file
$cgisock_path = $::osfamily ? {
'debian' => "\${APACHE_RUN_DIR}/cgisock",
'freebsd' => 'cgisock',
default => undef,
}
if $::osfamily == 'Suse' {
::apache::mod { 'cgid':
lib_path => '/usr/lib64/apache2-worker',
}
} else {
::apache::mod { 'cgid': }
}
if $cgisock_path {
# Template uses $cgisock_path
file { 'cgid.conf':
ensure => file,
path => "${apache::mod_dir}/cgid.conf",
mode => $apache::file_mode,
content => template('apache/mod/cgid.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
}

87
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cluster.pp Normal file
View File

@@ -0,0 +1,87 @@
# @summary
# Installs `mod_cluster`.
#
# @param allowed_network
# Balanced members network.
#
# @param balancer_name
# Name of balancer.
#
# @param ip
# Specifies the IP address to listen to.
#
# @param version
# Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.
#
# @param enable_mcpm_receive
# Whether MCPM should be enabled.
#
# @param port
# mod_cluster listen port.
#
# @param keep_alive_timeout
# Specifies how long Apache should wait for a request, in seconds.
#
# @param manager_allowed_network
# Whether to allow the network to access the mod_cluster_manager.
#
# @param max_keep_alive_requests
# Maximum number of requests kept alive.
#
# @param server_advertise
# Whether the server should advertise.
#
# @param advertise_frequency
# Sets the interval between advertise messages in seconds.
#
# @example
# class { '::apache::mod::cluster':
# ip => '172.17.0.1',
# allowed_network => '172.17.0.',
# balancer_name => 'mycluster',
# version => '1.3.1'
# }
#
# @note
# There is no official package available for mod_cluster, so you must make it available outside of the apache module.
# Binaries can be found [here](https://modcluster.io/).
#
# @see https://modcluster.io/ for additional documentation.
#
class apache::mod::cluster (
$allowed_network,
$balancer_name,
$ip,
$version,
$enable_mcpm_receive = true,
$port = '6666',
$keep_alive_timeout = 60,
$manager_allowed_network = '127.0.0.1',
$max_keep_alive_requests = 0,
$server_advertise = true,
$advertise_frequency = undef,
) {
include apache
::apache::mod { 'proxy': }
::apache::mod { 'proxy_ajp': }
::apache::mod { 'manager': }
::apache::mod { 'proxy_cluster': }
::apache::mod { 'advertise': }
if (versioncmp($version, '1.3.0') >= 0 ) {
::apache::mod { 'cluster_slotmem': }
} else {
::apache::mod { 'slotmem': }
}
file { 'cluster.conf':
ensure => file,
path => "${apache::mod_dir}/cluster.conf",
mode => $apache::file_mode,
content => template('apache/mod/cluster.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

0
modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/data.pp → modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/data.pp
View File

8
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav.pp Normal file
View File

@@ -0,0 +1,8 @@
# @summary
# Installs `mod_dav`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_dav.html for additional documentation.
#
class apache::mod::dav {
::apache::mod { 'dav': }
}

27
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav_fs.pp Normal file
View File

@@ -0,0 +1,27 @@
# @summary
# Installs `mod_dav_fs`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_dav_fs.html for additional documentation.
#
class apache::mod::dav_fs {
include apache
$dav_lock = $::osfamily ? {
'debian' => "\${APACHE_LOCK_DIR}/DAVLock",
'freebsd' => '/usr/local/var/DavLock',
default => '/var/lib/dav/lockdb',
}
Class['::apache::mod::dav'] -> Class['::apache::mod::dav_fs']
::apache::mod { 'dav_fs': }
# Template uses: $dav_lock
file { 'dav_fs.conf':
ensure => file,
path => "${apache::mod_dir}/dav_fs.conf",
mode => $apache::file_mode,
content => template('apache/mod/dav_fs.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

32
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav_svn.pp Normal file
View File

@@ -0,0 +1,32 @@
# @summary
# Installs and configures `mod_dav_svn`.
#
# @param authz_svn_enabled
# Specifies whether to install Apache mod_authz_svn
#
# @see https://httpd.apache.org/docs/current/mod/mod_dav_svn.html for additional documentation.
#
class apache::mod::dav_svn (
$authz_svn_enabled = false,
) {
Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn']
include apache
include apache::mod::dav
if($::operatingsystem == 'SLES' and versioncmp($::operatingsystemmajrelease, '12') < 0) {
package { 'subversion-server':
ensure => 'installed',
provider => 'zypper',
}
}
::apache::mod { 'dav_svn': }
if $authz_svn_enabled {
::apache::mod { 'authz_svn':
# authz_svn depends on symbols from the dav_svn module,
# therefore, make sure authz_svn is loaded after dav_svn.
loadfile_name => 'dav_svn_authz_svn.load',
require => Apache::Mod['dav_svn'],
}
}
}

11
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dbd.pp Normal file
View File

@@ -0,0 +1,11 @@
# @summary
# Installs `mod_dbd`.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @see https://httpd.apache.org/docs/current/mod/mod_dbd.html for additional documentation.
#
class apache::mod::dbd {
::apache::mod { 'dbd': }
}

38
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/deflate.pp Normal file
View File

@@ -0,0 +1,38 @@
# @summary
# Installs and configures `mod_deflate`.
#
# @param types
# An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.
#
# @param notes
# A Hash where the key represents the type and the value represents the note name.
#
# @see https://httpd.apache.org/docs/current/mod/mod_deflate.html for additional documentation.
#
class apache::mod::deflate (
$types = [
'text/html text/plain text/xml',
'text/css',
'application/x-javascript application/javascript application/ecmascript',
'application/rss+xml',
'application/json',
],
$notes = {
'Input' => 'instream',
'Output' => 'outstream',
'Ratio' => 'ratio',
}
) {
include apache
::apache::mod { 'deflate': }
file { 'deflate.conf':
ensure => file,
path => "${apache::mod_dir}/deflate.conf",
mode => $apache::file_mode,
content => template('apache/mod/deflate.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

11
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dev.pp Normal file
View File

@@ -0,0 +1,11 @@
# @summary
# Installs `mod_dev`.
#
# @note
# This module is deprecated. Please use `apache::dev`.
#
class apache::mod::dev {
# Development packages are not apache modules
warning('apache::mod::dev is deprecated; please use apache::dev')
include apache::dev
}

34
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dir.pp Normal file
View File

@@ -0,0 +1,34 @@
# @summary
# Installs and configures `mod_dir`.
#
# @param types
# Specifies the text-based content types to compress.
#
# @param indexes
# Provides a string for the DirectoryIndex directive
#
# @todo
# This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare
# DirectoryIndex statements in a vhost configuration
#
# @see https://httpd.apache.org/docs/current/mod/mod_dir.html for additional documentation.
#
class apache::mod::dir (
$dir = 'public_html',
Array[String] $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'],
) {
include apache
::apache::mod { 'dir': }
# Template uses
# - $indexes
file { 'dir.conf':
ensure => file,
path => "${apache::mod_dir}/dir.conf",
mode => $apache::file_mode,
content => template('apache/mod/dir.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

68
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/disk_cache.pp Normal file
View File

@@ -0,0 +1,68 @@
# @summary
# Installs and configures `mod_disk_cache`.
#
# @param cache_root
# Defines the name of the directory on the disk to contain cache files.
# Default depends on the Apache version and operating system:
# - Debian: /var/cache/apache2/mod_cache_disk
# - FreeBSD: /var/cache/mod_cache_disk
# - Red Hat, Apache 2.4: /var/cache/httpd/proxy
# - Red Hat, Apache 2.2: /var/cache/mod_proxy
#
# @param cache_ignore_headers
# Specifies HTTP header(s) that should not be stored in the cache.
#
# @param default_cache_enable
# Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache
# every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed.
# You can then control this behaviour in individual vhosts by explicitly defining CacheEnable.
#
# @note
# Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed.
#
# @see https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation.
#
class apache::mod::disk_cache (
$cache_root = undef,
$cache_ignore_headers = undef,
Boolean $default_cache_enable = true,
) {
include apache
if $cache_root {
$_cache_root = $cache_root
}
elsif versioncmp($apache::apache_version, '2.4') >= 0 {
$_cache_root = $::osfamily ? {
'debian' => '/var/cache/apache2/mod_cache_disk',
'redhat' => '/var/cache/httpd/proxy',
'freebsd' => '/var/cache/mod_cache_disk',
}
}
else {
$_cache_root = $::osfamily ? {
'debian' => '/var/cache/apache2/mod_disk_cache',
'redhat' => '/var/cache/mod_proxy',
'freebsd' => '/var/cache/mod_disk_cache',
}
}
if versioncmp($apache::apache_version, '2.4') >= 0 {
apache::mod { 'cache_disk': }
}
else {
apache::mod { 'disk_cache': }
}
Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache']
# Template uses $_cache_root
file { 'disk_cache.conf':
ensure => file,
path => "${apache::mod_dir}/disk_cache.conf",
mode => $apache::file_mode,
content => template('apache/mod/disk_cache.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

38
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dumpio.pp Normal file
View File

@@ -0,0 +1,38 @@
# @summary
# Installs and configures `mod_dumpio`.
#
# @param dump_io_input
# Dump all input data to the error log
#
# @param dump_io_output
# Dump all output data to the error log
#
# @example
# class{'apache':
# default_mods => false,
# log_level => 'dumpio:trace7',
# }
# class{'apache::mod::dumpio':
# dump_io_input => 'On',
# dump_io_output => 'Off',
# }
#
# @see https://httpd.apache.org/docs/current/mod/mod_dumpio.html for additional documentation.
#
class apache::mod::dumpio (
Enum['Off', 'On', 'off', 'on'] $dump_io_input = 'Off',
Enum['Off', 'On', 'off', 'on'] $dump_io_output = 'Off',
) {
include apache
::apache::mod { 'dumpio': }
file { 'dumpio.conf':
ensure => file,
path => "${apache::mod_dir}/dumpio.conf",
mode => $apache::file_mode,
content => template('apache/mod/dumpio.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

8
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/env.pp Normal file
View File

@@ -0,0 +1,8 @@
# @summary
# Installs `mod_env`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_env.html for additional documentation.
#
class apache::mod::env {
::apache::mod { 'env': }
}

124
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/event.pp Normal file
View File

@@ -0,0 +1,124 @@
# @summary
# Installs and configures `mod_event`.
#
# @param startservers
# Sets the number of child server processes created at startup, via the module's `StartServers` directive. Setting this to `false`
# removes the parameter.
#
# @param maxclients
# Apache 2.3.12 or older alias for the `MaxRequestWorkers` directive.
#
# @param maxrequestworkers
# Sets the maximum number of connections Apache can simultaneously process, via the module's `MaxRequestWorkers` directive. Setting
# these to `false` removes the parameters.
#
# @param minsparethreads
# Sets the minimum number of idle threads, via the `MinSpareThreads` directive. Setting this to `false` removes the parameters.
#
# @param maxsparethreads
# Sets the maximum number of idle threads, via the `MaxSpareThreads` directive. Setting this to `false` removes the parameters.
#
# @param threadsperchild
# Number of threads created by each child process.
#
# @param maxrequestsperchild
# Apache 2.3.8 or older alias for the `MaxConnectionsPerChild` directive.
#
# @param maxconnectionsperchild
# Limit on the number of connections that an individual child server will handle during its life.
#
# @param serverlimit
# Limits the configurable number of processes via the `ServerLimit` directive. Setting this to `false` removes the parameter.
#
# @param apache_version
# Version of Apache to install module on.
#
# @param threadlimit
# Limits the number of event threads via the module's `ThreadLimit` directive. Setting this to `false` removes the parameter.
#
# @param listenbacklog
# Sets the maximum length of the pending connections queue via the module's `ListenBackLog` directive. Setting this to `false` removes
# the parameter.
#
# @note
# You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or
# apache::mod::worker on the same server.
#
# @see https://httpd.apache.org/docs/current/mod/event.html for additional documentation.
# @note Unsupported platforms: SLES: all
class apache::mod::event (
$startservers = '2',
$maxclients = '150',
$maxrequestworkers = undef,
$minsparethreads = '25',
$maxsparethreads = '75',
$threadsperchild = '25',
$maxrequestsperchild = '0',
$maxconnectionsperchild = undef,
$serverlimit = '25',
$apache_version = undef,
$threadlimit = '64',
$listenbacklog = '511',
) {
include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if defined(Class['apache::mod::itk']) {
fail('May not include both apache::mod::event and apache::mod::itk on the same node')
}
if defined(Class['apache::mod::peruser']) {
fail('May not include both apache::mod::event and apache::mod::peruser on the same node')
}
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::event and apache::mod::prefork on the same node')
}
if defined(Class['apache::mod::worker']) {
fail('May not include both apache::mod::event and apache::mod::worker on the same node')
}
File {
owner => 'root',
group => $apache::params::root_group,
mode => $apache::file_mode,
}
# Template uses:
# - $startservers
# - $maxclients
# - $minsparethreads
# - $maxsparethreads
# - $threadsperchild
# - $maxrequestsperchild
# - $serverlimit
file { "${apache::mod_dir}/event.conf":
ensure => file,
mode => $apache::file_mode,
content => template('apache/mod/event.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
case $::osfamily {
'redhat': {
if versioncmp($_apache_version, '2.4') >= 0 {
apache::mpm { 'event':
apache_version => $_apache_version,
}
}
}
'debian','freebsd' : {
apache::mpm { 'event':
apache_version => $_apache_version,
}
}
'gentoo': {
::portage::makeconf { 'apache2_mpms':
content => 'event',
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}

38
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/expires.pp Normal file
View File

@@ -0,0 +1,38 @@
# @summary
# Installs and configures `mod_expires`.
#
# @param expires_active
# Enables generation of Expires headers.
#
# @param expires_default
# Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.
#
# @param expires_by_type
# Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration
# times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its
# value following valid interval syntax.
#
# @see https://httpd.apache.org/docs/current/mod/mod_expires.html for additional documentation.
#
class apache::mod::expires (
$expires_active = true,
$expires_default = undef,
$expires_by_type = undef,
) {
include apache
::apache::mod { 'expires': }
# Template uses
# $expires_active
# $expires_default
# $expires_by_type
file { 'expires.conf':
ensure => file,
path => "${apache::mod_dir}/expires.conf",
mode => $apache::file_mode,
content => template('apache/mod/expires.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

38
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ext_filter.pp Normal file
View File

@@ -0,0 +1,38 @@
# @summary
# Installs and configures `mod_ext_filter`.
#
# @param ext_filter_define
# Hash of filter names and their parameters.
#
# @example
# class { 'apache::mod::ext_filter':
# ext_filter_define => {
# 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength',
# 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
# },
# }
#
# @see https://httpd.apache.org/docs/current/mod/mod_ext_filter.html for additional documentation.
#
class apache::mod::ext_filter (
Optional[Hash] $ext_filter_define = undef
) {
include apache
::apache::mod { 'ext_filter': }
# Template uses
# -$ext_filter_define
if $ext_filter_define {
file { 'ext_filter.conf':
ensure => file,
path => "${apache::mod_dir}/ext_filter.conf",
mode => $apache::file_mode,
content => template('apache/mod/ext_filter.conf.erb'),
require => [Exec["mkdir ${apache::mod_dir}"],],
before => File[$apache::mod_dir],
notify => Class['Apache::Service'],
}
}
}

35
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/fastcgi.pp Normal file
View File

@@ -0,0 +1,35 @@
# @summary
# Installs `mod_fastcgi`.
#
# @see https://github.com/FastCGI-Archives/mod_fastcgi for additional documentation.
#
class apache::mod::fastcgi {
include apache
if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemmajrelease, '7') >= 0) {
fail('mod_fastcgi is no longer supported on el7 and above.')
}
if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') >= 0) {
fail('mod_fastcgi is no longer supported on Ubuntu 18.04 and above. Please use mod_proxy_fcgi')
}
# Debian specifies it's fastcgi lib path, but RedHat uses the default value
# with no config file
$fastcgi_lib_path = $apache::params::fastcgi_lib_path
::apache::mod { 'fastcgi': }
if $fastcgi_lib_path {
# Template uses:
# - $fastcgi_server
# - $fastcgi_socket
# - $fastcgi_dir
file { 'fastcgi.conf':
ensure => file,
path => "${apache::mod_dir}/fastcgi.conf",
mode => $apache::file_mode,
content => template('apache/mod/fastcgi.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
}

65
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/fcgid.pp Normal file
View File

@@ -0,0 +1,65 @@
# @summary
# Installs and configures `mod_fcgid`.
#
# @param expires_active
# Enables generation of Expires headers.
#
# @param expires_default
# Default algorithm for calculating expiration time.
#
# @param expires_by_type
# Value of the Expires header configured by MIME type.
#
# @example The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash.
# class { 'apache::mod::fcgid':
# options => {
# 'FcgidIPCDir' => '/var/run/fcgidsock',
# 'SharememPath' => '/var/run/fcgid_shm',
# 'AddHandler' => 'fcgid-script .fcgi',
# },
# }
#
# @example If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be
# loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost.
# include apache::mod::fcgid
#
# apache::vhost { 'example.org':
# docroot => '/var/www/html',
# directories => {
# path => '/var/www/html',
# fcgiwrapper => {
# command => '/usr/local/bin/fcgiwrapper',
# }
# },
# }
#
# @see https://httpd.apache.org/docs/current/mod/mod_fcgid.html for additional documentation.
#
class apache::mod::fcgid (
$options = {},
) {
include apache
if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') or $::osfamily == 'FreeBSD' {
$loadfile_name = 'unixd_fcgid.load'
$conf_name = 'unixd_fcgid.conf'
} else {
$loadfile_name = undef
$conf_name = 'fcgid.conf'
}
::apache::mod { 'fcgid':
loadfile_name => $loadfile_name,
}
# Template uses:
# - $options
file { $conf_name:
ensure => file,
path => "${apache::mod_dir}/${conf_name}",
mode => $apache::file_mode,
content => template('apache/mod/fcgid.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

8
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/filter.pp Normal file
View File

@@ -0,0 +1,8 @@
# @summary
# Installs `mod_filter`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_filter.html for additional documentation.
#
class apache::mod::filter {
::apache::mod { 'filter': }
}

61
modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/geoip.pp Normal file
View File

@@ -0,0 +1,61 @@
# @summary
# Installs and configures `mod_geoip`.
#
# @param enable
# Toggles whether to enable geoip.
#
# @param db_file
# Path to database for GeoIP to use.
#
# @param flag
# Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.
#
# @param output
# Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.
#
# @param enable_utf8
# Changes the output from ISO88591 (Latin1) to UTF8.
#
# @param scan_proxy_headers
# Enables the GeoIPScanProxyHeaders option.
#
# @param scan_proxy_headers_field
# Specifies the header mod_geoip uses to determine the client's IP address.
#
# @param use_last_xforwarededfor_ip
# Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.
#
# @see https://dev.maxmind.com/geoip/legacy/mod_geoip2 for additional documentation.
#
class apache::mod::geoip (
$enable = false,
$db_file = '/usr/share/GeoIP/GeoIP.dat',
$flag = 'Standard',
$output = 'All',
$enable_utf8 = undef,
$scan_proxy_headers = undef,
$scan_proxy_header_field = undef,
$use_last_xforwarededfor_ip = undef,
) {
include apache
::apache::mod { 'geoip': }
# Template uses:
# - enable
# - db_file
# - flag
# - output
# - enable_utf8
# - scan_proxy_headers
# - scan_proxy_header_field
# - use_last_xforwarededfor_ip
file { 'geoip.conf':
ensure => file,
path => "${apache::mod_dir}/geoip.conf",
mode => $apache::file_mode,
content => template('apache/mod/geoip.conf.erb'),
require => Exec["mkdir ${apache::mod_dir}"],
before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}

Some files were not shown because too many files have changed in this diff Show More