mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-09-16 07:08:21 +00:00
Apply some hardening to xCAT configuration
This commit is contained in:
Jarrod Johnson
@@ -87,6 +87,7 @@ tar zxf %{SOURCE2}
|
||||
tar zxf %{SOURCE4}
|
||||
tar zxf %{SOURCE6}
|
||||
tar zxf %{SOURCE8}
|
||||
rm -f postscripts/sudoers
|
||||
%else
|
||||
rm -rf postscripts
|
||||
cp %{SOURCE2} /opt/freeware/src/packages/BUILD
|
||||
|
||||
@@ -8,21 +8,37 @@ AliasMatch ^/install/(.*)$ "/install/$1"
|
||||
AliasMatch ^/tftpboot/(.*)$ "/tftpboot/$1"
|
||||
|
||||
<Directory "/tftpboot">
|
||||
Options Indexes +FollowSymLinks +Includes MultiViews
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
AllowMethods GET
|
||||
Options -Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
<Directory "/install">
|
||||
Options Indexes +FollowSymLinks +Includes MultiViews
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options -Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
|
||||
Alias /xcat-doc "/opt/xcat/share/doc"
|
||||
<Directory "/opt/xcat/share/doc">
|
||||
Options Indexes
|
||||
Options -Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
|
||||
@@ -8,19 +8,35 @@ AliasMatch ^/install/(.*)$ "/install/$1"
|
||||
AliasMatch ^/tftpboot/(.*)$ "/tftpboot/$1"
|
||||
|
||||
<Directory "/tftpboot">
|
||||
Options Indexes FollowSymLinks Includes MultiViews
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
Options Indexes FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
<Directory "/install">
|
||||
Options Indexes FollowSymLinks Includes MultiViews
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
Options Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
|
||||
Alias /xcat-doc "/opt/xcat/share/doc"
|
||||
<Directory "/opt/xcat/share/doc">
|
||||
Options Indexes
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
Options Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
|
||||
@@ -8,22 +8,37 @@ AliasMatch ^/install/(.*)$ "/install/$1"
|
||||
AliasMatch ^/tftpboot/(.*)$ "/tftpboot/$1"
|
||||
|
||||
<Directory "/tftpboot">
|
||||
Options Indexes +FollowSymLinks +Includes MultiViews
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options -Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
<Directory "/install">
|
||||
Options Indexes +FollowSymLinks +Includes MultiViews
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options -Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
|
||||
Alias /xcat-doc "/opt/xcat/share/doc"
|
||||
<Directory "/opt/xcat/share/doc">
|
||||
Options Indexes
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options -Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
|
||||
@@ -8,20 +8,35 @@ AliasMatch ^/install/(.*)$ "/install/$1"
|
||||
AliasMatch ^/tftpboot/(.*)$ "/tftpboot/$1"
|
||||
|
||||
<Directory "/tftpboot">
|
||||
Options Indexes FollowSymLinks Includes MultiViews
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
Options -Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
<Directory "/install">
|
||||
Options Indexes FollowSymLinks Includes MultiViews
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
Options -Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
|
||||
Alias /xcat-doc "/opt/xcat/share/doc"
|
||||
<Directory "/opt/xcat/share/doc">
|
||||
Options Indexes
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
Options -Indexes +FollowSymLinks
|
||||
Header always append X-Frame-Options SAMEORIGIN
|
||||
Header always append X-XSS-Protection "1; mode=block"
|
||||
Header always append X-Content-Type-Options nosniff
|
||||
Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
|
||||
Header always append X-Permitted-Cross-Domain-Policies none
|
||||
</Directory>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user