Skip to content

Commit f77fdf2

Browse files
ehaselwanterehaselwanter
committed
use a loop to create config
TelekomLabs-DCO-1.1-Signed-off-by: Edmund Haselwanter <[email protected]> (github: ehaselwanter)
1 parent 6cd2e54 commit f77fdf2

File tree

2 files changed

+13
-46
lines changed

2 files changed

+13
-46
lines changed

Diff for: attributes/hardening.rb

+6-9
Original file line numberDiff line numberDiff line change
@@ -26,28 +26,25 @@
2626
default['mysql']['security']['chroot'] = nil
2727

2828
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_safe-user-create
29-
default['mysql']['security']['safe_user_create'] = 1
29+
default['mysql']['security']['safe-user-create'] = 1
3030

3131
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-auth
32-
default['mysql']['security']['secure_auth'] = 1
32+
default['mysql']['security']['secure-auth'] = 1
3333

3434
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_symbolic-links
35-
default['mysql']['security']['skip_symbolic_links'] = 1
36-
37-
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-file-priv
38-
default['mysql']['security']['secure_file_priv'] = nil
35+
default['mysql']['security']['skip-symbolic-links'] = 1
3936

4037
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-show-database
41-
default['mysql']['security']['skip_show_database'] = 1
38+
default['mysql']['security']['skip-show-database'] = true
4239

4340
# @see http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_local_infile
44-
default['mysql']['security']['local_infile'] = 0
41+
default['mysql']['security']['local-infile'] = 0
4542

4643
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_allow-suspicious-udfs
4744
default['mysql']['security']['allow-suspicious-udfs'] = 0
4845

4946
# @see https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_automatic_sp_privileges
50-
default['mysql']['security']['automatic_sp_privileges'] = 0
47+
default['mysql']['security']['automatic-sp-privileges'] = 0
5148

5249
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-file-priv
5350
default['mysql']['security']['secure-file-priv'] = '/tmp'

Diff for: templates/default/hardening.cnf.erb

+7-37
Original file line numberDiff line numberDiff line change
@@ -1,39 +1,9 @@
1-
<% if node['mysql']['security']['chroot'] -%>
2-
chroot = <%= node['mysql']['security']['chroot'] %>
3-
<% end %>
4-
5-
<% if node['mysql']['security']['safe_user_create'] -%>
6-
safe-user-create = <%= node['mysql']['security']['safe_user_create'] %>
7-
<% end %>
8-
9-
<% if node['mysql']['security']['secure_auth'] -%>
10-
secure-auth = <%= node['mysql']['security']['secure_auth'] %>
11-
<% end %>
12-
13-
<% if node['mysql']['security']['skip_symbolic_links'] -%>
14-
skip-symbolic-links = <%= node['mysql']['security']['skip_symbolic_links'] %>
15-
<% end %>
16-
17-
<% if node['mysql']['security']['secure_file_priv'] -%>
18-
secure-file-priv = <%= node['mysql']['security']['secure_file_priv'] %>
19-
<% end %>
20-
21-
<% if node['mysql']['security']['local_infile'] -%>
22-
local-infile = <%= node['mysql']['security']['local_infile'] %>
23-
<% end %>
24-
25-
<% if node['mysql']['security']['skip_show_database'] -%>
26-
skip-show-database
27-
<% end %>
28-
29-
<% if node['mysql']['security']['allow-suspicious-udfs'] -%>
30-
allow-suspicious-udfs = <%= node['mysql']['security']['allow-suspicious-udfs'] %>
31-
<% end %>
1+
[mysqld]
322

33-
<% if node['mysql']['security']['automatic_sp_privileges'] -%>
34-
automatic_sp_privileges = <%= node['mysql']['security']['automatic_sp_privileges'] %>
3+
<% node['mysql']['security'].each do |sec_setting, value| -%>
4+
<% if value && (!!value == value) # We do have a value and it is a boolean -%>
5+
<%= sec_setting if value %>
6+
<% else -%>
7+
<%= "#{sec_setting} = #{value}" if value %>
8+
<% end %>
359
<% end %>
36-
37-
<% if node['mysql']['security']['secure-file-priv'] -%>
38-
secure-file-priv = <%= node['mysql']['security']['secure-file-priv'] %>
39-
<% end %>

0 commit comments

Comments
 (0)