-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.web.env
More file actions
32 lines (26 loc) · 1.43 KB
/
config.web.env
File metadata and controls
32 lines (26 loc) · 1.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/env bash
# config.web.env — linux-security web-server configuration
#
# Loaded in addition to config.env by web-layer scripts (scripts/web/).
# Copy this file to the repo root alongside config.env and fill in your values.
# If this file is absent, all web scripts fall back to safe per-variable defaults.
#
# You can also export WEB_CONFIG_FILE=/path/to/your/config.web.env to override.
# =============================================================================
# Apache (web/01-apache-hardening.sh)
# =============================================================================
# CSP frame-ancestors — controls which domains may embed your pages in iframes.
# "'none'" — block all embedding
# "'self'" — same-origin only
# "'self' yourdomain.com www.yourdomain.com" — same-origin + listed domains
CSP_FRAME_ANCESTORS="'self'"
# =============================================================================
# TLS certificate monitoring (web/03-cert-monitor-setup.sh)
# =============================================================================
# Days before cert expiry to trigger a warning email.
CERT_WARN_DAYS=30
# =============================================================================
# Web roots (web/06-vhost-hardener.sh, audit/web-root-perms.sh)
# =============================================================================
# Directory that contains your virtual host document roots.
# WEB_ROOTS_DIR="/var/www"