diff --git a/apache/manifests/debian.pp b/apache/manifests/debian.pp
index 41e6181..c05721e 100644
--- a/apache/manifests/debian.pp
+++ b/apache/manifests/debian.pp
@@ -180,7 +180,8 @@ class apache::debian::sslserver inherits apache::debian::common {
 }
 
 
-define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) {
+define apache::debian::sslsite($first, $ipaddr, $root,
+                               $ssl_cert, $ssl_key, $ssl_chain) {
 
     if $name == "default" {
         $site_fqdn = $homename
@@ -253,8 +254,13 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
         }
     }
 
-    $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"
-    $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d"
+    if $first == true {
+        $site_conf = "/etc/apache2/sites-enabled/00-${site_fqdn}-ssl.conf"
+        $site_confdir = "/etc/apache2/sites-enabled/00-${site_fqdn}-ssl.d"
+    } else {
+        $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"
+        $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d"
+    }
 
     file { $site_conf:
         ensure  => present,
diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp
index d525281..f9ab638 100644
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@@ -255,6 +255,9 @@ class apache::sslserver::listen {
 #
 #   $name:
 #       FQDN of virtual host.
+#   $first:
+#       Bool for whether this is the first (default) vhost
+#       when using NameVirtualHost. Defaults to false.
 #   $ipaddr:
 #       IP address of virtual host. Defaults to _default_.
 #   $root:
@@ -274,7 +277,7 @@ class apache::sslserver::listen {
 #     ssl_key  => "puppet:///path/to/www.example.com.key",
 # }
 #
-define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
+define apache::sslsite($first=false, $ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
 
     include apache::sslserver::listen
 
@@ -282,6 +285,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
         "debian","ubuntu": {
             $apache_ssldir = "/etc/ssl"
             apache::debian::sslsite { $name:
+                first     => $first,
                 ipaddr    => $ipaddr,
                 root      => $root,
                 ssl_cert  => $ssl_cert,
@@ -293,6 +297,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
         "centos","redhat","fedora": {
             $apache_ssldir = "/etc/pki/tls"
             apache::redhat::sslsite { $name:
+                first     => $first,
                 ipaddr    => $ipaddr,
                 root      => $root,
                 ssl_cert  => $ssl_cert,
diff --git a/apache/manifests/redhat.pp b/apache/manifests/redhat.pp
index eba1b58..023efe5 100644
--- a/apache/manifests/redhat.pp
+++ b/apache/manifests/redhat.pp
@@ -219,7 +219,8 @@ class apache::redhat::sslserver {
 }
 
 
-define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) {
+define apache::redhat::sslsite($first, $ipaddr, $root,
+                               $ssl_cert, $ssl_key, $ssl_chain) {
 
     if $name == "default" {
         $site_fqdn = $homename
@@ -293,8 +294,13 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
         }
     }
 
-    $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
-    $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
+    if $first == true {
+        $site_conf = "/etc/httpd/site.https.d/00-${site_fqdn}.conf"
+        $site_confdir = "/etc/httpd/site.https.d/00-${site_fqdn}.d"
+    } else {
+        $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
+        $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
+    }
 
     file { $site_conf:
         ensure  => present,
diff --git a/selinux/files/restorecond.conf b/selinux/files/restorecond.conf
new file mode 100644
index 0000000..58b723a
--- /dev/null
+++ b/selinux/files/restorecond.conf
@@ -0,0 +1,8 @@
+/etc/services
+/etc/resolv.conf
+/etc/samba/secrets.tdb
+/etc/mtab
+/var/run/utmp
+/var/log/wtmp
+/root/*
+/root/.ssh/*
diff --git a/selinux/manifests/init.pp b/selinux/manifests/init.pp
index 76e57f2..13cd8e1 100644
--- a/selinux/manifests/init.pp
+++ b/selinux/manifests/init.pp
@@ -92,6 +92,34 @@ class selinux::tools {
 }
 
 
+# Enable restorecond service.
+#
+class selinux::restorecond {
+
+    if $::selinux == "true" {
+        file { "/etc/selinux/restorecond.conf":
+            ensure  => present,
+            mode    => "0644",
+            owner   => "root",
+            group   => "root",
+            seltype => "selinux_config_t",
+            source  => [
+                "puppet:///files/selinux/restorecond.conf.${homename}",
+                "puppet:///files/selinux/restorecond.conf",
+                "puppet:///modules/selinux/restorecond.conf",
+            ],
+            notify  => Service["restorecond"],
+        }
+
+        service { "restorecond":
+            ensure => running,
+            enable => true,
+        }
+    }
+
+}
+
+
 # Set SELinux boolean value
 #
 # === Parameters