-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprovision_modsecurity1.yml
63 lines (63 loc) · 2.64 KB
/
provision_modsecurity1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
---
- hosts: all
sudo: true
tasks:
- name: Install binaries
yum: name={{ item }} state=latest
with_items:
- vim
- git
- httpd
- mod_security
- mlogc
- name: Copy apache configuration file
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
- name: Copy modsecurity configuration file
copy: src=mod_security1.conf dest=/etc/httpd/conf.d/mod_security.conf
- name: Copy mlogc configuration file
copy: src=mlogc1.conf dest=/etc/mlogc.conf
- name: Copy virtual hosts configuration
copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
with_items:
- site1.conf
- site2.conf
- name: Create DocumentRoot for virtual hosts
file: path=/var/www/{{ item }} state=directory
with_items:
- site1
- site2
- name: Create index.html for sites
copy: content="This is {{ item }}" dest=/var/www/{{ item }}/index.html
with_items:
- site1
- site2
- name: Clone modsecurity OWASP core rules repository
git: repo=https://github.com/SpiderLabs/owasp-modsecurity-crs.git dest=/etc/httpd/owasp-modsecurity-crs update=no
- name: Configure OWASP core rules (configuration file)
file: src=/etc/httpd/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example dest=/etc/httpd/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf state=link
- name: Configure OWASP core rules (base rules)
file: src=/etc/httpd/owasp-modsecurity-crs/base_rules/{{ item }} dest=/etc/httpd/owasp-modsecurity-crs/activated_rules/{{ item }} state=link
with_items:
- modsecurity_35_bad_robots.data
- modsecurity_35_scanners.data
- modsecurity_40_generic_attacks.data
- modsecurity_50_outbound.data
- modsecurity_50_outbound_malware.data
- modsecurity_crs_20_protocol_violations.conf
- modsecurity_crs_21_protocol_anomalies.conf
- modsecurity_crs_23_request_limits.conf
- modsecurity_crs_30_http_policy.conf
- modsecurity_crs_35_bad_robots.conf
- modsecurity_crs_40_generic_attacks.conf
- modsecurity_crs_41_sql_injection_attacks.conf
- modsecurity_crs_41_xss_attacks.conf
- modsecurity_crs_42_tight_security.conf
- modsecurity_crs_45_trojans.conf
- modsecurity_crs_47_common_exceptions.conf
- modsecurity_crs_48_local_exceptions.conf.example
- modsecurity_crs_49_inbound_blocking.conf
- modsecurity_crs_50_outbound.conf
- modsecurity_crs_59_outbound_blocking.conf
- modsecurity_crs_60_correlation.conf
- name: Start Apache
service: name=httpd state=started