2016-05-11 03:48:26 +02:00
|
|
|
{% from "apache/map.jinja" import apache with context %}
|
|
|
|
|
|
|
|
include:
|
|
|
|
- apache
|
|
|
|
|
|
|
|
mod-security:
|
|
|
|
pkg.installed:
|
|
|
|
- name: {{ apache.mod_security.package }}
|
|
|
|
- order: 180
|
|
|
|
- require:
|
|
|
|
- pkg: apache
|
2018-11-09 00:25:52 +01:00
|
|
|
- watch_in:
|
|
|
|
- module: apache-restart
|
|
|
|
- require_in:
|
|
|
|
- module: apache-restart
|
|
|
|
- module: apache-reload
|
|
|
|
- service: apache
|
2016-05-11 03:48:26 +02:00
|
|
|
|
|
|
|
{% if apache.mod_security.crs_install %}
|
|
|
|
mod-security-crs:
|
|
|
|
pkg.installed:
|
|
|
|
- name: {{ apache.mod_security.crs_package }}
|
|
|
|
- order: 180
|
|
|
|
- require:
|
|
|
|
- pkg: mod-security
|
2018-11-09 00:25:52 +01:00
|
|
|
- watch_in:
|
|
|
|
- module: apache-restart
|
|
|
|
- require_in:
|
|
|
|
- module: apache-restart
|
|
|
|
- module: apache-reload
|
|
|
|
- service: apache
|
2016-05-11 03:48:26 +02:00
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
{% if apache.mod_security.manage_config %}
|
|
|
|
mod-security-main-config:
|
|
|
|
file.managed:
|
|
|
|
- name: {{ apache.mod_security.config_file }}
|
|
|
|
- order: 220
|
|
|
|
- template: jinja
|
|
|
|
- source:
|
|
|
|
- {{ 'salt://apache/files/' ~ salt['grains.get']('os_family') ~ '/modsecurity.conf.jinja' }}
|
|
|
|
- context: {{ apache.mod_security }}
|
|
|
|
- require:
|
|
|
|
- pkg: mod-security
|
|
|
|
- watch_in:
|
|
|
|
- module: apache-reload
|
2018-11-09 00:25:52 +01:00
|
|
|
- require_in:
|
|
|
|
- module: apache-restart
|
|
|
|
- module: apache-reload
|
|
|
|
- service: apache
|
2016-05-11 03:48:26 +02:00
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
{% if grains['os_family']=="Debian" %}
|
|
|
|
a2enmod security2:
|
|
|
|
cmd.run:
|
|
|
|
- unless: ls /etc/apache2/mods-enabled/security2.load && ls /etc/apache2/mods-enabled/security2.conf
|
|
|
|
- order: 225
|
|
|
|
- require:
|
|
|
|
- pkg: mod-security
|
|
|
|
- watch_in:
|
|
|
|
- module: apache-restart
|
2018-11-09 00:25:52 +01:00
|
|
|
- require_in:
|
|
|
|
- module: apache-restart
|
|
|
|
- module: apache-reload
|
|
|
|
- service: apache
|
2016-05-11 03:48:26 +02:00
|
|
|
{% endif %}
|