apache-formula/apache/config/modules/mod_security/rules.sls

{%- set apache = pillar.get('apache', {}) %}
{%- set mod_security = apache.get('mod_security', {}) %}
{%- if mod_security.get('manage_config', False) %}

include:
  - apache.mod_security

{%- for rule_name, rule_details in mod_security.get('rules', {}).items() %}
  {%- set rule_set = rule_details.get('rule_set', '') %}
  {%- set enabled = rule_details.get('enabled', False ) %}
  {%- if enabled %}
/etc/modsecurity/{{ rule_name }}:
  file.symlink:
    - target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }}
    - user: {{ apache.rootuser }}
    - group: {{ apache.rootgroup }}
    - mode: 755
  {%- else %}
/etc/modsecurity/{{ rule_name }}:
  file.absent:
    - name: /etc/modsecurity/{{ rule_name }}
  {%- endif %}

{%- endfor %}

{%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %}
  {%- set file = custom_rule_details.get('file', None) %}
  {%- set path = custom_rule_details.get('path', None) %}
  {%- set enabled = custom_rule_details.get('enabled', False ) %}

  {%- if enabled %}
/etc/modsecurity/{{ file }}:
  file.managed:
    - source: {{ path }}
    - user: {{ apache.rootuser }}
    - group: {{ apache.rootgroup }}
    - mode: 755
    - makedirs: True
  {%- else %}
/etc/modsecurity/{{ file }}:
  file.absent:
    - name: /etc/modsecurity/{{ file }}
  {%- endif %}
{%- endfor %}

{%- endif %}
add modsecurity rules state 2016-09-23 11:12:37 +02:00			`{%- set apache = pillar.get('apache', {}) %}`
			`{%- set mod_security = apache.get('mod_security', {}) %}`
			`{%- if mod_security.get('manage_config', False) %}`

			`include:`
			`- apache.mod_security`

			`{%- for rule_name, rule_details in mod_security.get('rules', {}).items() %}`
refactor(formula): align to template-formula & improve ci features FEATURE: Archlinux support FEATURE: Windows support FEATURE: Enhanced CI/CD FEATURE: modular states BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl' BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls" BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls" BREAKING CHANGE: "flags.sls" became "config/flags.sls" BREAKING CHANGE: "manage_security" became "config/manage_security.sls" BREAKING CHANGE: "mod_.sls" became "config/mod_.sls" BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls" BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls" BREAKING CHANGE: "register_site.sls" became "config/register_site.sls" BREAKING CHANGE: "server_status.sls" became "config/server_status.sls" BREAKING CHANGE: "vhosts/" became "config/vhosts/" BREAKING CHANGE: "mod_security/" became "config/mod_security/" NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls' NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls' 2020-09-13 06:07:20 +02:00			`{%- set rule_set = rule_details.get('rule_set', '') %}`
			`{%- set enabled = rule_details.get('enabled', False ) %}`
add modsecurity rules state 2016-09-23 11:12:37 +02:00			`{%- if enabled %}`
			`/etc/modsecurity/{{ rule_name }}:`
			`file.symlink:`
			`- target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }}`
refactor(formula): align to template-formula & improve ci features FEATURE: Archlinux support FEATURE: Windows support FEATURE: Enhanced CI/CD FEATURE: modular states BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl' BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls" BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls" BREAKING CHANGE: "flags.sls" became "config/flags.sls" BREAKING CHANGE: "manage_security" became "config/manage_security.sls" BREAKING CHANGE: "mod_.sls" became "config/mod_.sls" BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls" BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls" BREAKING CHANGE: "register_site.sls" became "config/register_site.sls" BREAKING CHANGE: "server_status.sls" became "config/server_status.sls" BREAKING CHANGE: "vhosts/" became "config/vhosts/" BREAKING CHANGE: "mod_security/" became "config/mod_security/" NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls' NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls' 2020-09-13 06:07:20 +02:00			`- user: {{ apache.rootuser }}`
			`- group: {{ apache.rootgroup }}`
add modsecurity rules state 2016-09-23 11:12:37 +02:00			`- mode: 755`
			`{%- else %}`
			`/etc/modsecurity/{{ rule_name }}:`
			`file.absent:`
			`- name: /etc/modsecurity/{{ rule_name }}`
			`{%- endif %}`

			`{%- endfor %}`

			`{%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %}`
refactor(formula): align to template-formula & improve ci features FEATURE: Archlinux support FEATURE: Windows support FEATURE: Enhanced CI/CD FEATURE: modular states BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl' BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls" BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls" BREAKING CHANGE: "flags.sls" became "config/flags.sls" BREAKING CHANGE: "manage_security" became "config/manage_security.sls" BREAKING CHANGE: "mod_.sls" became "config/mod_.sls" BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls" BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls" BREAKING CHANGE: "register_site.sls" became "config/register_site.sls" BREAKING CHANGE: "server_status.sls" became "config/server_status.sls" BREAKING CHANGE: "vhosts/" became "config/vhosts/" BREAKING CHANGE: "mod_security/" became "config/mod_security/" NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls' NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls' 2020-09-13 06:07:20 +02:00			`{%- set file = custom_rule_details.get('file', None) %}`
			`{%- set path = custom_rule_details.get('path', None) %}`
			`{%- set enabled = custom_rule_details.get('enabled', False ) %}`
add modsecurity rules state 2016-09-23 11:12:37 +02:00
			`{%- if enabled %}`
			`/etc/modsecurity/{{ file }}:`
			`file.managed:`
			`- source: {{ path }}`
refactor(formula): align to template-formula & improve ci features FEATURE: Archlinux support FEATURE: Windows support FEATURE: Enhanced CI/CD FEATURE: modular states BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl' BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls" BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls" BREAKING CHANGE: "flags.sls" became "config/flags.sls" BREAKING CHANGE: "manage_security" became "config/manage_security.sls" BREAKING CHANGE: "mod_.sls" became "config/mod_.sls" BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls" BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls" BREAKING CHANGE: "register_site.sls" became "config/register_site.sls" BREAKING CHANGE: "server_status.sls" became "config/server_status.sls" BREAKING CHANGE: "vhosts/" became "config/vhosts/" BREAKING CHANGE: "mod_security/" became "config/mod_security/" NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls' NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls' 2020-09-13 06:07:20 +02:00			`- user: {{ apache.rootuser }}`
			`- group: {{ apache.rootgroup }}`
add modsecurity rules state 2016-09-23 11:12:37 +02:00			`- mode: 755`
refactor(formula): align to template-formula & improve ci features FEATURE: Archlinux support FEATURE: Windows support FEATURE: Enhanced CI/CD FEATURE: modular states BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl' BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls" BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls" BREAKING CHANGE: "flags.sls" became "config/flags.sls" BREAKING CHANGE: "manage_security" became "config/manage_security.sls" BREAKING CHANGE: "mod_.sls" became "config/mod_.sls" BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls" BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls" BREAKING CHANGE: "register_site.sls" became "config/register_site.sls" BREAKING CHANGE: "server_status.sls" became "config/server_status.sls" BREAKING CHANGE: "vhosts/" became "config/vhosts/" BREAKING CHANGE: "mod_security/" became "config/mod_security/" NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls' NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls' 2020-09-13 06:07:20 +02:00			`- makedirs: True`
add modsecurity rules state 2016-09-23 11:12:37 +02:00			`{%- else %}`
			`/etc/modsecurity/{{ file }}:`
			`file.absent:`
			`- name: /etc/modsecurity/{{ file }}`
			`{%- endif %}`
			`{%- endfor %}`

refactor(formula): align to template-formula & improve ci features FEATURE: Archlinux support FEATURE: Windows support FEATURE: Enhanced CI/CD FEATURE: modular states BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl' BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls" BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls" BREAKING CHANGE: "flags.sls" became "config/flags.sls" BREAKING CHANGE: "manage_security" became "config/manage_security.sls" BREAKING CHANGE: "mod_.sls" became "config/mod_.sls" BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls" BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls" BREAKING CHANGE: "register_site.sls" became "config/register_site.sls" BREAKING CHANGE: "server_status.sls" became "config/server_status.sls" BREAKING CHANGE: "vhosts/" became "config/vhosts/" BREAKING CHANGE: "mod_security/" became "config/mod_security/" NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls' NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls' 2020-09-13 06:07:20 +02:00			`{%- endif %}`