saltstack-formulas/apache-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b99b7b71ad
apache-formula/apache/config/modules/mod_security/rules.sls
noelmcloughlin 47818fc360 refactor(formula): align to template-formula & improve ci features 
FEATURE: Archlinux support
FEATURE: Windows support
FEATURE: Enhanced CI/CD
FEATURE: modular states

BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl'
BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls"
BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls"
BREAKING CHANGE: "flags.sls" became "config/flags.sls"
BREAKING CHANGE: "manage_security" became "config/manage_security.sls"
BREAKING CHANGE: "mod_*.sls" became "config/mod_*.sls"
BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls"
BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls"
BREAKING CHANGE: "register_site.sls" became "config/register_site.sls"
BREAKING CHANGE: "server_status.sls" became "config/server_status.sls"
BREAKING CHANGE: "vhosts/" became "config/vhosts/"
BREAKING CHANGE: "mod_security/" became "config/mod_security/"

NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls'
NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls'
2020-10-05 14:24:15 +01:00

47 lines
1.3 KiB
Plaintext
Raw Blame History

{%- set apache = pillar.get('apache', {}) %}
{%- set mod_security = apache.get('mod_security', {}) %}
{%- if mod_security.get('manage_config', False) %}
include:
- apache.mod_security
{%- for rule_name, rule_details in mod_security.get('rules', {}).items() %}
{%- set rule_set = rule_details.get('rule_set', '') %}
{%- set enabled = rule_details.get('enabled', False ) %}
{%- if enabled %}
/etc/modsecurity/{{ rule_name }}:
file.symlink:
- target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }}
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- mode: 755
{%- else %}
/etc/modsecurity/{{ rule_name }}:
file.absent:
- name: /etc/modsecurity/{{ rule_name }}
{%- endif %}
{%- endfor %}
{%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %}
{%- set file = custom_rule_details.get('file', None) %}
{%- set path = custom_rule_details.get('path', None) %}
{%- set enabled = custom_rule_details.get('enabled', False ) %}
{%- if enabled %}
/etc/modsecurity/{{ file }}:
file.managed:
- source: {{ path }}
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- mode: 755
- makedirs: True
{%- else %}
/etc/modsecurity/{{ file }}:
file.absent:
- name: /etc/modsecurity/{{ file }}
{%- endif %}
{%- endfor %}
{%- endif %}
Reference in New Issue View Git Blame Copy Permalink