apache-formula/apache/config/modules/mod_security/rules.sls
2021-09-14 18:31:28 +01:00

49 lines
1.4 KiB
Plaintext

{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{#- set apache = pillar.get('apache', {}) #}
{%- set mod_security = apache.get('mod_security', {}) %}
{%- if mod_security.get('manage_config', False) %}
include:
- apache.config.modules.mod_security
{%- for rule_name, rule_details in mod_security.get('rules', {}).items() %}
{%- set rule_set = rule_details.get('rule_set', '') %}
{%- set enabled = rule_details.get('enabled', False ) %}
{%- if enabled %}
/etc/modsecurity/{{ rule_name }}:
file.symlink:
- target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }}
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- mode: 755
{%- else %}
/etc/modsecurity/{{ rule_name }}:
file.absent:
- name: /etc/modsecurity/{{ rule_name }}
{%- endif %}
{%- endfor %}
{%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %}
{%- set file = custom_rule_details.get('file', None) %}
{%- set path = custom_rule_details.get('path', None) %}
{%- set enabled = custom_rule_details.get('enabled', False ) %}
{%- if enabled %}
/etc/modsecurity/{{ file }}:
file.managed:
- source: {{ path }}
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- mode: 755
- makedirs: True
{%- else %}
/etc/modsecurity/{{ file }}:
file.absent:
- name: /etc/modsecurity/{{ file }}
{%- endif %}
{%- endfor %}
{%- endif %}