UNPKG

@installdoc/ansible-gas-station

Version:

An Ansible playbook that provisions your network with software from GitHub Awesome lists, developed with disaster recovery in mind ⛽🔥🤤

82 lines (72 loc) 2.56 kB
--- - name: Install Modsecurity dependencies package: name: "{{ linux_modsec_dependencies }}" state: present when: ansible_os_family != 'Darwin' - name: Obtain Modsecurity source code from git repository git: depth: "1" dest: "{{ modsec_src_directory }}" force: true repo: "{{ modsec_git_repository }}" version: "{{ modsec_git_version }}" register: clone_modsec - name: Remove older version of ModSecrity # noqa 503 file: path: /usr/local/modsecurity/lib/libmodsecurity.so when: clone_modsec.changed - name: Configure, build, make install command: | ./build.sh ./configure make make install args: chdir: "{{ modsec_src_directory }}" creates: /usr/local/modsecurity/lib/libmodsecurity.so - name: Obtain Modsecurity-nginx source code git: depth: "1" dest: "{{ modsecnginx_src_directory }}" force: true repo: "{{ modsec_nginx_git_repository }}" version: "{{ modsec_nginx_git_version }}" register: clone_modsec_nginx - name: "Download and unarchive NGINX source code of version {{ nginx_version }}" unarchive: src: "https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz" dest: "{{ nginx_src_directory }}" remote_src: true register: nginx_archive - name: Configure and make ModSecurity NGINX module # noqa 503 command: | ./configure --with-compat --add-dynamic-module={{ modsecnginx_src_directory }} make modules args: chdir: "{{ nginx_src_directory + '/nginx-' + nginx_version }}" creates: ~/mods.so when: clone_modsec_nginx.changed or nginx_archive.changed - name: Copy Modsecurity-nginx module to NGINX modules folder # noqa 503 copy: dest: "{{ nginx_module_link }}/ngx_http_modsecurity_module.so" mode: preserve remote_src: true src: "{{ nginx_src_directory + '/nginx-' + nginx_version + '/objs/ngx_http_modsecurity_module.so' }}" when: clone_modsec_nginx.changed or nginx_archive.changed - name: Obtain OWASP Modsecurity Rules git: dest: "{{ modsec_waf_conf_directory }}" force: true repo: "{{ modsec_rules_git_repository }}" version: "{{ modsec_rules_git_version }}" register: clone_modsec_rules # @action Ensures Nginx is configured # Configures OWASP Modsecurity Rules on Linux and MacOS Systems - name: Copy crs-setup.conf.example to crs-setup.conf # noqa 503 copy: dest: "{{ modsec_waf_conf_directory }}/crs-setup.conf" mode: 0600 remote_src: true src: "{{ modsec_waf_conf_directory }}/crs-setup.conf.example" when: clone_modsec_rules.changed