@installdoc/ansible-gas-station
Version:
An Ansible playbook that provisions your network with software from GitHub Awesome lists, developed with disaster recovery in mind ⛽🔥🤤
82 lines (72 loc) • 2.56 kB
YAML
- name: Install Modsecurity dependencies
package:
name: "{{ linux_modsec_dependencies }}"
state: present
when: ansible_os_family != 'Darwin'
- name: Obtain Modsecurity source code from git repository
git:
depth: "1"
dest: "{{ modsec_src_directory }}"
force: true
repo: "{{ modsec_git_repository }}"
version: "{{ modsec_git_version }}"
register: clone_modsec
- name: Remove older version of ModSecrity # noqa 503
file:
path: /usr/local/modsecurity/lib/libmodsecurity.so
when: clone_modsec.changed
- name: Configure, build, make install
command: |
./build.sh
./configure
make
make install
args:
chdir: "{{ modsec_src_directory }}"
creates: /usr/local/modsecurity/lib/libmodsecurity.so
- name: Obtain Modsecurity-nginx source code
git:
depth: "1"
dest: "{{ modsecnginx_src_directory }}"
force: true
repo: "{{ modsec_nginx_git_repository }}"
version: "{{ modsec_nginx_git_version }}"
register: clone_modsec_nginx
- name: "Download and unarchive NGINX source code of version {{ nginx_version }}"
unarchive:
src: "https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz"
dest: "{{ nginx_src_directory }}"
remote_src: true
register: nginx_archive
- name: Configure and make ModSecurity NGINX module # noqa 503
command: |
./configure --with-compat --add-dynamic-module={{ modsecnginx_src_directory }}
make modules
args:
chdir: "{{ nginx_src_directory + '/nginx-' + nginx_version }}"
creates: ~/mods.so
when: clone_modsec_nginx.changed or nginx_archive.changed
- name: Copy Modsecurity-nginx module to NGINX modules folder # noqa 503
copy:
dest: "{{ nginx_module_link }}/ngx_http_modsecurity_module.so"
mode: preserve
remote_src: true
src: "{{ nginx_src_directory + '/nginx-' + nginx_version + '/objs/ngx_http_modsecurity_module.so' }}"
when: clone_modsec_nginx.changed or nginx_archive.changed
- name: Obtain OWASP Modsecurity Rules
git:
dest: "{{ modsec_waf_conf_directory }}"
force: true
repo: "{{ modsec_rules_git_repository }}"
version: "{{ modsec_rules_git_version }}"
register: clone_modsec_rules
# @action Ensures Nginx is configured
# Configures OWASP Modsecurity Rules on Linux and MacOS Systems
- name: Copy crs-setup.conf.example to crs-setup.conf # noqa 503
copy:
dest: "{{ modsec_waf_conf_directory }}/crs-setup.conf"
mode: 0600
remote_src: true
src: "{{ modsec_waf_conf_directory }}/crs-setup.conf.example"
when: clone_modsec_rules.changed