Niels Abspoel
8 年之前
+ 5
- 0
README.rst
查看文件
| @@ -93,6 +93,11 @@ using data from Pillar. (Debian and RedHat Only) | |||
| Allows you to install the basic Core Rules (CRS) and some basic configuration for mod_security2 | |||
| ``apache.mod_security.rules`` | |||
| This state can create symlinks based on basic Core Rules package. (Debian only) | |||
| Or it can distribute a mod_security rule file and place it /etc/modsecurity/ | |||
| ``apache.mod_ssl`` | |||
| ---------------------- | |||
apache/mod_security.sls → apache/mod_security/init.sls
查看文件
+ 45
- 0
apache/mod_security/rules.sls
查看文件
| @@ -0,0 +1,45 @@ | |||
| {%- set apache = pillar.get('apache', {}) %} | |||
| {%- set mod_security = apache.get('mod_security', {}) %} | |||
| {%- if mod_security.get('manage_config', False) %} | |||
| include: | |||
| - apache.mod_security | |||
| {%- for rule_name, rule_details in mod_security.get('rules', {}).items() %} | |||
| {% set rule_set = rule_details.get('rule_set', '') %} | |||
| {% set enabled = rule_details.get('enabled', False ) %} | |||
| {%- if enabled %} | |||
| /etc/modsecurity/{{ rule_name }}: | |||
| file.symlink: | |||
| - target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }} | |||
| - user: root | |||
| - group: root | |||
| - mode: 755 | |||
| {%- else %} | |||
| /etc/modsecurity/{{ rule_name }}: | |||
| file.absent: | |||
| - name: /etc/modsecurity/{{ rule_name }} | |||
| {%- endif %} | |||
| {%- endfor %} | |||
| {%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %} | |||
| {% set file = custom_rule_details.get('file', None) %} | |||
| {% set path = custom_rule_details.get('path', None) %} | |||
| {% set enabled = custom_rule_details.get('enabled', False ) %} | |||
| {%- if enabled %} | |||
| /etc/modsecurity/{{ file }}: | |||
| file.managed: | |||
| - source: {{ path }} | |||
| - user: root | |||
| - group: root | |||
| - mode: 755 | |||
| {%- else %} | |||
| /etc/modsecurity/{{ file }}: | |||
| file.absent: | |||
| - name: /etc/modsecurity/{{ file }} | |||
| {%- endif %} | |||
| {%- endfor %} | |||
| {% endif %} | |||
+ 16
- 0
pillar.example
查看文件
| @@ -165,3 +165,19 @@ apache: | |||
| sec_pcre_match_limit_recursion: '15000' | |||
| sec_debug_log_level: '3' | |||
| rules: | |||
| enabled: | |||
| modsecurity_crs_10_setup.conf: | |||
| rule_set: '' | |||
| enabled: True | |||
| modsecurity_crs_20_protocol_violations.conf: | |||
| rule_set: 'base_rules' | |||
| enabled: False | |||
| custom_rule_files: | |||
| # any name as an array index, and you can duplicate this section | |||
| UNIQUE_VALUE_HERE: | |||
| file: 'my name' | |||
| path: 'salt://path/to/modsecurity/custom/file' | |||
| enabled: True | |||
Loading…