Mercurial > repos > other > Puppet

comparison modules/apache/manifests/mod/security.pp @ 36:37675581a273 puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Puppet module for Apache (pulls in concat module)
author IBBoard <dev@ibboard.co.uk>
date Sat, 14 Mar 2015 20:07:04 +0000
parents
children 675c1cc61eaf
comparison
equal deleted inserted replaced
35:1bb941522ebf 36:37675581a273
1 class apache::mod::security (
2 $crs_package = $::apache::params::modsec_crs_package,
3 $activated_rules = $::apache::params::modsec_default_rules,
4 $modsec_dir = $::apache::params::modsec_dir,
5 $allowed_methods = 'GET HEAD POST OPTIONS',
6 $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf',
7 $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/',
8 $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/',
9 ){
10
11 if $::osfamily == 'FreeBSD' {
12 fail('FreeBSD is not currently supported')
13 }
14
15 ::apache::mod { 'security':
16 id => 'security2_module',
17 lib => 'mod_security2.so',
18 }
19
20 ::apache::mod { 'unique_id_module':
21 id => 'unique_id_module',
22 lib => 'mod_unique_id.so',
23 }
24
25 if $crs_package {
26 package { $crs_package:
27 ensure => 'latest',
28 before => File['security.conf'],
29 }
30 }
31
32 # Template uses:
33 # - $modsec_dir
34 file { 'security.conf':
35 ensure => file,
36 content => template('apache/mod/security.conf.erb'),
37 path => "${::apache::mod_dir}/security.conf",
38 owner => $::apache::params::user,
39 group => $::apache::params::group,
40 require => Exec["mkdir ${::apache::mod_dir}"],
41 before => File[$::apache::mod_dir],
42 notify => Class['apache::service'],
43 }
44
45 file { $modsec_dir:
46 ensure => directory,
47 owner => $::apache::params::user,
48 group => $::apache::params::group,
49 mode => '0555',
50 purge => true,
51 force => true,
52 recurse => true,
53 }
54
55 file { "${modsec_dir}/activated_rules":
56 ensure => directory,
57 owner => $::apache::params::user,
58 group => $::apache::params::group,
59 mode => '0555',
60 purge => true,
61 force => true,
62 recurse => true,
63 notify => Class['apache::service'],
64 }
65
66 file { "${modsec_dir}/security_crs.conf":
67 ensure => file,
68 content => template('apache/mod/security_crs.conf.erb'),
69 require => File[$modsec_dir],
70 notify => Class['apache::service'],
71 }
72
73 apache::security::rule_link { $activated_rules: }
74
75 }