coopdevs.nginx_modsec3_crs

Panoramica Versioni Approfondimenti

nginx_modsec3_crs Role

Ansible Role for Installing Nginx, Compiling ModSecurity3, and Installing OWASP CRS v3 Ruleset

This role is based on @perryk's ansible-role-nginx-modsec3-crs3.

ModSecurity3 needs several libraries and packages, which this role will install.

The role will also install any compilers and tools needed for compilation and will remove them if they weren't installed beforehand.

Nginx support mainly comes from the role ansible-role-nginx by jdauphant.

Visit: https://github.com/jdauphant/ansible-role-nginx

:warning: Note that jdauphant's Nginx role is not maintained anymore.

Requirements

Before running a playbook that uses this role:

You need to install any required Ansible roles listed in requirements.yml. You can view it here.

ansible-galaxy install -r requirements.yml

For your project's playbook (not for this role's requirements.yml), you should include both this role and the one mentioned above like this:

- src: coopdevs.nginx_modsec3_crs

- src: jdauphant.nginx
  version: v2.21.2

Role Variables

Check out the role’s defaults/main.yml and vars/main.yml files to see if you want to change anything.

Here are some specific variables explained, along with their default values:

# Enable ModSecurity compilation, installation, and configuration if not already installed
nginx_modsec3_enabled: True
# Specify the ruleset version
nginx_modsec3_crs_version: v3.4/dev
# Recompile ModSecurity even if already installed
nginx_modsec3_crs3_force_compile: True
# Enable block mode (if False, it will be in "Detection Only" mode)
nginx_modsec3_crs3_block_mode: True

There are many more variables in the Nginx role, and the best way to understand them is through the examples in the role’s README.md file.

Example Playbook

Here is an example playbook that calls the role to add and enable ModSecurity for the default Nginx site.

- hosts: servers

  vars:
    nginx_modsec3_enabled: True
    nginx_modsec3_crs_version: v4.0/dev
    nginx_pkgs:
      - nginx
    nginx_module_configs:
      - ngx_http_modsecurity_module
    nginx_sites:
      default:
       - |
         ...
         modsecurity on;
         modsecurity_rules_file /etc/nginx/modsec/main.conf;
         ...
  roles:
    - coopdevs.nginx_modsec3_crs

License

GPL-3.0-or-later

Author Information

Perry Kollmorgen - GitHub
Coopdevs - GitHub

Informazioni sul progetto

Installs Nginx, Compiles ModSecurity3, and downloads the OWASP CRS v3 ruleset. Forked from Perry Kollmorgen's role (https://github.com/perryk)

role crs modsecurity nginx security system waf web
Installa
ansible-galaxy install coopdevs.nginx_modsec3_crs
GitHub repository
2 stelle
0 fork
2 problemi aperti
Licenza
other
Download
564
Proprietario
coopdevs
Coopdevs, Free and Open Source Software for Social and Solidarity Economy.