Commit 05120c15 authored by mh's avatar mh
Browse files

linting

parent 4ed37627
# base setup of mode_security
class mod_security::base {
package{'mod_security':
package { 'mod_security':
ensure => installed,
require => Package['apache'],
notify => Service['apache'],
}
file{'mod_security_config_dir':
file { 'mod_security_config_dir':
ensure => directory,
path => $mod_security::config_dir,
require => Package['mod_security'],
......@@ -17,24 +16,23 @@ class mod_security::base {
}
# Automatically clean vhost mod_security logs
file{'/usr/local/sbin/mod_security_logclean.sh':
file { '/usr/local/sbin/mod_security_logclean.sh':
source => 'puppet:///modules/mod_security/scripts/mod_security_logclean.sh',
owner => 'root',
group => 0,
mode => '0700',
}
file{'/etc/cron.daily/mod_security_logclean.sh': }
file { '/etc/cron.daily/mod_security_logclean.sh': }
if $mod_security::log_clean_days_to_keep {
File['/etc/cron.daily/mod_security_logclean.sh']{
File['/etc/cron.daily/mod_security_logclean.sh'] {
owner => 'root',
group => 0,
mode => '0700',
content => "#!/bin/bash\n/usr/local/sbin/mod_security_logclean.sh ${mod_security::log_clean_days_to_keep}\n",
}
} else {
File['/etc/cron.daily/mod_security_logclean.sh']{
File['/etc/cron.daily/mod_security_logclean.sh'] {
ensure => absent,
}
}
}
# centos specific things
class mod_security::centos inherits mod_security::base {
if versioncmp($facts['os']['release']['major'],'7') < 0 {
apache::config::global{'mod_security.conf':
source => [ "puppet:///modules/site_mod_security/normal/${::fqdn}/mod_security.conf",
"puppet:///modules/site_mod_security/normal/${::domain}/mod_security.conf",
"puppet:///modules/site_mod_security/normal/${::operatingsystem}.${::operatingsystemmajrelease}/mod_security.conf",
"puppet:///modules/site_mod_security/normal/${::operatingsystem}/mod_security.conf",
"puppet:///modules/site_mod_security/normal/mod_security.conf",
"puppet:///modules/mod_security/normal/${::operatingsystem}/mod_security.conf" ],
apache::config::global { 'mod_security.conf':
source => ["puppet:///modules/site_mod_security/normal/${facts['networking']['fqdn']}/mod_security.conf",
"puppet:///modules/site_mod_security/normal/${facts['networking']['domain']}/mod_security.conf",
"puppet:///modules/site_mod_security/normal/${facts['os']['name']}.${facts['os']['release']['major']}/mod_security.conf",
"puppet:///modules/site_mod_security/normal/${facts['os']['name']}/mod_security.conf",
'puppet:///modules/site_mod_security/normal/mod_security.conf',
"puppet:///modules/mod_security/normal/${facts['os']['name']}/mod_security.conf"],
require => Package['mod_security'],
notify => Service['apache'],
notify => Service['apache'],
}
# since version 2.5 we need to define a SecDataDir
file{
file {
'/var/www/modsecurity_data':
ensure => directory,
require => Package['mod_security'],
......@@ -32,7 +32,7 @@ class mod_security::centos inherits mod_security::base {
# comment out an unwanted rule
# 200003 : broken multipart upload boundaries
if versioncmp($facts['os']['release']['major'],'6') > 0 {
Package<| title == 'mod_security' |> -> exec{'comment_out_rule_id_200003':
Package<| title == 'mod_security' |> -> exec { 'comment_out_rule_id_200003':
command => 'sed -i -e "s/ \(SecRule MULTIPART_UNMATCHED_BOUNDARY\)/ #\1/" -e "s/ \(\"id:\'200003\)/ #\1/" /etc/httpd/conf.d/mod_security.conf',
onlyif => 'grep -qE " (SecRule MULTIPART_UNMATCHED_BOUNDARY|\"id:\'200003)" /etc/httpd/conf.d/mod_security.conf',
notify => Service['apache'],
......
# 2008 - admin(at)immerda.ch
# Adapated by Puzzle ITC
# License: GPLv3
class mod_security(
class mod_security (
$log_clean_days_to_keep = 5,
$asl_ruleset = false,
$crs_ruleset = true,
$crs_extras_ruleset = false,
) {
include ::apache
include apache
$config_dir = "${apache::config_dir}/modsecurity.d"
case $::operatingsystem {
centos: { include mod_security::centos }
case $facts['os']['name'] {
'centos': { include mod_security::centos }
default: { include mod_security::base }
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment