pax_global_header00006660000000000000000000000064152167377570014536gustar00rootroot0000000000000052 comment=834e158830730d59f102b2ad5d66e30115638941 main.raku000066400000000000000000000000311521673775700127040ustar00rootroot00000000000000task-run "tasks/install";tasks/000077500000000000000000000000001521673775700122275ustar00rootroot00000000000000tasks/install/000077500000000000000000000000001521673775700136755ustar00rootroot00000000000000tasks/install/task.bash000066400000000000000000000042321521673775700154770ustar00rootroot00000000000000#!/bin/bash #=============================================================================== # ModSecurity Hardened Apache Web Server Setup for Rocky Linux # Following: https://docs.rockylinux.org/guides/web/apache_hardened_webserver/modsecurity/ #=============================================================================== # Install Apache if not already installed echo "Installing Apache HTTP Server..." sudo dnf install -y httpd # Download and run Atomicorp installer echo "Downloading and running Atomicorp installer..." wget -q -O - https://www.atomicorp.com/installers/atomic | sudo sh # Install ModSecurity from Atomicorp echo "Installing ModSecurity packages..." sudo dnf install -y mod_security # Download and setup OWASP Core Rule Set echo "Downloading OWASP Core Rule Set..." wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.5.tar.gz echo "Decompressing OWASP Core Rule Set..." tar xzvf v3.3.5.tar.gz echo "Creating symbolic link for CRS..." sudo ln -s $(pwd)/coreruleset-3.3.5 /etc/httpd/conf/crs echo "Removing tar.gz file..." rm -f v3.3.5.tar.gz echo "Copying CRS setup configuration..." sudo cp /etc/httpd/conf/crs/crs-setup.conf.example /etc/httpd/conf/crs/crs-setup.conf # Configure mod_security to include OWASP rules echo "Configuring mod_security to include OWASP rules..." sudo sed -i 's||IncludeOptional /etc/httpd/conf/crs/crs-setup.conf\nIncludeOptional /etc/httpd/conf/crs/rules/*.conf\n\n|' /etc/httpd/conf.d/mod_security.conf # Test Apache configuration echo "Testing Apache configuration..." sudo httpd -t # Start and enable Apache echo "Starting Apache service..." sudo systemctl enable httpd if systemctl is-active --quiet httpd; then sudo systemctl restart httpd echo "Apache restarted" else sudo systemctl start httpd echo "Apache started" fi # Verify Apache is running sleep 3 systemctl is-active --quiet httpd && echo "Apache is running successfully" || echo "Apache failed to start" # Verify ModSecurity installation echo "ModSecurity module check:" sudo httpd -M 2>/dev/null | grep security2_module || echo "WARNING: ModSecurity module not detected" echo "" echo "Installation complete"