pax_global_header00006660000000000000000000000064152171441720014516gustar00rootroot0000000000000052 comment=4487d6da8f0b9140ba49b064928815b00ef8c32c main.raku000066400000000000000000000000311521714417200126640ustar00rootroot00000000000000task-run "tasks/install";tasks/000077500000000000000000000000001521714417200122075ustar00rootroot00000000000000tasks/install/000077500000000000000000000000001521714417200136555ustar00rootroot00000000000000tasks/install/task.bash000066400000000000000000000044231521714417200154610ustar00rootroot00000000000000#!/bin/bash #=============================================================================== # ModSecurity Hardened Apache Web Server Setup for Rocky Linux # Following: https://docs.rockylinux.org/guides/web/apache_hardened_webserver/modsecurity/ #=============================================================================== # Install Apache if not already installed echo "Installing Apache HTTP Server..." sudo dnf install -y httpd # Download and run Atomicorp installer (automatically accept license) echo "Downloading and running Atomicorp installer..." wget -q -O /tmp/atomic-installer.sh https://www.atomicorp.com/installers/atomic echo "yes" | sudo sh /tmp/atomic-installer.sh rm -f /tmp/atomic-installer.sh # Install ModSecurity from Atomicorp echo "Installing ModSecurity packages..." sudo dnf install -y mod_security # Download and setup OWASP Core Rule Set echo "Downloading OWASP Core Rule Set..." wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.5.tar.gz echo "Decompressing OWASP Core Rule Set..." tar xzvf v3.3.5.tar.gz echo "Creating symbolic link for CRS..." sudo ln -s $(pwd)/coreruleset-3.3.5 /etc/httpd/conf/crs echo "Removing tar.gz file..." rm -f v3.3.5.tar.gz echo "Copying CRS setup configuration..." sudo cp /etc/httpd/conf/crs/crs-setup.conf.example /etc/httpd/conf/crs/crs-setup.conf # Configure mod_security to include OWASP rules echo "Configuring mod_security to include OWASP rules..." sudo sed -i 's||IncludeOptional /etc/httpd/conf/crs/crs-setup.conf\nIncludeOptional /etc/httpd/conf/crs/rules/*.conf\n\n|' /etc/httpd/conf.d/mod_security.conf # Test Apache configuration echo "Testing Apache configuration..." sudo httpd -t # Start and enable Apache echo "Starting Apache service..." sudo systemctl enable httpd if systemctl is-active --quiet httpd; then sudo systemctl restart httpd echo "Apache restarted" else sudo systemctl start httpd echo "Apache started" fi # Verify Apache is running sleep 3 systemctl is-active --quiet httpd && echo "Apache is running successfully" || echo "Apache failed to start" # Verify ModSecurity installation echo "ModSecurity module check:" sudo httpd -M 2>/dev/null | grep security2_module || echo "WARNING: ModSecurity module not detected" echo "" echo "Installation complete"