pax_global_header00006660000000000000000000000064152171460350014516gustar00rootroot0000000000000052 comment=136f52da8553115a49572c2c8e0766b64a82f56d main.raku000066400000000000000000000000311521714603500126640ustar00rootroot00000000000000task-run "tasks/install";tasks/000077500000000000000000000000001521714603500122075ustar00rootroot00000000000000tasks/install/000077500000000000000000000000001521714603500136555ustar00rootroot00000000000000tasks/install/task.bash000066400000000000000000000043011521714603500154540ustar00rootroot00000000000000#!/bin/bash #=============================================================================== # ModSecurity Hardened Apache Web Server Setup for Rocky Linux # Following: https://docs.rockylinux.org/guides/web/apache_hardened_webserver/modsecurity/ #=============================================================================== # Install Apache if not already installed echo "Installing Apache HTTP Server..." sudo dnf install -y httpd # Download and run Atomicorp installer (unattended with NON_INT) echo "Downloading and running Atomicorp installer..." curl -s https://updates.atomicorp.com/installers/atomic | sudo env NON_INT=1 sh # Install ModSecurity from Atomicorp echo "Installing ModSecurity packages..." sudo dnf install -y mod_security # Download and setup OWASP Core Rule Set echo "Downloading OWASP Core Rule Set..." wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.5.tar.gz echo "Decompressing OWASP Core Rule Set..." tar xzvf v3.3.5.tar.gz echo "Creating symbolic link for CRS..." sudo ln -s $(pwd)/coreruleset-3.3.5 /etc/httpd/conf/crs echo "Removing tar.gz file..." rm -f v3.3.5.tar.gz echo "Copying CRS setup configuration..." sudo cp /etc/httpd/conf/crs/crs-setup.conf.example /etc/httpd/conf/crs/crs-setup.conf # Configure mod_security to include OWASP rules echo "Configuring mod_security to include OWASP rules..." sudo sed -i 's||IncludeOptional /etc/httpd/conf/crs/crs-setup.conf\nIncludeOptional /etc/httpd/conf/crs/rules/*.conf\n\n|' /etc/httpd/conf.d/mod_security.conf # Test Apache configuration echo "Testing Apache configuration..." sudo httpd -t # Start and enable Apache echo "Starting Apache service..." sudo systemctl enable httpd if systemctl is-active --quiet httpd; then sudo systemctl restart httpd echo "Apache restarted" else sudo systemctl start httpd echo "Apache started" fi # Verify Apache is running sleep 3 systemctl is-active --quiet httpd && echo "Apache is running successfully" || echo "Apache failed to start" # Verify ModSecurity installation echo "ModSecurity module check:" sudo httpd -M 2>/dev/null | grep security2_module || echo "WARNING: ModSecurity module not detected" echo "" echo "Installation complete"