Ansible playbook for VCCW to install ModSecurity and setup the OWASP ModSecurity Core Rule Set

playbook-post.yml

---
- hosts: all
  become: yes

  tasks:

  - name: Install ModSecurity
    apt:
     name: libapache2-modsecurity
     update_cache: yes
  - name: Setup initial ModSec config
    command: mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
    become: yes
  - name: Enable ModSecurity
    become: yes
    replace:
      dest: /etc/modsecurity/modsecurity.conf
      regexp: SecRuleEngine .*
      replace: "SecRuleEngine On"
    notify:
      - restart apache
  - name: Activate all ModSec base rules
    become: yes
    shell: for f in `ls /usr/share/modsecurity-crs/base_rules` ; do sudo ln -s /usr/share/modsecurity-crs/base_rules/$f /usr/share/modsecurity-crs/activated_rules/$f ; done
  - name: Add main ruleset to ModSec config
    become: yes
    lineinfile:
      path: /etc/modsecurity/modsecurity.conf
      line: "IncludeOptional /usr/share/modsecurity-crs/*.conf"
  - name: Add activated rulesets to ModSec config
    become: yes
    lineinfile:
      path: /etc/modsecurity/modsecurity.conf
      line: "IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf"
    notify:
      - restart apache

  handlers:
  - name: restart apache
    become: yes
    service: name=apache2 state=restarted