2017-07-03 18:23:39 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
- name: Check if Apache envvars have a PATH
|
|
|
|
command: "grep -E '^export PATH ' /etc/apache2/envvars"
|
|
|
|
failed_when: False
|
|
|
|
changed_when: False
|
|
|
|
register: envvar_grep_path
|
|
|
|
check_mode: no
|
|
|
|
|
|
|
|
- name: Add a PATH envvar for Apache
|
|
|
|
blockinfile:
|
|
|
|
dest: /etc/apache2/envvars
|
|
|
|
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
|
|
|
|
block: |
|
|
|
|
# Used for Evoadmin-web
|
|
|
|
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
when: envvar_grep_path.rc != 0
|
|
|
|
|
2017-07-13 14:08:24 +02:00
|
|
|
- name: Install ITK module for Jessie
|
|
|
|
apt:
|
|
|
|
name: apache2-mpm-itk
|
|
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
|
|
|
|
- name: Install ITK module for Stretch
|
|
|
|
apt:
|
|
|
|
name: libapache2-mpm-itk
|
|
|
|
when: ansible_distribution_release == "stretch"
|
|
|
|
|
2017-07-03 18:23:39 +02:00
|
|
|
- name: Additional packages are installed
|
|
|
|
apt:
|
|
|
|
name: '{{ item }}'
|
|
|
|
state: present
|
|
|
|
with_items:
|
|
|
|
- libapache2-mod-evasive
|
|
|
|
- libapache2-mod-security2
|
2017-07-13 14:08:24 +02:00
|
|
|
- modsecurity-crs
|
2017-07-03 18:23:39 +02:00
|
|
|
|
|
|
|
- name: Copy Apache settings for modules
|
|
|
|
copy:
|
|
|
|
src: "{{ item }}"
|
|
|
|
dest: "/etc/apache2/conf-available/{{ item }}"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
force: no
|
|
|
|
with_items:
|
|
|
|
- evolinux-itk.conf
|
|
|
|
- evolinux-evasive.conf
|
|
|
|
- evolinux-modsec.conf
|
|
|
|
|
|
|
|
- name: Ensure Apache modules configs are enabled
|
|
|
|
command: "a2enconf {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'Enabling' in command_result.stderr"
|
|
|
|
with_items:
|
|
|
|
- evolinux-itk
|
|
|
|
- evolinux-evasive
|
|
|
|
- evolinux-modsec
|
|
|
|
|
|
|
|
- name: Check if log2mail is installed
|
|
|
|
command: "apt list --installed log2mail"
|
|
|
|
register: command_result
|
|
|
|
changed_when: False
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
var: command_result
|
|
|
|
verbosity: 1
|
|
|
|
|
|
|
|
- name: Add log2mail config for Apache segfaults
|
|
|
|
template:
|
|
|
|
src: log2mail-apache.j2
|
|
|
|
dest: "/etc/log2mail/config/apache"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
force: no
|
|
|
|
when: "'log2mail' in command_result.stdout"
|