Update to support Ubuntu Noble

LICENSE

@@ -1,22 +1,39 @@
-MIT License
-
-Copyright (c) 2019 Perry Kollmorgen
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-
+ /*  
+ * Copyright (c) 2022 GPL-3.0-or-later nginx_modsec3_crs Coopdevs   
+ *  
+ *  This file is free software: you may copy, redistribute and/or modify it  
+ *  under the terms of the GNU General Public License as published by the  
+ *  Free Software Foundation, either version 3 of the License, or (at your  
+ *  option) any later version.  
+ *  
+ *  This file is distributed in the hope that it will be useful, but  
+ *  WITHOUT ANY WARRANTY; without even the implied warranty of  
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU  
+ *  General Public License for more details.  
+ *  
+ *  You should have received a copy of the GNU General Public License  
+ *  along with this program.  If not, see https://www.gnu.org/licenses.
+ *  
+ *  This file incorporates work covered by the following copyright and
+ *  permission notice:
+ *
+ *    MIT License
+ *    Copyright (c) 2019 Perry Kollmorgen
+ *    Permission is hereby granted, free of charge, to any person obtaining a copy
+ *    of this software and associated documentation files (the "Software"), to deal
+ *    in the Software without restriction, including without limitation the rights
+ *    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *    copies of the Software, and to permit persons to whom the Software is
+ *    furnished to do so, subject to the following conditions:
+ *    
+ *    The above copyright notice and this permission notice shall be included in all
+ *    copies or substantial portions of the Software.
+ *    
+ *    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ *    SOFTWARE.
+ */

README.md

@@ -1,16 +1,7 @@
-# Ansible role for Installing Nginx, compiling ModSecurity3, and installing the OWASP CRS v3 ruleset 
+# nginx_modsec3_crs role
+## Ansible role for Installing Nginx, compiling ModSecurity3, and installing the OWASP CRS v3 ruleset 
 
-ModSecurity3 is a powerful open source cross-platform web application firewall (WAF).
-
-https://modsecurity.org/
-
-It goes hand in hand with a ruleset known as OWASP CRS.
-
-https://modsecurity.org/crs/
-
-Additionally both of these go hand in hand with a webserver, either Apache or Nginx, this role only supports Nginx however.
-
-https://www.nginx.com
+> Forked from [**@perryk**'s](https://github.com/perryk) [ansible-role-nginx-modsec3-crs3](https://github.com/perryk/ansible-role-nginx-modsec3-crs3)
 
 There are a number of libraries and packages which ModSecurity3 depends on and will be installed via this role.
 
@@ -20,11 +11,7 @@ Nginx support is primarily provided by the dependent role `ansible-role-nginx` b
 
 https://github.com/jdauphant/ansible-role-nginx
 
-By default this role will install Nginx packages from OS provided repos, this is recommended to be changed to installing from the official Nginx repo instead.
-
-This can be done by setting this variable:
-
-```    nginx_official_repo: True```
+:warning:  jdauphant's nginx role is no longer mantained.
 
 ## Requirements
 
@@ -35,26 +22,32 @@ Install any required [Ansible](https://www.ansible.com) roles from `requirements
 ```bash
 ansible-galaxy install -r requirements.yml
 ```
-
-n.b in particular this role will call certain tasks from the nginx role so be sure to have it installed in the same location as this role and with a specific name of "ansible-role-nginx".
-
 i.e this in the requirements.yml file for your project's playbook (not the requirements.yml file for this role) you will need to include both this role and the role mentioned above like this:
 
 ```yml
-- src: perryk.nginx_modsec3_crs3
+- src: coopdevs.nginx_modsec3_crs
 
-- src: https://github.com/jdauphant/ansible-role-nginx
-  version: master
+- src: jdauphant.nginx
+  version: v2.21.2
 ```
-
-
 ## Role Variables
 
 Browse the role's [defaults/main.yml](defaults/main.yml) and [vars/main.yml](vars/main.yml) files to see if there is anything you would like to change or need to override by setting in your playbook.
 
-There are currently no variables of note being set.
+Specific-role vars are explained below, with their default value set.
+
+```yaml
+# Enables the modsecurity compilation, installation and configuration if it is not installed
+nginx_modsec3_enabled: True
+ # Set the ruleset version
+nginx_modsec3_crs_version: v3.4/dev
+# Force modsecurity recompile despite it is already installed
+nginx_modsec3_crs3_force_compile: True
+# Enable the block mode (if False, then "Detection Only" mode is set)
+nginx_modsec3_crs3_block_mode: True
+```
 
-There are lots of variables however in the nginx role, perhaps the best explanation of these are all the examples in the role [README.md](https://github.com/jdauphant/ansible-role-nginx/blob/master/README.md) file.
+There are lots of variables more in the nginx role, perhaps the best explanation of these are all the examples in the role [README.md](https://github.com/jdauphant/ansible-role-nginx/blob/master/README.md) file.
 
 
 ## Example Playbook
@@ -65,32 +58,32 @@ Example playbook calling the role adding and enabling ModSecurity for the defaul
 - hosts: servers
 
   vars:
-
+    nginx_modsec3_enabled: True
+    nginx_modsec3_crs_version: v4.0/dev
     nginx_pkgs:
       - nginx
-    nginx_install_epel_repo: False
-    nginx_official_repo: True
-    nginx_official_repo_mainline: True
     nginx_module_configs:
       - ngx_http_modsecurity_module
+      - ngx_http_geoip2_module
+    nginx_modules_disable:
+      - ngx_http_geoip_module
     nginx_sites:
       default:
-       - listen 80
-       - server_name _
-       - "Modsecurity on"
-       - "modsecurity_rules_file /etc/nginx/modsec/main.conf"
-       - root "/usr/share/nginx/html"
-       - index index.html
-
+       - |
+         ...
+         modsecurity on;
+         modsecurity_rules_file /etc/nginx/modsec/main.conf;
+         ...
   roles:
-    - perryk.nginx-modsec3-crs3
+    - coopdevs.nginx_modsec3_crs
 ```
 
 # License
 
-MIT
+GPL-3.0-or-later
 
 ## Author Information
 
-Perry Kollmorgen - https://github.com/perryk
+Perry Kollmorgen - https://github.com/perryk  
+[Coopdevs](https://coopdevs.org) - https://github.com/coopdevs
 

defaults/main.yml

@@ -1,35 +1,55 @@
 ---
-# defaults file for ansible-role-nginx-modsec3-crs3
-
+# defaults file for coopdevs.nginx_modsec3_crs
+nginx_modsec3_enabled: True
+nginx_modsec3_crs_version: v3.4/dev
+nginx_modsec3_crs3_force_compile: True
+nginx_modsec3_crs3_block_mode: True
 nginx_modsec3_crs3_debian_pre_reqs:
+  - git
   - libgeoip-dev
+  - libmaxminddb-dev
+  - libmaxminddb0
   - libcurl4-openssl-dev
-  - liblua5.2-dev
+  - liblua5.3-dev
   - libyajl-dev
   - libxml2-dev
-  - libpcre3-dev
-  - libpcre++-dev
+  - libpcre2-dev
+  #- libpcre++-dev #hmm I wonder if might need libpcre (1) still ?
   - ssdeep
   - libfuzzy-dev
-  - git
+  - libssl-dev
+  - zlib1g-dev
 
+# These are packages which are removed after compiling has finished
 nginx_modsec3_crs3_debian_compiler_reqs:
   - build-essential
 
+# These are packages you want kept even after compiling has finished
 nginx_modsec3_crs3_redhat_pre_reqs:
-  - GeoIP-devel
-  - curl-devel
-  # - lua-devel
-  # - yajl-devel
-  - libxml2-devel
-  - xz-devel
-  - pcre-devel
-  - ssdeep-devel
-  - ssdeep-libs
   - git
-  - openssl-devel
-  - libxslt-devel
-  - gd-devel
+  - GeoIP-devel           #modsec, might not exist in EL9 ?
+  #- libmaxminddb-devel    #modsec, but lets remove as EL8 has a broken compile error
+  #- libmaxminddb          #modsec, but same as above
+  - curl-devel            #modsec
+  - lua-devel             #modsec
+  - yajl-devel            #modsec
+  - libxml2-devel         #modsec
+  - lmdb-devel            #modsec
+  #- xz-devel             # unsure if still needed
+  - pcre-devel            #modsec, needed even if pcre2 is used 
+  - pcre2-devel           #modsec
+  - ssdeep-devel          # used by modsec
+  - ssdeep-libs           # used by modsec
+  - openssl-devel         #nginx
+  - libxslt-devel         #modsec 
 
+# These are packages which are removed after compiling has finished
 nginx_modsec3_crs3_redhat_compiler_reqs:
   - "@Development tools"
+
+nginx_modsec3_crs3_geoip_enabled: false
+nginx_modsec3_crs3_maxmind_enabled: false
+
+nginx_modsec3_crs3_core_rule_set_version: "v4.0.0"
+nginx_official_repo: True
+nginx_official_repo_mainline: True

meta/main.yml

@@ -1,29 +1,39 @@
 galaxy_info:
-  author: "Perry Kollmorgen (https://github.com/perryk)"
-  role_name: nginx_modsec3_crs3
-  description: "Installs Nginx, Compiles ModSecurity3, and downloads the OWASP CRS v3 ruleset (https://nginx.com, https://modsecurity.org, https://modsecurity.org/crs)"
+  author: "Coopdevs (https://github.com/coopdevs)"
+  role_name: "nginx_modsec3_crs"
+  description: "Installs Nginx, Compiles ModSecurity3, and downloads the OWASP CRS v3 ruleset. Forked from Perry Kollmorgen's role (https://github.com/perryk) "
 
-  license: MIT
+  license: "GPL-3.0-or-later"
 
-  min_ansible_version: 2.4
+  min_ansible_version: "2.4"
 
   platforms:
   - name: EL
     versions:
     - 6
     - 7
     - 8
+    - 9
   - name: Debian
     versions:
     - jessie
     - stretch
-    - sid
+    - buster
+    - bullseye
+    - bookworm
   - name: Ubuntu
     versions:
-    - zesty
-    - artful
     - bionic
-    - cosmic  
+    - cosmic
+    - disco
+    - eoan
+    - focal
+    - groovy
+    - hirsute
+    - impish
+    - jammy
+    - mantic
+    - noble  
 
   galaxy_tags:
   - modsecurity
@@ -33,5 +43,3 @@ galaxy_info:
   - nginx
   - web
   - system
-
-dependencies: []

requirements.yml

@@ -1,2 +1,3 @@
 ---
 - src: jdauphant.nginx
+  version: v2.21.2