Apache Auto-Remediation Setup

Apache Auto-Remediation Setup

This guide details how to set up automatic Apache recovery using Ansible Rulebook on three systems.

Step 1: Install Required Packages

Run these commands on all three systems:

sudo dnf update -y
sudo dnf install -y ansible ansible-core python3-pip
pip install --upgrade --force-reinstall ansible-rulebook

Step 2: Setup SSH Access

Run the following on the control node:

ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa
ssh-copy-id test@192.168.2.184
ssh-copy-id test@192.168.2.185

Step 3: Create Ansible Inventory

nano /home/test/inventory.yml
all:
  hosts:
    web_servers:
      ansible_host: 192.168.2.184
      ansible_user: test
      ansible_ssh_private_key_file: ~/.ssh/id_rsa

    web_servers_backup:
      ansible_host: 192.168.2.185
      ansible_user: test
      ansible_ssh_private_key_file: ~/.ssh/id_rsa

Step 4: Create Ansible Rulebook

nano /home/test/apache_auto_remediate.yml
- name: Apache Auto-Remediation Rulebook
  hosts: web_servers
  sources:
    - name: webhook_source
      ansible.eda.webhook:
        host: 0.0.0.0
        port: 5001
  rules:
    - name: Detect Apache Failure
      condition: event.payload.message is search("Apache service failed")
      action:
        run_playbook:
          name: /home/test/fix_apache_issue.yml

Step 5: Create the Auto-Fix Playbook

nano /home/test/fix_apache_issue.yml
- name: Fix Apache Web Server Issues
  hosts: web_servers
  tasks:
    - name: Restart Apache
      service:
        name: httpd
        state: restarted

Step 6: Configure Ansible Rulebook as a Systemd Service

sudo nano /etc/systemd/system/ansible-rulebook.service
[Unit]
Description=Ansible Rulebook for Apache Auto-Remediation
After=network.target

[Service]
ExecStart=/usr/local/bin/ansible-rulebook --rulebook /home/test/apache_auto_remediate.yml -i /home/test/inventory.yml --verbose
Restart=always
RestartSec=5
User=test
WorkingDirectory=/home/test
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable ansible-rulebook
sudo systemctl restart ansible-rulebook
sudo systemctl status ansible-rulebook

Step 7: Configure Apache Monitor on Clients

sudo nano /etc/systemd/system/apache-monitor.service
[Unit]
Description=Monitor Apache and Send Event to Ansible Control Node
After=network.target

[Service]
ExecStart=/bin/bash -c "while true; do if ! systemctl is-active --quiet httpd; then curl -X POST http://192.168.2.135:5001/ -H 'Content-Type: application/json' -d '{\"message\": \"Apache service failed on $(hostname)\"}'; fi; sleep 10; done"
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable apache-monitor
sudo systemctl restart apache-monitor
sudo systemctl status apache-monitor

Step 8: Test Auto-Remediation

Stop Apache and check logs:

sudo systemctl stop httpd
journalctl -u apache-monitor --no-pager | tail -20
journalctl -u ansible-rulebook --no-pager | tail -20
sudo systemctl status httpd

🎯 Conclusion

Your Ansible Event-Driven Auto-Remediation for Apache is now fully set up!

Apache Auto-Remediation Setup

Apache Auto-Remediation Setup with Configuration File Monitoring

This guide details how to set up automatic Apache recovery using Ansible Rulebook on three systems.

Step 1: Install Required Packages

sudo dnf update -y
sudo dnf install -y ansible ansible-core python3-pip
pip install --upgrade --force-reinstall ansible-rulebook

Step 2: Setup SSH Access

ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa
ssh-copy-id test@192.168.2.184
ssh-copy-id test@192.168.2.185

Step 3: Create Ansible Inventory

nano /home/test/inventory.yml
all:
  hosts:
    web_servers:
      ansible_host: 192.168.2.184
      ansible_user: test
      ansible_ssh_private_key_file: ~/.ssh/id_rsa
    web_servers_backup:
      ansible_host: 192.168.2.185
      ansible_user: test
      ansible_ssh_private_key_file: ~/.ssh/id_rsa

Step 4: Create Ansible Rulebook

nano /home/test/apache_auto_remediate.yml
- name: Apache Auto-Remediation Rulebook
  hosts: web_servers
  sources:
    - name: webhook_source
      ansible.eda.webhook:
        host: 0.0.0.0
        port: 5001
    - name: filewatch_source  
      ansible.eda.filewatch:
        path: /etc/httpd/conf/httpd.conf
        events: ["modify"]
  rules:
    - name: Detect Apache Failure
      condition: event.payload.message is search("Apache service failed")
      action:
        run_playbook:
          name: /home/test/fix_apache_issue.yml
    - name: Restart Apache When Config File is Modified  
      condition: event.type == "modify"
      action:
        run_playbook:
          name: /home/test/restart_apache.yml

Step 5: Create the Auto-Fix Playbook

nano /home/test/fix_apache_issue.yml
- name: Fix Apache Web Server Issues
  hosts: web_servers
  tasks:
    - name: Restart Apache
      service:
        name: httpd
        state: restarted

Step 6: Create a Playbook to Restart Apache When httpd.conf is Modified

nano /home/test/restart_apache.yml
- name: Restart Apache Due to Configuration Change
  hosts: web_servers
  tasks:
    - name: Restart Apache
      service:
        name: httpd
        state: restarted
    - name: Log Configuration Change
      command: echo "Apache configuration was modified and the service was restarted." >> /var/log/apache_auto_remediation.log

Step 7: Configure Ansible Rulebook as a Systemd Service

sudo nano /etc/systemd/system/ansible-rulebook.service
[Unit]
Description=Ansible Rulebook for Apache Auto-Remediation
After=network.target

[Service]
ExecStart=/usr/local/bin/ansible-rulebook --rulebook /home/test/apache_auto_remediate.yml -i /home/test/inventory.yml --verbose
Restart=always
RestartSec=5
User=test
WorkingDirectory=/home/test
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target

Step 8: Configure Apache Monitor on Clients

sudo nano /etc/systemd/system/apache-monitor.service
[Unit]
Description=Monitor Apache and Send Event to Ansible Control Node
After=network.target

[Service]
ExecStart=/bin/bash -c "while true; do if ! systemctl is-active --quiet httpd; then curl -X POST http://192.168.2.135:5001/ -H 'Content-Type: application/json' -d '{\"message\": \"Apache service failed on $(hostname)\"}'; fi; sleep 10; done"
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

Step 9: Test Auto-Remediation

sudo systemctl stop httpd
journalctl -u apache-monitor --no-pager | tail -20
journalctl -u ansible-rulebook --no-pager | tail -20
sudo systemctl status httpd

Test Configuration Change Auto-Remediation

sudo echo "# Change in Apache config" >> /etc/httpd/conf/httpd.conf
sleep 5
sudo systemctl status httpd
tail -f /var/log/apache_auto_remediation.log

Summary of Enhancements

  • Added an event-driven rule to restart Apache when httpd.conf is modified
  • Integrated Filewatch source in the Ansible Rulebook
  • Created a dedicated playbook (restart_apache.yml) to handle config file modifications
Apache Auto-Remediation Setup

Apache Auto-Remediation Setup with Configuration File Monitoring

This guide details how to set up automatic Apache recovery using Ansible Rulebook on three systems.

Step 4: Create Ansible Rulebook

nano /home/test/apache_auto_remediate.yml
- name: Apache Auto-Remediation Rulebook
  hosts: web_servers
  sources:
    - name: webhook_source
      ansible.eda.webhook:
        host: 0.0.0.0
        port: 5001
    - name: filewatch_source
      ansible.eda.filewatch:
        path: /etc/httpd/conf/httpd.conf
        events: ["modify"]
    - name: shell_source
      ansible.eda.shell:
        command: "mpstat | awk '$12 < 10 {exit 1}'"
        interval: 10
    - name: shell_source
      ansible.eda.shell:
        command: "ping -c 3 8.8.8.8 || exit 1"
        interval: 10
    - name: shell_source
      ansible.eda.shell:
        command: "grep 'Failed password' /var/log/auth.log | tail -1 | awk '{print $11}'"
        interval: 10
  rules:
    - name: Detect Apache Failure
      condition: event.payload.message is search("Apache service failed")
      action:
        run_playbook:
          name: /home/test/fix_apache_issue.yml
    - name: Restart Apache When Config File is Modified
      condition: event.type == "modify"
      action:
        run_playbook:
          name: /home/test/restart_apache.yml
    - name: Restart High-CPU Process
      condition: event.failed == true
      action:
        run_playbook:
          name: restart_high_cpu_process.yml
    - name: Restart Network on Failure
      condition: event.failed == true
      action:
        run_playbook:
          name: restart_network.yml
    - name: Block Attacking IP
      condition: event.failed == false
      action:
        run_playbook:
          name: block_ip.yml

Step 5: Create the Auto-Fix Playbook

nano /home/test/fix_apache_issue.yml
- name: Fix Apache Web Server Issues
  hosts: web_servers
  tasks:
    - name: Restart Apache
      service:
        name: httpd
        state: restarted

Step 6: Create Additional Auto-Healing Playbooks

nano /home/test/restart_high_cpu_process.yml
- name: Restart High-CPU Process
  hosts: all
  tasks:
    - name: Kill and Restart High-CPU Process
      shell: "ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head -2 | tail -1 | awk '{print $1}' | xargs kill -9"
nano /home/test/restart_network.yml
- name: Restart Network Interface
  hosts: all
  tasks:
    - name: Restart Network Service
      service:
        name: NetworkManager
        state: restarted
nano /home/test/block_ip.yml
- name: Block Malicious IP
  hosts: all
  tasks:
    - name: Block IP using Firewall
      command: "iptables -A INPUT -s {{ ip_address }} -j DROP"