librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

fix configure arguments and CRS include

This commit is contained in:
bunkerity 2021-06-20 21:51:57 +02:00
parent b0f93fb840
commit bbb5134a39
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
3 changed files with 31 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
confs/site/modsecurity-rules.conf
View File

@ -55,7 +55,7 @@ SecAuditLog /var/log/nginx/modsec_audit.log
# include OWASP CRS configuration
{% if USE_MODSECURITY_CRS == "yes" %}
include /opt/owasp/crs.conf
include /opt/bunkerized-nginx/crs-setup.conf
# custom CRS configurations before loading rules (exclusions)
{% if is_custom_conf("/modsec-crs-confs") %}
@ -66,7 +66,7 @@ include /modsec-crs-confs/{{ FIRST_SERVER }}/*.conf
{% endif %}
# include OWASP CRS rules
include /opt/owasp/crs/*.conf
include /opt/bunkerized-nginx/crs/*.conf
{% endif %}
# custom rules after loading the CRS

6
helpers/dependencies.sh
View File

@ -373,8 +373,8 @@ echo "[*] Clone coreruleset/coreruleset"
git_secure_clone https://github.com/coreruleset/coreruleset.git 7776fe23f127fd2315bad0e400bdceb2cabb97dc
echo "[*] Install coreruleset"
do_and_check_cmd mkdir /opt/bunkerized-nginx/crs
do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules /opt/bunkerized-nginx/crs/
do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs.conf
do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules/* /opt/bunkerized-nginx/crs
do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs-setup.conf
# Download ModSecurity-nginx module
echo "[*] Clone SpiderLabs/ModSecurity-nginx"
@ -527,7 +527,7 @@ CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERS
echo "[*] Compile dynamic modules"
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure "$CONFARGS" --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
if [ "$OS" = "centos" ] ; then
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib64/nginx/modules

28
helpers/install.sh
View File

@ -83,11 +83,11 @@ if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
fi
echo "[*] Install dependencies"
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
DEBIAN_DEPS="git cron"
DEBIAN_DEPS="git cron curl"
DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y $DEBIAN_DEPS
elif [ "$OS" = "centos" ] ; then
do_and_check_cmd yum install -y epel-release
CENTOS_DEPS="git crontabs"
CENTOS_DEPS="git crontabs curl"
do_and_check_cmd yum install -y $CENTOS_DEPS
fi
@ -137,5 +137,29 @@ elif [ "$OS" = "centos" ] ; then
do_and_check_cmd cp /tmp/bunkerized-nginx/misc/cron /var/spool/cron/nginx
fi
# Download abusers list
echo "[*] Download abusers list"
# TODO : call external script
# Download TOR exit nodes list
echo "[*] Download TOR exit nodes list"
# TODO : call external script
# Download proxies list
echo "[*] Download proxies list"
# TODO : call external script
# Download referrers list
echo "[*] Download referrers list"
# TODO : call external script
# Download user agents list
echo "[*] Download user agents list"
# TODO : call external script
# Download geoip database
echo "[*] Download proxies list"
# TODO : call external script
# We're done
echo "[*] bunkerized-nginx successfully installed !"