fix configure arguments and CRS include
This commit is contained in:
parent
b0f93fb840
commit
bbb5134a39
|
@ -55,7 +55,7 @@ SecAuditLog /var/log/nginx/modsec_audit.log
|
|||
|
||||
# include OWASP CRS configuration
|
||||
{% if USE_MODSECURITY_CRS == "yes" %}
|
||||
include /opt/owasp/crs.conf
|
||||
include /opt/bunkerized-nginx/crs-setup.conf
|
||||
|
||||
# custom CRS configurations before loading rules (exclusions)
|
||||
{% if is_custom_conf("/modsec-crs-confs") %}
|
||||
|
@ -66,7 +66,7 @@ include /modsec-crs-confs/{{ FIRST_SERVER }}/*.conf
|
|||
{% endif %}
|
||||
|
||||
# include OWASP CRS rules
|
||||
include /opt/owasp/crs/*.conf
|
||||
include /opt/bunkerized-nginx/crs/*.conf
|
||||
{% endif %}
|
||||
|
||||
# custom rules after loading the CRS
|
||||
|
|
|
@ -373,8 +373,8 @@ echo "[*] Clone coreruleset/coreruleset"
|
|||
git_secure_clone https://github.com/coreruleset/coreruleset.git 7776fe23f127fd2315bad0e400bdceb2cabb97dc
|
||||
echo "[*] Install coreruleset"
|
||||
do_and_check_cmd mkdir /opt/bunkerized-nginx/crs
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules /opt/bunkerized-nginx/crs/
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs.conf
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules/* /opt/bunkerized-nginx/crs
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs-setup.conf
|
||||
|
||||
# Download ModSecurity-nginx module
|
||||
echo "[*] Clone SpiderLabs/ModSecurity-nginx"
|
||||
|
@ -527,7 +527,7 @@ CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERS
|
|||
echo "[*] Compile dynamic modules"
|
||||
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
|
||||
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure "$CONFARGS" --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
|
||||
if [ "$OS" = "centos" ] ; then
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib64/nginx/modules
|
||||
|
|
|
@ -83,11 +83,11 @@ if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
|||
fi
|
||||
echo "[*] Install dependencies"
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
DEBIAN_DEPS="git cron"
|
||||
DEBIAN_DEPS="git cron curl"
|
||||
DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y $DEBIAN_DEPS
|
||||
elif [ "$OS" = "centos" ] ; then
|
||||
do_and_check_cmd yum install -y epel-release
|
||||
CENTOS_DEPS="git crontabs"
|
||||
CENTOS_DEPS="git crontabs curl"
|
||||
do_and_check_cmd yum install -y $CENTOS_DEPS
|
||||
fi
|
||||
|
||||
|
@ -137,5 +137,29 @@ elif [ "$OS" = "centos" ] ; then
|
|||
do_and_check_cmd cp /tmp/bunkerized-nginx/misc/cron /var/spool/cron/nginx
|
||||
fi
|
||||
|
||||
# Download abusers list
|
||||
echo "[*] Download abusers list"
|
||||
# TODO : call external script
|
||||
|
||||
# Download TOR exit nodes list
|
||||
echo "[*] Download TOR exit nodes list"
|
||||
# TODO : call external script
|
||||
|
||||
# Download proxies list
|
||||
echo "[*] Download proxies list"
|
||||
# TODO : call external script
|
||||
|
||||
# Download referrers list
|
||||
echo "[*] Download referrers list"
|
||||
# TODO : call external script
|
||||
|
||||
# Download user agents list
|
||||
echo "[*] Download user agents list"
|
||||
# TODO : call external script
|
||||
|
||||
# Download geoip database
|
||||
echo "[*] Download proxies list"
|
||||
# TODO : call external script
|
||||
|
||||
# We're done
|
||||
echo "[*] bunkerized-nginx successfully installed !"
|
||||
|
|
Loading…
Reference in New Issue