deps - init work on single install script
This commit is contained in:
parent
ffc4fc950e
commit
ecf30a71f7
30
Dockerfile
30
Dockerfile
|
@ -1,28 +1,14 @@
|
|||
FROM nginx:1.20.1-alpine
|
||||
|
||||
COPY helpers/dependencies.sh /tmp/dependencies.sh
|
||||
RUN apk add --no-cache bash && \
|
||||
chmod +x /tmp/dependencies.sh && \
|
||||
/tmp/dependencies.sh && \
|
||||
rm -f /tmp/dependencies.sh
|
||||
COPY helpers/install.sh /tmp/install.sh
|
||||
RUN chmod +x /tmp/install.sh && \
|
||||
/tmp/install.sh && \
|
||||
rm -f /tmp/install.sh
|
||||
|
||||
RUN apk add --no-cache certbot bash libmaxminddb libgcc lua yajl libstdc++ openssl py3-pip && \
|
||||
pip3 install jinja2
|
||||
|
||||
COPY gen/ /opt/bunkerized-nginx/gen
|
||||
COPY entrypoint/ /opt/bunkerized-nginx/entrypoint
|
||||
COPY confs/ /opt/bunkerized-nginx/confs
|
||||
COPY scripts/ /opt/bunkerized-nginx/scripts
|
||||
COPY lua/ /usr/local/lib/lua
|
||||
COPY antibot/ /opt/bunkerized-nginx/antibot
|
||||
COPY defaults/ /opt/bunkerized-nginx/defaults
|
||||
COPY settings.json /opt/bunkerized-nginx
|
||||
COPY misc/cron /etc/crontabs/nginx
|
||||
|
||||
COPY prepare.sh /tmp/prepare.sh
|
||||
RUN chmod +x /tmp/prepare.sh && \
|
||||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
COPY helpers/docker.sh /tmp/docker.sh
|
||||
RUN chmod +x /tmp/docker.sh && \
|
||||
/tmp/docker.sh && \
|
||||
rm -f /tmp/docker.sh
|
||||
|
||||
# Fix CVE-2021-22901, CVE-2021-22898, CVE-2021-22897 and CVE-2021-33560
|
||||
RUN apk add "curl>=7.77.0-r0" "libgcrypt>=1.8.8-r0"
|
||||
|
|
|
@ -1,584 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
function git_secure_checkout() {
|
||||
if [ "$CHANGE_DIR" != "" ] ; then
|
||||
cd "$CHANGE_DIR"
|
||||
fi
|
||||
path="$1"
|
||||
commit="$2"
|
||||
cd "$path"
|
||||
output="$(git checkout "${commit}^{commit}" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] Commit hash $commit is absent from submodules $path !"
|
||||
echo "$output"
|
||||
cleanup
|
||||
exit 4
|
||||
fi
|
||||
}
|
||||
|
||||
function git_secure_clone() {
|
||||
cd /tmp/bunkerized-nginx
|
||||
repo="$1"
|
||||
commit="$2"
|
||||
folder="$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")"
|
||||
output="$(git clone "$repo" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] Error cloning $1"
|
||||
echo "$output"
|
||||
cleanup
|
||||
exit 2
|
||||
fi
|
||||
cd "$folder"
|
||||
output="$(git checkout "${commit}^{commit}" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] Commit hash $commit is absent from repository $repo"
|
||||
echo "$output"
|
||||
cleanup
|
||||
exit 3
|
||||
fi
|
||||
}
|
||||
|
||||
function secure_download() {
|
||||
cd /tmp/bunkerized-nginx
|
||||
link="$1"
|
||||
file="$2"
|
||||
hash="$3"
|
||||
output="$(wget -q -O "$file" "$link" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] Error downloading $link"
|
||||
echo "$output"
|
||||
cleanup
|
||||
exit 5
|
||||
fi
|
||||
check="$(sha512sum "$file" | cut -d ' ' -f 1)"
|
||||
if [ "$check" != "$hash" ] ; then
|
||||
echo "[!] Wrong hash from file $link (expected $hash got $check)"
|
||||
cleanup
|
||||
exit 6
|
||||
fi
|
||||
}
|
||||
|
||||
function do_and_check_cmd() {
|
||||
if [ "$CHANGE_DIR" != "" ] ; then
|
||||
cd "$CHANGE_DIR"
|
||||
fi
|
||||
output=$("$@" 2>&1)
|
||||
ret="$?"
|
||||
if [ $ret -ne 0 ] ; then
|
||||
echo "[!] Error from command : $*"
|
||||
echo "$output"
|
||||
cleanup
|
||||
exit $ret
|
||||
fi
|
||||
#echo $output
|
||||
return 0
|
||||
}
|
||||
|
||||
function cleanup() {
|
||||
echo "[*] Cleaning /tmp/bunkerized-nginx"
|
||||
rm -rf /tmp/bunkerized-nginx
|
||||
}
|
||||
|
||||
function get_sign_repo_key() {
|
||||
key="-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.0.22 (GNU/Linux)
|
||||
|
||||
mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
|
||||
W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
|
||||
QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
|
||||
fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
|
||||
97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
|
||||
XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
|
||||
a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV
|
||||
CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol
|
||||
kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr
|
||||
KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG
|
||||
F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN
|
||||
1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD
|
||||
oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi
|
||||
MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
|
||||
YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
|
||||
JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
|
||||
Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
|
||||
RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
|
||||
SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
|
||||
Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
|
||||
cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
|
||||
YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
|
||||
Va3l3WuB+rgKjsQ=
|
||||
=EWWI
|
||||
-----END PGP PUBLIC KEY BLOCK-----"
|
||||
echo "$key"
|
||||
}
|
||||
|
||||
function get_sign_repo_key_rsa() {
|
||||
key="-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/hT2Chq4hhn+zasCn1gv
|
||||
N3AVdNYGm4FVkJmWzHBc3lvoTLIMR1uoopg9EbH2faBG3yQjxtAkUme6aauaSmpm
|
||||
LNvhCfENsrDhRx8KRqwNgvM8jQLOCEMZ2WSGxE4HEsBbQ7p9F4qj8D2YMrl1ZvTw
|
||||
Gy2UW3wc5vMEf90lsoKmQQS3UJOUxHw0fhJ8vzNUVUeMQpRAjjRfVAQdnoxXSNSw
|
||||
+OQD2z9obDf6YhQclNbe8itoKRckbfe1sxh5/TFef0y+wJkTzOKXK9yWnJrQp8V3
|
||||
gmfJy6nnaErhxbocMg55QG7vCNejuV0a384ax0SRTNSZyIhps2Yuswbx9CLX8l+r
|
||||
bQIDAQAB
|
||||
-----END PUBLIC KEY-----"
|
||||
echo "$key"
|
||||
}
|
||||
|
||||
function get_sign_source_keys() {
|
||||
keys="-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.11 (FreeBSD)
|
||||
|
||||
mQENBE7SKu8BCADQo6x4ZQfAcPlJMLmL8zBEBUS6GyKMMMDtrTh3Yaq481HB54oR
|
||||
0cpKL05Ff9upjrIzLD5TJUCzYYM9GQOhguDUP8+ZU9JpSz3yO2TvH7WBbUZ8FADf
|
||||
hblmmUBLNgOWgLo3W+FYhl3mz1GFS2Fvid6Tfn02L8CBAj7jxbjL1Qj/OA/WmLLc
|
||||
m6BMTqI7IBlYW2vyIOIHasISGiAwZfp0ucMeXXvTtt14LGa8qXVcFnJTdwbf03AS
|
||||
ljhYrQnKnpl3VpDAoQt8C68YCwjaNJW59hKqWB+XeIJ9CW98+EOAxLAFszSyGanp
|
||||
rCqPd0numj9TIddjcRkTA/ZbmCWK+xjpVBGXABEBAAG0IU1heGltIERvdW5pbiA8
|
||||
bWRvdW5pbkBtZG91bmluLnJ1PokBOAQTAQIAIgUCTtIq7wIbAwYLCQgHAwIGFQgC
|
||||
CQoLBBYCAwECHgECF4AACgkQUgqZk6HAUvj+iwf/b4FS6zVzJ5T0v1vcQGD4ZzXe
|
||||
D5xMC4BJW414wVMU15rfX7aCdtoCYBNiApPxEd7SwiyxWRhRA9bikUq87JEgmnyV
|
||||
0iYbHZvCvc1jOkx4WR7E45t1Mi29KBoPaFXA9X5adZkYcOQLDxa2Z8m6LGXnlF6N
|
||||
tJkxQ8APrjZsdrbDvo3HxU9muPcq49ydzhgwfLwpUs11LYkwB0An9WRPuv3jporZ
|
||||
/XgI6RfPMZ5NIx+FRRCjn6DnfHboY9rNF6NzrOReJRBhXCi6I+KkHHEnMoyg8XET
|
||||
9lVkfHTOl81aIZqrAloX3/00TkYWyM2zO9oYpOg6eUFCX/Lw4MJZsTcT5EKVxIhG
|
||||
BBARAgAGBQJO01Y/AAoJEOzw6QssFyCDVyQAn3qwTZlcZgyyzWu9Cs8gJ0CXREaS
|
||||
AJ92QjGLT9DijTcbB+q9OS/nl16Z/IhGBBARAgAGBQJO02JDAAoJEKk3YTmlJMU+
|
||||
P64AnjCKEXFelSVMtgefJk3+vpyt3QX1AKCH9M3MbTWPeDUL+MpULlfdyfvjj7kB
|
||||
DQRO0irvAQgA0LjCc8S6oZzjiap2MjRNhRFA5BYjXZRZBdKF2VP74avt2/RELq8G
|
||||
W0n7JWmKn6vvrXabEGLyfkCngAhTq9tJ/K7LPx/bmlO5+jboO/1inH2BTtLiHjAX
|
||||
vicXZk3oaZt2Sotx5mMI3yzpFQRVqZXsi0LpUTPJEh3oS8IdYRjslQh1A7P5hfCZ
|
||||
wtzwb/hKm8upODe/ITUMuXeWfLuQj/uEU6wMzmfMHb+jlYMWtb+v98aJa2FODeKP
|
||||
mWCXLa7bliXp1SSeBOEfIgEAmjM6QGlDx5sZhr2Ss2xSPRdZ8DqD7oiRVzmstX1Y
|
||||
oxEzC0yXfaefC7SgM0nMnaTvYEOYJ9CH3wARAQABiQEfBBgBAgAJBQJO0irvAhsM
|
||||
AAoJEFIKmZOhwFL4844H/jo8icCcS6eOWvnen7lg0FcCo1fIm4wW3tEmkQdchSHE
|
||||
CJDq7pgTloN65pwB5tBoT47cyYNZA9eTfJVgRc74q5cexKOYrMC3KuAqWbwqXhkV
|
||||
s0nkWxnOIidTHSXvBZfDFA4Idwte94Thrzf8Pn8UESudTiqrWoCBXk2UyVsl03gJ
|
||||
blSJAeJGYPPeo+Yj6m63OWe2+/S2VTgmbPS/RObn0Aeg7yuff0n5+ytEt2KL51gO
|
||||
QE2uIxTCawHr12PsllPkbqPk/PagIttfEJqn9b0CrqPC3HREePb2aMJ/Ctw/76CO
|
||||
wn0mtXeIXLCTvBmznXfaMKllsqbsy2nCJ2P2uJjOntw=
|
||||
=Tavt
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBF4TqFoBEADNbls05thIAYVVKdMDRdtzGk7HXGqx60u/kh4BL9HskUpyYFTp
|
||||
N07RJ1TyyusfD7I3skuGHvtQhqdTwHPDEPL5qrAnHps9XWUQrtU7hflcIKt43iDe
|
||||
TvfVVhN0nPir2++C4qvNnrC/UCisyz00H/I9mobl2qzyKyLT8BnUBVuXDfOTlUCY
|
||||
oF4z5BieOMvg1DZNKFDnK67ZuO4JXgtMlu4Q3tFd7qSWCWGuCuAGgn6eWFYMzCbB
|
||||
rPyBYwb7xyycQzqmJiD7Qm9OeVHmZj5rG5hGM14MyTSUVJle0U+CJCF9lmfVuR/c
|
||||
ySy7WmQgIg327x5Y5xa3pKZAvIAycnDabAk/08p59BG7UdAi2S7+2SicAH89/81V
|
||||
g4BI4mZp+IuxaP+S+ckaRf1CUvRAJuLTqUeBSuOzjag+ibD6rqusuZ1MZqLxnXyu
|
||||
gAztNDcmEFa/pqp5bgWbrlTF6zKt4cQf+a/JqFGatsfSzmrIyIZ6GEqgb8oXDDIt
|
||||
Z1AqsTfp6ZBC1vITE9+b0zBw6qq/nGD0Iq47Vp1VxmlxmnoeR4ir8z/oSukPulLU
|
||||
K3IqkmRNGEilINrtBt5jFbBlx8kwdCYvxEF6ymibBBqvwwv65jrrKheBQm+HrrVS
|
||||
aMQmo4Qzj/h/ZLL9KENHibNwUypJnvwEvw0YkAyjICvoNzDUsM+92+B/ewARAQAB
|
||||
tCFNYXhpbSBLb25vdmFsb3YgPG1heGltQG5naW54LmNvbT6JAlcEEwEKAEECGwMF
|
||||
CwkIBwMFFQoJCAsFFgIDAQACHgECF4ACGQEWIQRB25JxPTv0v/PukQacXn+i9Ul3
|
||||
1AUCXhgw1wUJBagi/QAKCRCcXn+i9Ul31LltD/40KNFPvDaORz35udrm0cyVIgbI
|
||||
lq7Vswfo5JIr8MyJ+VKJFQ2n2JiQT8QbX52Sy5P80ktSAFqcT3vtWB7bI6RfJ8Jx
|
||||
YM/w3XKnNMoUt7Q/cqZK5Ra/csmaCWqP4UVUvUBjHvly0MpnE1kxEDUglrcyVKjt
|
||||
fxB/GXeUpKOELXG44zvW2CP9Mce0FbDxrh8iCai9MK+2oSt1aJV+gONLWscRgsc7
|
||||
6q9/4KUXByt0qxScYPRQRIaxpIA8sCno21owcMOf8aQtun6Ytf+UIovl9DmK2pRm
|
||||
Ifc2JruW1Jx2r7z955ZFNgTA380jEL85dWbgbHF/pYPlwcTCnaAf294kefjrX9DN
|
||||
rejbZZ3Fh2QGs0tWW5+wncVWndq4jLQTeamUdzw5MPpOh+bZoHT+7z1PDGWe+PIn
|
||||
DTbfaFYL7MsXwScMUsexKLOoDO6KKpZjcsw9/b5JsJmP73ZEj02BjRudapObiRxm
|
||||
MtDl8Zmpg7ZUqMHEuUzyEyI5nSWu4njjrWJO0CnsjLpv2UxAbxDn1NGc/DoyxM1l
|
||||
4SQv4AJuSLo1x7PTRb9V9HkWqxXf+yCkNpV9UjmlrH104gWL6sof6rX8Jo6k+Sz+
|
||||
yyQHcVbrJ95Y3hQU7QMMnotzVbL7BRtWMtDYTp7q+gYbZ0s+YRXjaHcA5IuV65tM
|
||||
tEPwGpOCofQ2avkdqIhdBBARCgAdFiEEZVBsAu/CUPG3o9aU7PDpCywXIIMFAl4T
|
||||
qXUACgkQ7PDpCywXIIN5CQCgyNFrUBGlUvH9QlDSE/umzoyXW/UAn0ve2/HzpMVN
|
||||
uPMAAgnHYE2R0eiEtCNNYXhpbSBLb25vdmFsb3YgPG1heGltQEZyZWVCU0Qub3Jn
|
||||
PokCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEHbknE9O/S/
|
||||
8+6RBpxef6L1SXfUBQJeGDDXBQkFqCL9AAoJEJxef6L1SXfUJ/IQALtwaB7mlBUB
|
||||
NdzqQRIZAVSnJZ2w6+Iul7Ax4gKrqWj6SvL/5jEdZm65D0kjxJIHq+dO+lJIMLzp
|
||||
rBkfZ0kkxOPQ1rw/QR31qHLAibknrwIQQVtzFvVg4iW7IZefx6WGbJJC5IbjBUBf
|
||||
HATqbXmMAcLILh9+t4q7Qvwi2b8ZIsC37cktthad7j4kvXqV5BJ4I+PoDT0CcW48
|
||||
wgTfMwhib52pLMu3Ghk56kwHBtYSHUDrA4KWRzRHxQ+RoUXLIdtmMRbp8ztwBMJZ
|
||||
+J/9TLrb3YHUidS3l2nE55l9dJZycCU2EOAhJMbFKbmfW/9we/Sm+vnoALGExepl
|
||||
FgdGz2NTqPA4ha2y2rBC73TSkfM+4amIrr6kSbeofjQL/w5+fhxAvM5oXuzffPK9
|
||||
8IR31d66JUTjeueobguzh9ApeHElmihimRJk0KP+NVAMNCIZmlMuOXHPwnCajcBh
|
||||
Sh9kFGy6tPPPZYQOHSm5KvyjIJDfmkFfJ5ybazkmsGhZMzQs4ZHItC1jf0vYCqsr
|
||||
d3eVEQesy5nDlSC2lWK84R+J+qTL82ZbCc/VZMniCBCC9xIvEOU9gtIH+58vF8dq
|
||||
l/jTmGp2h1/kHlJfn0cnxKJDzn2IG16jqR7VdWQEO5hjEMaZdxhM1jPGRdkM82fB
|
||||
Wwv8BLBpgBstyQlxJ/NNO5+dCtZYWRcviF0EEBEKAB0WIQRlUGwC78JQ8bej1pTs
|
||||
8OkLLBcggwUCXhOpbwAKCRDs8OkLLBcgg/jfAKCO7DIiB2DGBfLCFftmyuZJN2A6
|
||||
ZgCfV/cclX++mLyiyYqr2BXnrQk4NVG5Ag0EXhOoWgEQAOmkirptbymUR2JP9DrP
|
||||
e7aELbUw4bcMx4/nQo1QyKxjDhUdgUui4OiqxmhMjT2IlgFvcYsMeLiYGa/EdBkd
|
||||
Yq4DtEwc++2eybFQA1z6Hrk+sxdd8neN4azUa5sqVvUwenQ7UMPclSQJaE1nVGCZ
|
||||
KKVyNsK36RJrE0JfdmE1zKZFWmTCTZ/D/hTCq+hjMpCV+VWFaz3h4S+XsZiBgLB4
|
||||
+zmyHjyU6E+ecELvAHoXwMbAPiFzzms824Fc1BKHjnc8BBzfUVdIBGhxOVNHDSj3
|
||||
oxPsiBnuvSlQMlGx0YNLw/tTfw+CFOot5o/KIq9svUp8W9mdj6kKaqBLNxpjHbhQ
|
||||
yvVSK7O5uS62emMHkRwgu1tmP98d3bGlXRn+S+2MCuyqdFaK40B6vnkPnXpl5ggE
|
||||
w8JoH11ahNeJ5tX8/JpX/0aQmapt7CKwcgELJap+Qp8i/MFXef7FK/nE0lFIL95o
|
||||
l9uthd/beX6dz/EEw61lC17Opd3y0N+Dy+eJ0wbULdgKrblZ0PxsumLeICGLs7/P
|
||||
O9/3nQHJRjmFaVG10t5bL/77gvQ4l7HcuLS1GGHh+RM6EsFuuiqI+aFcDFyRITli
|
||||
g0QRq4y/C6nqhTWEyYriIi8Dq6JxXisklC1WvSIgPwq1/msmrbiKcJZFPoNtMVtO
|
||||
dzL3naM5IWOa290R541GjkEVABEBAAGJAjwEGAEKACYCGwwWIQRB25JxPTv0v/Pu
|
||||
kQacXn+i9Ul31AUCXhgw/QUJBagjIwAKCRCcXn+i9Ul31MQDEACeO6ZBLEWswuyU
|
||||
RErntoHkY6wIkpfMiERjgfqbNkrdBgXg8dT7kPsXFEtv3ZccjPbsRecJaXdmwGab
|
||||
mp9MUDYG3SiqgFNriJTv2WECzgYKrZQg38JVwfl7OHPaV2fwZvG56a4qKpIZ3wIg
|
||||
4acfEPkHQ2ygpKnEJD4IsEK225PtYq5lmNfntvDhbuTPh2vY8T9w0udGCzp4JS60
|
||||
zLeGGat+52PislEtrSa2B7zSMzGmOqDidaDbEfzdzL+IteZHWDGmYNQ8yICIv6Wj
|
||||
A80k7uhzDWJf5RMQSNybBykrlWSooaVrBWHgDky5ldAQjDtVrMkBpzglH8FQ44i+
|
||||
la9caRDfw0Lfxg52vV4eXtpSHAYx3cFREEW9xpTOwOE7Qg0JyHAkUKNb8DJgyehC
|
||||
BjSeeiMFiZX1plyYFrUAB8dVXi9Z7kqOjTpfYU6kAxDXzQhlqqgYRwoFJQcsQ1Ll
|
||||
jKptAs6glmDx8dJcjUrK/eH24GGg46eGv2wxY4+sItXfLQ2oeU4uh/vORjvgeeNp
|
||||
er4z5KLuKxwgpaobavtRZmZSZdGrdC93Si27dpSRiWYn1csoTxG0zZhUVFFW68I4
|
||||
I5PIdJwblvxayVKdg0aVW/RwDsOLH0twVxwnOPSjLPEB2IwGnlX6rN38cRnibPXM
|
||||
yh4LsaVRdhbFe9aNd/O5iNgDcQtCUg==
|
||||
=/pFc
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.11 (FreeBSD)
|
||||
|
||||
mQENBE5E4vkBCADPkWWzk7W5cXOqeZ1ULNSj8nt5azbYjfQ8OyR2AaDW8J7oazYH
|
||||
reIHKid5uZVJxwr1uLoMloGiYTdy4XYIF2WcOfDnjNGumrAT0Nd4Kdax/pHr5Pdp
|
||||
jFsO4BkHyWk/5/zDCijyoGYLBR6I8hqn+WDuLG/sTtVuTWkUeOlfxb2eZdLyZ3oP
|
||||
5T5FXtWTpKvr2y7RGshmS6EJnjiVvvErdbNItFXghqvBBaFOJaS2PRBEO9RfKpti
|
||||
i+eS/cmlrm+Tjv44EPfQyLtAmCQ8uqfL50uIKEp6/dsC/OVJ6JlJOYl4j90DX7vB
|
||||
TJaOyUm4s+BLF2BK+Ow8+s+B6jQ5noa/o16NABEBAAG0IFNlcmdleSBCdWRuZXZp
|
||||
dGNoIDxzYkBuZ2lueC5jb20+iQE+BBMBAgAoBQJOROQ6AhsDBQkJZgGABgsJCAcD
|
||||
AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCmT9Wxets5qEQgB/43Mxmiy7DjXEbxIYkC
|
||||
9xPC4kf1X+bHkJ9BtAgaYDQewjtQ7vS98TKJBibm3l4egmBjFWjCpL8845n966+u
|
||||
XDqrDWJtOPUXvSEQNXGlijDGSxxpdK2dxDOKIOC8nIlZq/Xz/Uqjb2ZrszmYK2LD
|
||||
IHI1mN9HdI6aTt41QbtG0nkaPPgv3MEvxSMVCzVddroyPXvf/ErT4OSYU+dqJhH+
|
||||
SBIezuF0suzH/siCksbSBZHIst5rggpjsZvijP5YFH/hpEsR+tKXo9EFk49xn9Ou
|
||||
WdmpOEs7CKDbTApkh9XN/Pk5nJQ/HIDuW8pkgzf2wxNWlMSYw6xnozDkeIqpJcDD
|
||||
4niqiEYEEBECAAYFAk5OYocACgkQ7PDpCywXIIMKtQCfaAl2rvbEImu6MnDR32KG
|
||||
HTDH2TEAoNeWrSlavyFzbSQka53E9Gs6gF63tCBTZXJnZXkgQnVkbmV2aXRjaCA8
|
||||
c2JAd2FlbWUubmV0PokBQQQTAQIAKwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYC
|
||||
AwECHgECF4AFAk5OR38CGQEACgkQpk/VsXrbOagPmAf/QmIEDkkiovc1MgQ81lh4
|
||||
eeHfvtptb+U4GVCu07DQUR9kEtN6Jqi65gKb95fEztI14PpX+euiWrc/RlnsxWc0
|
||||
jYF0UmyacWLN6oHPoxlCK5+7zyoz5UTNrYGkTfWfcNtTU509CEZRClBNjMZOTZjP
|
||||
QhdR+Ce6tngRcQvMGNaLjJkKuY7vPh6FjT5oqxpnEIRTsWq6bUaeCXm7j9x0as1Z
|
||||
w1E5D5it3Ug3VlAe58jFJmRgatOsWznKuNoLRjQ2Chp2ce+dLgXriuJMrvEsn5S4
|
||||
dImUGL5DVYWDVZNG+r85XnOhMfKG308pZby1uzFvD+j3P6yMj1tpaCAAi5lUkHh6
|
||||
bIhGBBARAgAGBQJOTmJ/AAoJEOzw6QssFyCDH50AoMyJPvPDTYXK5KHOlPYPZQ5M
|
||||
OuCAAJ9zQ/3hKedm3xCLGl4Y6hjxJNlUTbkBDQROROL5AQgAuGIfx9aVOOXVdj8b
|
||||
XvjBQt+UkBURYGACHFQ69w71Aupsg9pZ7FgwgVKxnoNlmRag8sInjQbs3M/lS0sB
|
||||
dg75zZ7Ph7aPev8RAqdtX5+xxvujv1cmkFBExFuC5Wp/Yfzk/lPWZR4vXZrTpRiF
|
||||
PLMlRu0CEJFqoqPPygGFar02Q7rO+da35pxAuYrOWGM7MNr8H/vk13+GiqniBQCa
|
||||
uSoWwZQzaEdG5VGgm/vAwPzO+Cbam3r+Hs7OieykAy8fv+B+qhHn8Vc/520iGvdO
|
||||
IAKpxl6oZrkbNL/wozOOLZni7iWl30C43ujxPiGRlg/YotHmhlnMic85QKyakXCS
|
||||
WXI/JQARAQABiQElBBgBAgAPBQJOROL5AhsMBQkJZgGAAAoJEKZP1bF62zmoGCwH
|
||||
/2a6zlu4Jwmv21vuroaAzECV8gp1luBeagn23EgMMukYhkbwLtL/0twAHmZlkpzl
|
||||
atfq/EH2PgOasl2biJixqp7o9V7Uw6PS5JoY+1IrLEurG+FU2TN/Ysp12al4Z0Hh
|
||||
p4yBRSEikISO9gkeUThixDPX1PjCpx8G/ZYqk+8jRCcDgWsUc/WV3VGPht68oDd7
|
||||
56/hfQYc/V3eJmm5WYLVGV7Q69tGtp6D09SpoeqCD2K77auEBRVJ4jaT4B2/EfSb
|
||||
x6y7Dy4Oxm8TBOQ2EZw2vEixKxtEt86/oBtLUkqVockPq/Ek9AL+KzT6VR1xU+Cm
|
||||
CoHAyoqJeb/xLBwuKWg0/4U=
|
||||
=iFlP
|
||||
-----END PGP PUBLIC KEY BLOCK-----"
|
||||
echo "$keys"
|
||||
}
|
||||
|
||||
# Variables
|
||||
NTASK=$(nproc)
|
||||
|
||||
# Check if we are root
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "[!] Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Detect OS
|
||||
OS=""
|
||||
if [ "$(grep Debian /etc/os-release)" != "" ] ; then
|
||||
OS="debian"
|
||||
elif [ "$(grep Ubuntu /etc/os-release)" != "" ] ; then
|
||||
OS="ubuntu"
|
||||
elif [ "$(grep CentOS /etc/os-release)" != "" ] ; then
|
||||
OS="centos"
|
||||
elif [ "$(grep Alpine /etc/os-release)" != "" ] ; then
|
||||
OS="alpine"
|
||||
fi
|
||||
if [ "$OS" = "" ] ; then
|
||||
echo "[!] Unsupported Operating System"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Create /tmp/bunkerized-nginx
|
||||
echo "[*] Prepare /tmp/bunkerized-nginx"
|
||||
if [ -e "/tmp/bunkerized-nginx" ] ; then
|
||||
do_and_check_cmd rm -rf /tmp/bunkerized-nginx
|
||||
fi
|
||||
do_and_check_cmd mkdir /tmp/bunkerized-nginx
|
||||
|
||||
# Create /opt/bunkerized-nginx
|
||||
echo "[*] Prepare /opt/bunkerized-nginx"
|
||||
if [ -e "/opt/bunkerized-nginx" ] ; then
|
||||
do_and_check_cmd rm -rf /opt/bunkerized-nginx
|
||||
fi
|
||||
do_and_check_cmd mkdir /opt/bunkerized-nginx
|
||||
|
||||
# Check nginx version
|
||||
NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
|
||||
# Add nginx official repo and install
|
||||
if [ "$NGINX_VERSION" = "" ] ; then
|
||||
get_sign_repo_key > /tmp/bunkerized-nginx/nginx_signing.key
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
echo "[*] Add nginx official repository"
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
|
||||
do_and_check_cmd apt update
|
||||
DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y gnupg2 ca-certificates lsb-release software-properties-common
|
||||
do_and_check_cmd add-apt-repository "deb http://nginx.org/packages/${OS} $(lsb_release -cs) nginx"
|
||||
do_and_check_cmd apt update
|
||||
echo "[*] Install nginx"
|
||||
DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y nginx
|
||||
elif [ "$OS" = "centos" ] ; then
|
||||
echo "[*] Add nginx official repository"
|
||||
do_and_check_cmd yum install -y yum-utils
|
||||
cp /tmp/bunkerized-nginx/nginx_signing.key /etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
|
||||
do_and_check_cmd rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
|
||||
repo="[nginx-stable]
|
||||
name=nginx stable repo
|
||||
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
|
||||
gpgcheck=1
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
|
||||
enabled=1
|
||||
module_hotfixes=true"
|
||||
echo "$repo" > /etc/yum.repos.d/nginx.repo
|
||||
echo "[*] Install nginx"
|
||||
do_and_check_cmd yum install -y nginx
|
||||
elif [ "$OS" = "alpine" ] ; then
|
||||
echo "[*] Add nginx official repository"
|
||||
get_sign_repo_key_rsa > /etc/apk/keys/nginx_signing.rsa.pub
|
||||
echo "@nginx http://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories
|
||||
echo "[*] Install nginx"
|
||||
do_and_check_cmd apk add nginx@nginx
|
||||
fi
|
||||
NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
|
||||
fi
|
||||
echo "[*] Detected nginx version ${NGINX_VERSION}"
|
||||
if [ "$NGINX_VERSION" != "1.20.1" ] ; then
|
||||
echo "/!\\ Warning : we recommend you to use nginx v1.20.1, you should uninstall your nginx version and run this script again ! /!\\"
|
||||
fi
|
||||
|
||||
# Install dependencies
|
||||
echo "[*] Update packet list"
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
do_and_check_cmd apt update
|
||||
fi
|
||||
echo "[*] Install dependencies"
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
DEBIAN_DEPS="git autoconf pkg-config libpcre++-dev automake libtool g++ make liblua5.1-0-dev libgd-dev lua5.1 libssl-dev wget libbrotli-dev gnupg"
|
||||
DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y $DEBIAN_DEPS
|
||||
do_and_check_cmd cp -r /usr/include/lua5.1/* /usr/include
|
||||
elif [ "$OS" = "centos" ] ; then
|
||||
do_and_check_cmd yum install -y epel-release
|
||||
CENTOS_DEPS="git autoconf pkg-config pcre-devel automake libtool gcc-c++ make lua-devel gd-devel lua openssl-devel wget brotli-devel gnupg"
|
||||
do_and_check_cmd yum install -y $CENTOS_DEPS
|
||||
elif [ "$OS" = "alpine" ] ; then
|
||||
ALPINE_DEPS="git build autoconf libtool automake git geoip-dev yajl-dev g++ gcc curl-dev libxml2-dev pcre-dev make linux-headers musl-dev lua-dev gd-dev gnupg brotli-dev openssl-dev"
|
||||
do_and_check_cmd apk add --no-cache --virtual build $ALPINE_DEPS
|
||||
fi
|
||||
|
||||
# Download, compile and install libmaxminddb
|
||||
echo "[*] Download maxmind/libmaxminddb"
|
||||
secure_download "https://github.com/maxmind/libmaxminddb/releases/download/1.6.0/libmaxminddb-1.6.0.tar.gz" "libmaxminddb-1.6.0.tar.gz" "9394e8dd959982d4ef5d15a928d32700722ed9d6c9988d9cc1bf2f4e67de0a53cc6987e90aaef3a6926c9ff36ac378f7a1fe47818fda4f5a3a22539210b2d004"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xzf libmaxminddb-1.6.0.tar.gz
|
||||
echo "[*] Compile and install libmaxminddb"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd ./configure
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd make install
|
||||
if [ "$OS" = "centos" ] ; then
|
||||
do_and_check_cmd cp -P /usr/local/lib/libmaxminddb* /lib64/
|
||||
fi
|
||||
|
||||
# Download, compile and install ModSecurity
|
||||
echo "[*] Clone SpiderLabs/ModSecurity"
|
||||
git_secure_clone https://github.com/SpiderLabs/ModSecurity.git bf881a4eda343d37629e39ede5e28b70dc4067c0
|
||||
echo "[*] Compile and install ModSecurity"
|
||||
# temp fix : Debian run it twice
|
||||
cd /tmp/bunkerized-nginx/ModSecurity && ./build.sh > /dev/null 2>&1
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd sh build.sh
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule init
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule update
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout bindings/python 47a6925df187f96e4593afab18dc92d5f22bd4d5
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout others/libinjection bf234eb2f385b969c4f803b35fda53cffdd93922
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout test/test-cases/secrules-language-tests d03f4c1e930440df46c1faa37d820a919704d9da
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd ./configure --disable-doxygen-doc --disable-dependency-tracking --disable-examples
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make install-strip
|
||||
|
||||
# Download and install OWASP Core Rule Set
|
||||
echo "[*] Clone coreruleset/coreruleset"
|
||||
git_secure_clone https://github.com/coreruleset/coreruleset.git 18703f1bc47e9c4ec4096853d5fb4e2a204a07a2
|
||||
echo "[*] Install coreruleset"
|
||||
do_and_check_cmd mkdir /opt/bunkerized-nginx/crs
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules/* /opt/bunkerized-nginx/crs
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs-setup.conf
|
||||
|
||||
# Download ModSecurity-nginx module
|
||||
echo "[*] Clone SpiderLabs/ModSecurity-nginx"
|
||||
git_secure_clone https://github.com/SpiderLabs/ModSecurity-nginx.git 2497e6ac654d0b117b9534aa735b757c6b11c84f
|
||||
|
||||
# Download headers more module
|
||||
echo "[*] Clone openresty/headers-more-nginx-module"
|
||||
git_secure_clone https://github.com/openresty/headers-more-nginx-module.git f85af9649b858e21b400a2150a4c7b8ebd36e921
|
||||
|
||||
# Download GeoIP moduke
|
||||
echo "[*] Clone leev/ngx_http_geoip2_module"
|
||||
git_secure_clone https://github.com/leev/ngx_http_geoip2_module.git 1cabd8a1f68ea3998f94e9f3504431970f848fbf
|
||||
|
||||
# Download cookie flag module
|
||||
echo "[*] Clone AirisX/nginx_cookie_flag_module"
|
||||
git_secure_clone https://github.com/AirisX/nginx_cookie_flag_module.git c4ff449318474fbbb4ba5f40cb67ccd54dc595d4
|
||||
|
||||
# Download brotli module
|
||||
echo "[*] Clone google/ngx_brotli"
|
||||
git_secure_clone https://github.com/google/ngx_brotli.git 9aec15e2aa6feea2113119ba06460af70ab3ea62
|
||||
|
||||
# Download lua-nginx module
|
||||
git_secure_clone https://github.com/openresty/lua-nginx-module.git 9007d673e28938f5dfa7720438991e22b794d225
|
||||
|
||||
# Download, compile and install luajit2
|
||||
echo "[*] Clone openresty/luajit2"
|
||||
git_secure_clone https://github.com/openresty/luajit2.git 5ff674c5d9b75d6018994dfac3ce38aab3b8db12
|
||||
echo "[*] Compile luajit2"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make -j $NTASK
|
||||
echo "[*] Install luajit2"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make install
|
||||
if [ "$OS" = "centos" ] ; then
|
||||
do_and_check_cmd cp -P /usr/local/lib/libluajit* /lib64/
|
||||
fi
|
||||
|
||||
# Download and install lua-resty-core
|
||||
echo "[*] Clone openresty/lua-resty-core"
|
||||
git_secure_clone https://github.com/openresty/lua-resty-core.git 12f26310a35e45c37157420f7e1f395a0e36e457
|
||||
echo "[*] Install lua-resty-core"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-core" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-lrucache
|
||||
echo "[*] Clone openresty/lua-resty-lrucache"
|
||||
git_secure_clone https://github.com/openresty/lua-resty-lrucache.git f20bb8ac9489ba87d90d78f929552c2eab153caa
|
||||
echo "[*] Install lua-resty-lrucache"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-lrucache" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-dns
|
||||
echo "[*] Clone openresty/lua-resty-dns"
|
||||
git_secure_clone https://github.com/openresty/lua-resty-dns.git 869d2fbb009b6ada93a5a10cb93acd1cc12bd53f
|
||||
echo "[*] Install lua-resty-dns"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-dns" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-session
|
||||
echo "[*] Clone bungle/lua-resty-session"
|
||||
git_secure_clone https://github.com/bungle/lua-resty-session.git 2cd1f8484fdd429505ac33abf7a44adda1f367bf
|
||||
echo "[*] Install lua-resty-session"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-resty-session/lib/resty/* /usr/local/lib/lua/resty
|
||||
|
||||
# Download and install lua-resty-random
|
||||
echo "[*] Clone bungle/lua-resty-random"
|
||||
git_secure_clone https://github.com/bungle/lua-resty-random.git 17b604f7f7dd217557ca548fc1a9a0d373386480
|
||||
echo "[*] Install lua-resty-random"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-random" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-string
|
||||
echo "[*] Clone openresty/lua-resty-string"
|
||||
git_secure_clone https://github.com/openresty/lua-resty-string.git 3624678ca1c7c32e2fb16c18b7511863e074d542
|
||||
echo "[*] Install lua-resty-string"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-string" do_and_check_cmd make install
|
||||
|
||||
# Download, compile and install lua-cjson
|
||||
echo "[*] Clone openresty/lua-cjson"
|
||||
git_secure_clone https://github.com/openresty/lua-cjson.git 0df488874f52a881d14b5876babaa780bb6200ee
|
||||
echo "[*] Compile lua-cjson"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make -j $NTASK
|
||||
echo "[*] Install lua-cjson"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install-extra
|
||||
|
||||
# Download, compile and install lua-gd
|
||||
echo "[*] Clone ittner/lua-gd"
|
||||
git_secure_clone https://github.com/ittner/lua-gd.git 2ce8e478a8591afd71e607506bc8c64b161bbd30
|
||||
echo "[*] Compile lua-gd"
|
||||
if [ "$OS" = "centos" ] ; then
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make LUAPKG=lua LUABIN=lua -j $NTASK
|
||||
else
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make -j $NTASK
|
||||
fi
|
||||
echo "[*] Install lua-gd"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make INSTALL_PATH=/usr/local/lib/lua/5.1 install
|
||||
|
||||
# Download and install lua-resty-http
|
||||
echo "[*] Clone ledgetech/lua-resty-http"
|
||||
git_secure_clone https://github.com/ledgetech/lua-resty-http.git 9bf951dfe162dd9710a0e1f4525738d4902e9d20
|
||||
echo "[*] Install lua-resty-http"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-http" do_and_check_cmd make install
|
||||
|
||||
# Download and install lualogging
|
||||
echo "[*] Clone Neopallium/lualogging"
|
||||
git_secure_clone https://github.com/lunarmodules/lualogging.git 5973188a1f8fc31abd98aceed2a4853986d779e9
|
||||
echo "[*] Install lualogging"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lualogging/src/* /usr/local/lib/lua
|
||||
|
||||
# Download, compile and install luasocket
|
||||
echo "[*] Clone diegonehab/luasocket"
|
||||
git_secure_clone https://github.com/diegonehab/luasocket.git 5b18e475f38fcf28429b1cc4b17baee3b9793a62
|
||||
echo "[*] Compile luasocket"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make -j $NTASK
|
||||
echo "[*] Install luasocket"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make CDIR_linux=lib/lua/5.1 LDIR_linux=lib/lua install
|
||||
|
||||
# Download, compile and install luasec
|
||||
echo "[*] Clone brunoos/luasec"
|
||||
git_secure_clone https://github.com/brunoos/luasec.git d5df31561751ec0d4098dfc09c92ece215a56a5a
|
||||
echo "[*] Compile luasec"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make linux -j $NTASK
|
||||
echo "[*] Install luasec"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make LUACPATH=/usr/local/lib/lua/5.1 LUAPATH=/usr/local/lib/lua install
|
||||
|
||||
# Download and install lua-cs-bouncer
|
||||
echo "[*] Clone crowdsecurity/lua-cs-bouncer"
|
||||
git_secure_clone https://github.com/crowdsecurity/lua-cs-bouncer.git 3c235c813fc453dcf51a391bc9e9a36ca77958b0
|
||||
echo "[*] Install lua-cs-bouncer"
|
||||
if [ ! -d /usr/local/lib/lua/crowdsec ] ; then
|
||||
do_and_check_cmd mkdir /usr/local/lib/lua/crowdsec
|
||||
fi
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-cs-bouncer/lib/* /usr/local/lib/lua/crowdsec
|
||||
do_and_check_cmd sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
|
||||
do_and_check_cmd sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
|
||||
|
||||
# Download and install lua-resty-iputils
|
||||
echo "[*] Clone hamishforbes/lua-resty-iputils"
|
||||
git_secure_clone https://github.com/hamishforbes/lua-resty-iputils.git 3151d6485e830421266eee5c0f386c32c835dba4
|
||||
echo "[*] Install lua-resty-iputils"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-iputils" do_and_check_cmd make LUA_LIB_DIR=/usr/local/lib/lua install
|
||||
|
||||
# Download nginx and decompress sources
|
||||
echo "[*] Download nginx-${NGINX_VERSION}.tar.gz"
|
||||
do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"
|
||||
do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz.asc" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz.asc"
|
||||
get_sign_source_keys > /tmp/bunkerized-nginx/nginx.key
|
||||
do_and_check_cmd gpg --import /tmp/bunkerized-nginx/nginx.key
|
||||
check=$(gpg --verify /tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz.asc /tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz 2>&1 | grep "^gpg: Good signature from ")
|
||||
if [ "$check" = "" ] ; then
|
||||
echo "[!] Wrong signature from nginx source !!!"
|
||||
cleanup
|
||||
exit 1
|
||||
fi
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERSION}.tar.gz
|
||||
|
||||
# Compile dynamic modules
|
||||
echo "[*] Compile dynamic modules"
|
||||
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
|
||||
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
|
||||
echo "\#/bin/sh" > "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli" >> "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
do_and_check_cmd chmod +x "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure-fix.sh
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
|
||||
if [ ! -d "/usr/lib/nginx/modules" ] ; then
|
||||
do_and_check_cmd mkdir -p /usr/lib/nginx/modules
|
||||
fi
|
||||
do_and_check_cmd chown -R root:root /usr/lib/nginx
|
||||
do_and_check_cmd chmod -R 755 /usr/lib/nginx
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib/nginx/modules
|
||||
do_and_check_cmd chmod 744 /usr/lib/nginx/modules/*
|
||||
|
||||
# We're done
|
||||
if [ "$OS" = "alpine" ] ; then
|
||||
apk del build > /dev/null 2>&1
|
||||
fi
|
||||
cleanup
|
||||
echo "[*] Dependencies for bunkerized-nginx successfully installed !"
|
||||
exit 0
|
|
@ -0,0 +1,37 @@
|
|||
#!/bin/sh
|
||||
|
||||
# prepare /www
|
||||
mkdir /www
|
||||
chown -R root:nginx /www
|
||||
chmod -R 770 /www
|
||||
|
||||
# prepare /acme-challenge
|
||||
mkdir /acme-challenge
|
||||
chown root:nginx /acme-challenge
|
||||
chmod 770 /acme-challenge
|
||||
|
||||
# prepare /cache
|
||||
mkdir /cache
|
||||
chown root:nginx /cache
|
||||
chmod 770 /cache
|
||||
|
||||
# prepare /plugins
|
||||
mkdir /plugins
|
||||
chown root:nginx /plugins
|
||||
chmod 770 /plugins
|
||||
|
||||
# prepare symlinks
|
||||
folders="www http-confs server-confs modsec-confs modsec-crs-confs cache pre-server-confs acme-challenge plugins"
|
||||
for folder in $folders ; do
|
||||
if [ -e "/opt/bunkerized-nginx/$folder" ] ; then
|
||||
rm -rf "/opt/bunkerized-nginx/$folder"
|
||||
fi
|
||||
ln -s "/$folder" "/opt/bunkerized-nginx/$folder"
|
||||
done
|
||||
|
||||
# prepare /var/log
|
||||
rm -f /var/log/nginx/*
|
||||
ln -s /proc/1/fd/2 /var/log/nginx/error.log
|
||||
ln -s /proc/1/fd/2 /var/log/nginx/modsec_audit.log
|
||||
ln -s /proc/1/fd/1 /var/log/nginx/access.log
|
||||
ln -s /proc/1/fd/1 /var/log/nginx/jobs.log
|
|
@ -1,5 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
function git_secure_checkout() {
|
||||
if [ "$CHANGE_DIR" != "" ] ; then
|
||||
cd "$CHANGE_DIR"
|
||||
fi
|
||||
path="$1"
|
||||
commit="$2"
|
||||
cd "$path"
|
||||
output="$(git checkout "${commit}^{commit}" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] Commit hash $commit is absent from submodules $path !"
|
||||
echo "$output"
|
||||
cleanup
|
||||
exit 4
|
||||
fi
|
||||
}
|
||||
|
||||
function git_secure_clone() {
|
||||
cd /tmp/bunkerized-nginx
|
||||
repo="$1"
|
||||
|
@ -22,6 +38,26 @@ function git_secure_clone() {
|
|||
fi
|
||||
}
|
||||
|
||||
function secure_download() {
|
||||
cd /tmp/bunkerized-nginx
|
||||
link="$1"
|
||||
file="$2"
|
||||
hash="$3"
|
||||
output="$(wget -q -O "$file" "$link" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] Error downloading $link"
|
||||
echo "$output"
|
||||
cleanup
|
||||
exit 5
|
||||
fi
|
||||
check="$(sha512sum "$file" | cut -d ' ' -f 1)"
|
||||
if [ "$check" != "$hash" ] ; then
|
||||
echo "[!] Wrong hash from file $link (expected $hash got $check)"
|
||||
cleanup
|
||||
exit 6
|
||||
fi
|
||||
}
|
||||
|
||||
function do_and_check_cmd() {
|
||||
if [ "$CHANGE_DIR" != "" ] ; then
|
||||
cd "$CHANGE_DIR"
|
||||
|
@ -43,6 +79,201 @@ function cleanup() {
|
|||
rm -rf /tmp/bunkerized-nginx
|
||||
}
|
||||
|
||||
function get_sign_repo_key() {
|
||||
key="-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.0.22 (GNU/Linux)
|
||||
|
||||
mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
|
||||
W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
|
||||
QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
|
||||
fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
|
||||
97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
|
||||
XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
|
||||
a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV
|
||||
CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol
|
||||
kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr
|
||||
KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG
|
||||
F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN
|
||||
1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD
|
||||
oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi
|
||||
MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
|
||||
YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
|
||||
JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
|
||||
Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
|
||||
RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
|
||||
SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
|
||||
Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
|
||||
cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
|
||||
YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
|
||||
Va3l3WuB+rgKjsQ=
|
||||
=EWWI
|
||||
-----END PGP PUBLIC KEY BLOCK-----"
|
||||
echo "$key"
|
||||
}
|
||||
|
||||
function get_sign_repo_key_rsa() {
|
||||
key="-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/hT2Chq4hhn+zasCn1gv
|
||||
N3AVdNYGm4FVkJmWzHBc3lvoTLIMR1uoopg9EbH2faBG3yQjxtAkUme6aauaSmpm
|
||||
LNvhCfENsrDhRx8KRqwNgvM8jQLOCEMZ2WSGxE4HEsBbQ7p9F4qj8D2YMrl1ZvTw
|
||||
Gy2UW3wc5vMEf90lsoKmQQS3UJOUxHw0fhJ8vzNUVUeMQpRAjjRfVAQdnoxXSNSw
|
||||
+OQD2z9obDf6YhQclNbe8itoKRckbfe1sxh5/TFef0y+wJkTzOKXK9yWnJrQp8V3
|
||||
gmfJy6nnaErhxbocMg55QG7vCNejuV0a384ax0SRTNSZyIhps2Yuswbx9CLX8l+r
|
||||
bQIDAQAB
|
||||
-----END PUBLIC KEY-----"
|
||||
echo "$key"
|
||||
}
|
||||
|
||||
function get_sign_source_keys() {
|
||||
keys="-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.11 (FreeBSD)
|
||||
|
||||
mQENBE7SKu8BCADQo6x4ZQfAcPlJMLmL8zBEBUS6GyKMMMDtrTh3Yaq481HB54oR
|
||||
0cpKL05Ff9upjrIzLD5TJUCzYYM9GQOhguDUP8+ZU9JpSz3yO2TvH7WBbUZ8FADf
|
||||
hblmmUBLNgOWgLo3W+FYhl3mz1GFS2Fvid6Tfn02L8CBAj7jxbjL1Qj/OA/WmLLc
|
||||
m6BMTqI7IBlYW2vyIOIHasISGiAwZfp0ucMeXXvTtt14LGa8qXVcFnJTdwbf03AS
|
||||
ljhYrQnKnpl3VpDAoQt8C68YCwjaNJW59hKqWB+XeIJ9CW98+EOAxLAFszSyGanp
|
||||
rCqPd0numj9TIddjcRkTA/ZbmCWK+xjpVBGXABEBAAG0IU1heGltIERvdW5pbiA8
|
||||
bWRvdW5pbkBtZG91bmluLnJ1PokBOAQTAQIAIgUCTtIq7wIbAwYLCQgHAwIGFQgC
|
||||
CQoLBBYCAwECHgECF4AACgkQUgqZk6HAUvj+iwf/b4FS6zVzJ5T0v1vcQGD4ZzXe
|
||||
D5xMC4BJW414wVMU15rfX7aCdtoCYBNiApPxEd7SwiyxWRhRA9bikUq87JEgmnyV
|
||||
0iYbHZvCvc1jOkx4WR7E45t1Mi29KBoPaFXA9X5adZkYcOQLDxa2Z8m6LGXnlF6N
|
||||
tJkxQ8APrjZsdrbDvo3HxU9muPcq49ydzhgwfLwpUs11LYkwB0An9WRPuv3jporZ
|
||||
/XgI6RfPMZ5NIx+FRRCjn6DnfHboY9rNF6NzrOReJRBhXCi6I+KkHHEnMoyg8XET
|
||||
9lVkfHTOl81aIZqrAloX3/00TkYWyM2zO9oYpOg6eUFCX/Lw4MJZsTcT5EKVxIhG
|
||||
BBARAgAGBQJO01Y/AAoJEOzw6QssFyCDVyQAn3qwTZlcZgyyzWu9Cs8gJ0CXREaS
|
||||
AJ92QjGLT9DijTcbB+q9OS/nl16Z/IhGBBARAgAGBQJO02JDAAoJEKk3YTmlJMU+
|
||||
P64AnjCKEXFelSVMtgefJk3+vpyt3QX1AKCH9M3MbTWPeDUL+MpULlfdyfvjj7kB
|
||||
DQRO0irvAQgA0LjCc8S6oZzjiap2MjRNhRFA5BYjXZRZBdKF2VP74avt2/RELq8G
|
||||
W0n7JWmKn6vvrXabEGLyfkCngAhTq9tJ/K7LPx/bmlO5+jboO/1inH2BTtLiHjAX
|
||||
vicXZk3oaZt2Sotx5mMI3yzpFQRVqZXsi0LpUTPJEh3oS8IdYRjslQh1A7P5hfCZ
|
||||
wtzwb/hKm8upODe/ITUMuXeWfLuQj/uEU6wMzmfMHb+jlYMWtb+v98aJa2FODeKP
|
||||
mWCXLa7bliXp1SSeBOEfIgEAmjM6QGlDx5sZhr2Ss2xSPRdZ8DqD7oiRVzmstX1Y
|
||||
oxEzC0yXfaefC7SgM0nMnaTvYEOYJ9CH3wARAQABiQEfBBgBAgAJBQJO0irvAhsM
|
||||
AAoJEFIKmZOhwFL4844H/jo8icCcS6eOWvnen7lg0FcCo1fIm4wW3tEmkQdchSHE
|
||||
CJDq7pgTloN65pwB5tBoT47cyYNZA9eTfJVgRc74q5cexKOYrMC3KuAqWbwqXhkV
|
||||
s0nkWxnOIidTHSXvBZfDFA4Idwte94Thrzf8Pn8UESudTiqrWoCBXk2UyVsl03gJ
|
||||
blSJAeJGYPPeo+Yj6m63OWe2+/S2VTgmbPS/RObn0Aeg7yuff0n5+ytEt2KL51gO
|
||||
QE2uIxTCawHr12PsllPkbqPk/PagIttfEJqn9b0CrqPC3HREePb2aMJ/Ctw/76CO
|
||||
wn0mtXeIXLCTvBmznXfaMKllsqbsy2nCJ2P2uJjOntw=
|
||||
=Tavt
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBF4TqFoBEADNbls05thIAYVVKdMDRdtzGk7HXGqx60u/kh4BL9HskUpyYFTp
|
||||
N07RJ1TyyusfD7I3skuGHvtQhqdTwHPDEPL5qrAnHps9XWUQrtU7hflcIKt43iDe
|
||||
TvfVVhN0nPir2++C4qvNnrC/UCisyz00H/I9mobl2qzyKyLT8BnUBVuXDfOTlUCY
|
||||
oF4z5BieOMvg1DZNKFDnK67ZuO4JXgtMlu4Q3tFd7qSWCWGuCuAGgn6eWFYMzCbB
|
||||
rPyBYwb7xyycQzqmJiD7Qm9OeVHmZj5rG5hGM14MyTSUVJle0U+CJCF9lmfVuR/c
|
||||
ySy7WmQgIg327x5Y5xa3pKZAvIAycnDabAk/08p59BG7UdAi2S7+2SicAH89/81V
|
||||
g4BI4mZp+IuxaP+S+ckaRf1CUvRAJuLTqUeBSuOzjag+ibD6rqusuZ1MZqLxnXyu
|
||||
gAztNDcmEFa/pqp5bgWbrlTF6zKt4cQf+a/JqFGatsfSzmrIyIZ6GEqgb8oXDDIt
|
||||
Z1AqsTfp6ZBC1vITE9+b0zBw6qq/nGD0Iq47Vp1VxmlxmnoeR4ir8z/oSukPulLU
|
||||
K3IqkmRNGEilINrtBt5jFbBlx8kwdCYvxEF6ymibBBqvwwv65jrrKheBQm+HrrVS
|
||||
aMQmo4Qzj/h/ZLL9KENHibNwUypJnvwEvw0YkAyjICvoNzDUsM+92+B/ewARAQAB
|
||||
tCFNYXhpbSBLb25vdmFsb3YgPG1heGltQG5naW54LmNvbT6JAlcEEwEKAEECGwMF
|
||||
CwkIBwMFFQoJCAsFFgIDAQACHgECF4ACGQEWIQRB25JxPTv0v/PukQacXn+i9Ul3
|
||||
1AUCXhgw1wUJBagi/QAKCRCcXn+i9Ul31LltD/40KNFPvDaORz35udrm0cyVIgbI
|
||||
lq7Vswfo5JIr8MyJ+VKJFQ2n2JiQT8QbX52Sy5P80ktSAFqcT3vtWB7bI6RfJ8Jx
|
||||
YM/w3XKnNMoUt7Q/cqZK5Ra/csmaCWqP4UVUvUBjHvly0MpnE1kxEDUglrcyVKjt
|
||||
fxB/GXeUpKOELXG44zvW2CP9Mce0FbDxrh8iCai9MK+2oSt1aJV+gONLWscRgsc7
|
||||
6q9/4KUXByt0qxScYPRQRIaxpIA8sCno21owcMOf8aQtun6Ytf+UIovl9DmK2pRm
|
||||
Ifc2JruW1Jx2r7z955ZFNgTA380jEL85dWbgbHF/pYPlwcTCnaAf294kefjrX9DN
|
||||
rejbZZ3Fh2QGs0tWW5+wncVWndq4jLQTeamUdzw5MPpOh+bZoHT+7z1PDGWe+PIn
|
||||
DTbfaFYL7MsXwScMUsexKLOoDO6KKpZjcsw9/b5JsJmP73ZEj02BjRudapObiRxm
|
||||
MtDl8Zmpg7ZUqMHEuUzyEyI5nSWu4njjrWJO0CnsjLpv2UxAbxDn1NGc/DoyxM1l
|
||||
4SQv4AJuSLo1x7PTRb9V9HkWqxXf+yCkNpV9UjmlrH104gWL6sof6rX8Jo6k+Sz+
|
||||
yyQHcVbrJ95Y3hQU7QMMnotzVbL7BRtWMtDYTp7q+gYbZ0s+YRXjaHcA5IuV65tM
|
||||
tEPwGpOCofQ2avkdqIhdBBARCgAdFiEEZVBsAu/CUPG3o9aU7PDpCywXIIMFAl4T
|
||||
qXUACgkQ7PDpCywXIIN5CQCgyNFrUBGlUvH9QlDSE/umzoyXW/UAn0ve2/HzpMVN
|
||||
uPMAAgnHYE2R0eiEtCNNYXhpbSBLb25vdmFsb3YgPG1heGltQEZyZWVCU0Qub3Jn
|
||||
PokCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEHbknE9O/S/
|
||||
8+6RBpxef6L1SXfUBQJeGDDXBQkFqCL9AAoJEJxef6L1SXfUJ/IQALtwaB7mlBUB
|
||||
NdzqQRIZAVSnJZ2w6+Iul7Ax4gKrqWj6SvL/5jEdZm65D0kjxJIHq+dO+lJIMLzp
|
||||
rBkfZ0kkxOPQ1rw/QR31qHLAibknrwIQQVtzFvVg4iW7IZefx6WGbJJC5IbjBUBf
|
||||
HATqbXmMAcLILh9+t4q7Qvwi2b8ZIsC37cktthad7j4kvXqV5BJ4I+PoDT0CcW48
|
||||
wgTfMwhib52pLMu3Ghk56kwHBtYSHUDrA4KWRzRHxQ+RoUXLIdtmMRbp8ztwBMJZ
|
||||
+J/9TLrb3YHUidS3l2nE55l9dJZycCU2EOAhJMbFKbmfW/9we/Sm+vnoALGExepl
|
||||
FgdGz2NTqPA4ha2y2rBC73TSkfM+4amIrr6kSbeofjQL/w5+fhxAvM5oXuzffPK9
|
||||
8IR31d66JUTjeueobguzh9ApeHElmihimRJk0KP+NVAMNCIZmlMuOXHPwnCajcBh
|
||||
Sh9kFGy6tPPPZYQOHSm5KvyjIJDfmkFfJ5ybazkmsGhZMzQs4ZHItC1jf0vYCqsr
|
||||
d3eVEQesy5nDlSC2lWK84R+J+qTL82ZbCc/VZMniCBCC9xIvEOU9gtIH+58vF8dq
|
||||
l/jTmGp2h1/kHlJfn0cnxKJDzn2IG16jqR7VdWQEO5hjEMaZdxhM1jPGRdkM82fB
|
||||
Wwv8BLBpgBstyQlxJ/NNO5+dCtZYWRcviF0EEBEKAB0WIQRlUGwC78JQ8bej1pTs
|
||||
8OkLLBcggwUCXhOpbwAKCRDs8OkLLBcgg/jfAKCO7DIiB2DGBfLCFftmyuZJN2A6
|
||||
ZgCfV/cclX++mLyiyYqr2BXnrQk4NVG5Ag0EXhOoWgEQAOmkirptbymUR2JP9DrP
|
||||
e7aELbUw4bcMx4/nQo1QyKxjDhUdgUui4OiqxmhMjT2IlgFvcYsMeLiYGa/EdBkd
|
||||
Yq4DtEwc++2eybFQA1z6Hrk+sxdd8neN4azUa5sqVvUwenQ7UMPclSQJaE1nVGCZ
|
||||
KKVyNsK36RJrE0JfdmE1zKZFWmTCTZ/D/hTCq+hjMpCV+VWFaz3h4S+XsZiBgLB4
|
||||
+zmyHjyU6E+ecELvAHoXwMbAPiFzzms824Fc1BKHjnc8BBzfUVdIBGhxOVNHDSj3
|
||||
oxPsiBnuvSlQMlGx0YNLw/tTfw+CFOot5o/KIq9svUp8W9mdj6kKaqBLNxpjHbhQ
|
||||
yvVSK7O5uS62emMHkRwgu1tmP98d3bGlXRn+S+2MCuyqdFaK40B6vnkPnXpl5ggE
|
||||
w8JoH11ahNeJ5tX8/JpX/0aQmapt7CKwcgELJap+Qp8i/MFXef7FK/nE0lFIL95o
|
||||
l9uthd/beX6dz/EEw61lC17Opd3y0N+Dy+eJ0wbULdgKrblZ0PxsumLeICGLs7/P
|
||||
O9/3nQHJRjmFaVG10t5bL/77gvQ4l7HcuLS1GGHh+RM6EsFuuiqI+aFcDFyRITli
|
||||
g0QRq4y/C6nqhTWEyYriIi8Dq6JxXisklC1WvSIgPwq1/msmrbiKcJZFPoNtMVtO
|
||||
dzL3naM5IWOa290R541GjkEVABEBAAGJAjwEGAEKACYCGwwWIQRB25JxPTv0v/Pu
|
||||
kQacXn+i9Ul31AUCXhgw/QUJBagjIwAKCRCcXn+i9Ul31MQDEACeO6ZBLEWswuyU
|
||||
RErntoHkY6wIkpfMiERjgfqbNkrdBgXg8dT7kPsXFEtv3ZccjPbsRecJaXdmwGab
|
||||
mp9MUDYG3SiqgFNriJTv2WECzgYKrZQg38JVwfl7OHPaV2fwZvG56a4qKpIZ3wIg
|
||||
4acfEPkHQ2ygpKnEJD4IsEK225PtYq5lmNfntvDhbuTPh2vY8T9w0udGCzp4JS60
|
||||
zLeGGat+52PislEtrSa2B7zSMzGmOqDidaDbEfzdzL+IteZHWDGmYNQ8yICIv6Wj
|
||||
A80k7uhzDWJf5RMQSNybBykrlWSooaVrBWHgDky5ldAQjDtVrMkBpzglH8FQ44i+
|
||||
la9caRDfw0Lfxg52vV4eXtpSHAYx3cFREEW9xpTOwOE7Qg0JyHAkUKNb8DJgyehC
|
||||
BjSeeiMFiZX1plyYFrUAB8dVXi9Z7kqOjTpfYU6kAxDXzQhlqqgYRwoFJQcsQ1Ll
|
||||
jKptAs6glmDx8dJcjUrK/eH24GGg46eGv2wxY4+sItXfLQ2oeU4uh/vORjvgeeNp
|
||||
er4z5KLuKxwgpaobavtRZmZSZdGrdC93Si27dpSRiWYn1csoTxG0zZhUVFFW68I4
|
||||
I5PIdJwblvxayVKdg0aVW/RwDsOLH0twVxwnOPSjLPEB2IwGnlX6rN38cRnibPXM
|
||||
yh4LsaVRdhbFe9aNd/O5iNgDcQtCUg==
|
||||
=/pFc
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.11 (FreeBSD)
|
||||
|
||||
mQENBE5E4vkBCADPkWWzk7W5cXOqeZ1ULNSj8nt5azbYjfQ8OyR2AaDW8J7oazYH
|
||||
reIHKid5uZVJxwr1uLoMloGiYTdy4XYIF2WcOfDnjNGumrAT0Nd4Kdax/pHr5Pdp
|
||||
jFsO4BkHyWk/5/zDCijyoGYLBR6I8hqn+WDuLG/sTtVuTWkUeOlfxb2eZdLyZ3oP
|
||||
5T5FXtWTpKvr2y7RGshmS6EJnjiVvvErdbNItFXghqvBBaFOJaS2PRBEO9RfKpti
|
||||
i+eS/cmlrm+Tjv44EPfQyLtAmCQ8uqfL50uIKEp6/dsC/OVJ6JlJOYl4j90DX7vB
|
||||
TJaOyUm4s+BLF2BK+Ow8+s+B6jQ5noa/o16NABEBAAG0IFNlcmdleSBCdWRuZXZp
|
||||
dGNoIDxzYkBuZ2lueC5jb20+iQE+BBMBAgAoBQJOROQ6AhsDBQkJZgGABgsJCAcD
|
||||
AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCmT9Wxets5qEQgB/43Mxmiy7DjXEbxIYkC
|
||||
9xPC4kf1X+bHkJ9BtAgaYDQewjtQ7vS98TKJBibm3l4egmBjFWjCpL8845n966+u
|
||||
XDqrDWJtOPUXvSEQNXGlijDGSxxpdK2dxDOKIOC8nIlZq/Xz/Uqjb2ZrszmYK2LD
|
||||
IHI1mN9HdI6aTt41QbtG0nkaPPgv3MEvxSMVCzVddroyPXvf/ErT4OSYU+dqJhH+
|
||||
SBIezuF0suzH/siCksbSBZHIst5rggpjsZvijP5YFH/hpEsR+tKXo9EFk49xn9Ou
|
||||
WdmpOEs7CKDbTApkh9XN/Pk5nJQ/HIDuW8pkgzf2wxNWlMSYw6xnozDkeIqpJcDD
|
||||
4niqiEYEEBECAAYFAk5OYocACgkQ7PDpCywXIIMKtQCfaAl2rvbEImu6MnDR32KG
|
||||
HTDH2TEAoNeWrSlavyFzbSQka53E9Gs6gF63tCBTZXJnZXkgQnVkbmV2aXRjaCA8
|
||||
c2JAd2FlbWUubmV0PokBQQQTAQIAKwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYC
|
||||
AwECHgECF4AFAk5OR38CGQEACgkQpk/VsXrbOagPmAf/QmIEDkkiovc1MgQ81lh4
|
||||
eeHfvtptb+U4GVCu07DQUR9kEtN6Jqi65gKb95fEztI14PpX+euiWrc/RlnsxWc0
|
||||
jYF0UmyacWLN6oHPoxlCK5+7zyoz5UTNrYGkTfWfcNtTU509CEZRClBNjMZOTZjP
|
||||
QhdR+Ce6tngRcQvMGNaLjJkKuY7vPh6FjT5oqxpnEIRTsWq6bUaeCXm7j9x0as1Z
|
||||
w1E5D5it3Ug3VlAe58jFJmRgatOsWznKuNoLRjQ2Chp2ce+dLgXriuJMrvEsn5S4
|
||||
dImUGL5DVYWDVZNG+r85XnOhMfKG308pZby1uzFvD+j3P6yMj1tpaCAAi5lUkHh6
|
||||
bIhGBBARAgAGBQJOTmJ/AAoJEOzw6QssFyCDH50AoMyJPvPDTYXK5KHOlPYPZQ5M
|
||||
OuCAAJ9zQ/3hKedm3xCLGl4Y6hjxJNlUTbkBDQROROL5AQgAuGIfx9aVOOXVdj8b
|
||||
XvjBQt+UkBURYGACHFQ69w71Aupsg9pZ7FgwgVKxnoNlmRag8sInjQbs3M/lS0sB
|
||||
dg75zZ7Ph7aPev8RAqdtX5+xxvujv1cmkFBExFuC5Wp/Yfzk/lPWZR4vXZrTpRiF
|
||||
PLMlRu0CEJFqoqPPygGFar02Q7rO+da35pxAuYrOWGM7MNr8H/vk13+GiqniBQCa
|
||||
uSoWwZQzaEdG5VGgm/vAwPzO+Cbam3r+Hs7OieykAy8fv+B+qhHn8Vc/520iGvdO
|
||||
IAKpxl6oZrkbNL/wozOOLZni7iWl30C43ujxPiGRlg/YotHmhlnMic85QKyakXCS
|
||||
WXI/JQARAQABiQElBBgBAgAPBQJOROL5AhsMBQkJZgGAAAoJEKZP1bF62zmoGCwH
|
||||
/2a6zlu4Jwmv21vuroaAzECV8gp1luBeagn23EgMMukYhkbwLtL/0twAHmZlkpzl
|
||||
atfq/EH2PgOasl2biJixqp7o9V7Uw6PS5JoY+1IrLEurG+FU2TN/Ysp12al4Z0Hh
|
||||
p4yBRSEikISO9gkeUThixDPX1PjCpx8G/ZYqk+8jRCcDgWsUc/WV3VGPht68oDd7
|
||||
56/hfQYc/V3eJmm5WYLVGV7Q69tGtp6D09SpoeqCD2K77auEBRVJ4jaT4B2/EfSb
|
||||
x6y7Dy4Oxm8TBOQ2EZw2vEixKxtEt86/oBtLUkqVockPq/Ek9AL+KzT6VR1xU+Cm
|
||||
CoHAyoqJeb/xLBwuKWg0/4U=
|
||||
=iFlP
|
||||
-----END PGP PUBLIC KEY BLOCK-----"
|
||||
echo "$keys"
|
||||
}
|
||||
|
||||
# Variables
|
||||
NTASK=$(nproc)
|
||||
|
||||
# Check if we are root
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "[!] Run me as root"
|
||||
|
@ -65,15 +296,61 @@ if [ "$OS" = "" ] ; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# Remove /tmp/bunkerized-nginx
|
||||
# Create /tmp/bunkerized-nginx
|
||||
echo "[*] Prepare /tmp/bunkerized-nginx"
|
||||
if [ -e "/tmp/bunkerized-nginx" ] ; then
|
||||
do_and_check_cmd rm -rf /tmp/bunkerized-nginx
|
||||
fi
|
||||
do_and_check_cmd mkdir /tmp/bunkerized-nginx
|
||||
|
||||
# Check /opt/bunkerized-nginx
|
||||
if [ ! -d "/opt/bunkerized-nginx" ] ; then
|
||||
echo "[!] Missing /opt/bunkerized-nginx directory, did you run the dependencies script ?"
|
||||
exit 1
|
||||
# Create /opt/bunkerized-nginx
|
||||
echo "[*] Prepare /opt/bunkerized-nginx"
|
||||
if [ -e "/opt/bunkerized-nginx" ] ; then
|
||||
do_and_check_cmd rm -rf /opt/bunkerized-nginx
|
||||
fi
|
||||
do_and_check_cmd mkdir /opt/bunkerized-nginx
|
||||
|
||||
# Check nginx version
|
||||
NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
|
||||
# Add nginx official repo and install
|
||||
if [ "$NGINX_VERSION" = "" ] ; then
|
||||
get_sign_repo_key > /tmp/bunkerized-nginx/nginx_signing.key
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
echo "[*] Add nginx official repository"
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
|
||||
do_and_check_cmd apt update
|
||||
DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y gnupg2 ca-certificates lsb-release software-properties-common
|
||||
do_and_check_cmd add-apt-repository "deb http://nginx.org/packages/${OS} $(lsb_release -cs) nginx"
|
||||
do_and_check_cmd apt update
|
||||
echo "[*] Install nginx"
|
||||
DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y nginx
|
||||
elif [ "$OS" = "centos" ] ; then
|
||||
echo "[*] Add nginx official repository"
|
||||
do_and_check_cmd yum install -y yum-utils
|
||||
cp /tmp/bunkerized-nginx/nginx_signing.key /etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
|
||||
do_and_check_cmd rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
|
||||
repo="[nginx-stable]
|
||||
name=nginx stable repo
|
||||
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
|
||||
gpgcheck=1
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
|
||||
enabled=1
|
||||
module_hotfixes=true"
|
||||
echo "$repo" > /etc/yum.repos.d/nginx.repo
|
||||
echo "[*] Install nginx"
|
||||
do_and_check_cmd yum install -y nginx
|
||||
elif [ "$OS" = "alpine" ] ; then
|
||||
echo "[*] Add nginx official repository"
|
||||
get_sign_repo_key_rsa > /etc/apk/keys/nginx_signing.rsa.pub
|
||||
echo "@nginx http://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories
|
||||
echo "[*] Install nginx"
|
||||
do_and_check_cmd apk add nginx@nginx
|
||||
fi
|
||||
NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
|
||||
fi
|
||||
echo "[*] Detected nginx version ${NGINX_VERSION}"
|
||||
if [ "$NGINX_VERSION" != "1.20.1" ] ; then
|
||||
echo "/!\\ Warning : we recommend you to use nginx v1.20.1, you should uninstall your nginx version and run this script again ! /!\\"
|
||||
fi
|
||||
|
||||
# Install dependencies
|
||||
|
@ -81,7 +358,236 @@ echo "[*] Update packet list"
|
|||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
do_and_check_cmd apt update
|
||||
fi
|
||||
echo "[*] Install dependencies"
|
||||
echo "[*] Install compilation dependencies"
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
DEBIAN_DEPS="git autoconf pkg-config libpcre++-dev automake libtool g++ make liblua5.1-0-dev libgd-dev lua5.1 libssl-dev wget libbrotli-dev gnupg"
|
||||
DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y $DEBIAN_DEPS
|
||||
do_and_check_cmd cp -r /usr/include/lua5.1/* /usr/include
|
||||
elif [ "$OS" = "centos" ] ; then
|
||||
do_and_check_cmd yum install -y epel-release
|
||||
CENTOS_DEPS="git autoconf pkg-config pcre-devel automake libtool gcc-c++ make lua-devel gd-devel lua openssl-devel wget brotli-devel gnupg"
|
||||
do_and_check_cmd yum install -y $CENTOS_DEPS
|
||||
elif [ "$OS" = "alpine" ] ; then
|
||||
ALPINE_DEPS="git build autoconf libtool automake git geoip-dev yajl-dev g++ gcc curl-dev libxml2-dev pcre-dev make linux-headers musl-dev lua-dev gd-dev gnupg brotli-dev openssl-dev"
|
||||
do_and_check_cmd apk add --no-cache --virtual build $ALPINE_DEPS
|
||||
fi
|
||||
|
||||
# Download, compile and install libmaxminddb
|
||||
echo "[*] Download maxmind/libmaxminddb"
|
||||
secure_download "https://github.com/maxmind/libmaxminddb/releases/download/1.6.0/libmaxminddb-1.6.0.tar.gz" "libmaxminddb-1.6.0.tar.gz" "9394e8dd959982d4ef5d15a928d32700722ed9d6c9988d9cc1bf2f4e67de0a53cc6987e90aaef3a6926c9ff36ac378f7a1fe47818fda4f5a3a22539210b2d004"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xzf libmaxminddb-1.6.0.tar.gz
|
||||
echo "[*] Compile and install libmaxminddb"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd ./configure
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd make install
|
||||
if [ "$OS" = "centos" ] ; then
|
||||
do_and_check_cmd cp -P /usr/local/lib/libmaxminddb* /lib64/
|
||||
fi
|
||||
|
||||
# Download, compile and install ModSecurity
|
||||
echo "[*] Clone SpiderLabs/ModSecurity"
|
||||
git_secure_clone https://github.com/SpiderLabs/ModSecurity.git bf881a4eda343d37629e39ede5e28b70dc4067c0
|
||||
echo "[*] Compile and install ModSecurity"
|
||||
# temp fix : Debian run it twice
|
||||
cd /tmp/bunkerized-nginx/ModSecurity && ./build.sh > /dev/null 2>&1
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd sh build.sh
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule init
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule update
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout bindings/python 47a6925df187f96e4593afab18dc92d5f22bd4d5
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout others/libinjection bf234eb2f385b969c4f803b35fda53cffdd93922
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout test/test-cases/secrules-language-tests d03f4c1e930440df46c1faa37d820a919704d9da
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd ./configure --disable-doxygen-doc --disable-dependency-tracking --disable-examples
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make install-strip
|
||||
|
||||
# Download and install OWASP Core Rule Set
|
||||
echo "[*] Clone coreruleset/coreruleset"
|
||||
git_secure_clone https://github.com/coreruleset/coreruleset.git 18703f1bc47e9c4ec4096853d5fb4e2a204a07a2
|
||||
echo "[*] Install coreruleset"
|
||||
do_and_check_cmd mkdir /opt/bunkerized-nginx/crs
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules/* /opt/bunkerized-nginx/crs
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs-setup.conf
|
||||
|
||||
# Download ModSecurity-nginx module
|
||||
echo "[*] Clone SpiderLabs/ModSecurity-nginx"
|
||||
git_secure_clone https://github.com/SpiderLabs/ModSecurity-nginx.git 2497e6ac654d0b117b9534aa735b757c6b11c84f
|
||||
|
||||
# Download headers more module
|
||||
echo "[*] Clone openresty/headers-more-nginx-module"
|
||||
git_secure_clone https://github.com/openresty/headers-more-nginx-module.git f85af9649b858e21b400a2150a4c7b8ebd36e921
|
||||
|
||||
# Download GeoIP moduke
|
||||
echo "[*] Clone leev/ngx_http_geoip2_module"
|
||||
git_secure_clone https://github.com/leev/ngx_http_geoip2_module.git 1cabd8a1f68ea3998f94e9f3504431970f848fbf
|
||||
|
||||
# Download cookie flag module
|
||||
echo "[*] Clone AirisX/nginx_cookie_flag_module"
|
||||
git_secure_clone https://github.com/AirisX/nginx_cookie_flag_module.git c4ff449318474fbbb4ba5f40cb67ccd54dc595d4
|
||||
|
||||
# Download brotli module
|
||||
echo "[*] Clone google/ngx_brotli"
|
||||
git_secure_clone https://github.com/google/ngx_brotli.git 9aec15e2aa6feea2113119ba06460af70ab3ea62
|
||||
|
||||
# Download lua-nginx module
|
||||
git_secure_clone https://github.com/openresty/lua-nginx-module.git 9007d673e28938f5dfa7720438991e22b794d225
|
||||
|
||||
# Download, compile and install luajit2
|
||||
echo "[*] Clone openresty/luajit2"
|
||||
git_secure_clone https://github.com/openresty/luajit2.git 5ff674c5d9b75d6018994dfac3ce38aab3b8db12
|
||||
echo "[*] Compile luajit2"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make -j $NTASK
|
||||
echo "[*] Install luajit2"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make install
|
||||
if [ "$OS" = "centos" ] ; then
|
||||
do_and_check_cmd cp -P /usr/local/lib/libluajit* /lib64/
|
||||
fi
|
||||
|
||||
# Download and install lua-resty-core
|
||||
echo "[*] Clone openresty/lua-resty-core"
|
||||
git_secure_clone https://github.com/openresty/lua-resty-core.git 12f26310a35e45c37157420f7e1f395a0e36e457
|
||||
echo "[*] Install lua-resty-core"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-core" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-lrucache
|
||||
echo "[*] Clone openresty/lua-resty-lrucache"
|
||||
git_secure_clone https://github.com/openresty/lua-resty-lrucache.git f20bb8ac9489ba87d90d78f929552c2eab153caa
|
||||
echo "[*] Install lua-resty-lrucache"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-lrucache" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-dns
|
||||
echo "[*] Clone openresty/lua-resty-dns"
|
||||
git_secure_clone https://github.com/openresty/lua-resty-dns.git 869d2fbb009b6ada93a5a10cb93acd1cc12bd53f
|
||||
echo "[*] Install lua-resty-dns"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-dns" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-session
|
||||
echo "[*] Clone bungle/lua-resty-session"
|
||||
git_secure_clone https://github.com/bungle/lua-resty-session.git 2cd1f8484fdd429505ac33abf7a44adda1f367bf
|
||||
echo "[*] Install lua-resty-session"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-resty-session/lib/resty/* /usr/local/lib/lua/resty
|
||||
|
||||
# Download and install lua-resty-random
|
||||
echo "[*] Clone bungle/lua-resty-random"
|
||||
git_secure_clone https://github.com/bungle/lua-resty-random.git 17b604f7f7dd217557ca548fc1a9a0d373386480
|
||||
echo "[*] Install lua-resty-random"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-random" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-string
|
||||
echo "[*] Clone openresty/lua-resty-string"
|
||||
git_secure_clone https://github.com/openresty/lua-resty-string.git 3624678ca1c7c32e2fb16c18b7511863e074d542
|
||||
echo "[*] Install lua-resty-string"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-string" do_and_check_cmd make install
|
||||
|
||||
# Download, compile and install lua-cjson
|
||||
echo "[*] Clone openresty/lua-cjson"
|
||||
git_secure_clone https://github.com/openresty/lua-cjson.git 0df488874f52a881d14b5876babaa780bb6200ee
|
||||
echo "[*] Compile lua-cjson"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make -j $NTASK
|
||||
echo "[*] Install lua-cjson"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install-extra
|
||||
|
||||
# Download, compile and install lua-gd
|
||||
echo "[*] Clone ittner/lua-gd"
|
||||
git_secure_clone https://github.com/ittner/lua-gd.git 2ce8e478a8591afd71e607506bc8c64b161bbd30
|
||||
echo "[*] Compile lua-gd"
|
||||
if [ "$OS" = "centos" ] ; then
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make LUAPKG=lua LUABIN=lua -j $NTASK
|
||||
else
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make -j $NTASK
|
||||
fi
|
||||
echo "[*] Install lua-gd"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make INSTALL_PATH=/usr/local/lib/lua/5.1 install
|
||||
|
||||
# Download and install lua-resty-http
|
||||
echo "[*] Clone ledgetech/lua-resty-http"
|
||||
git_secure_clone https://github.com/ledgetech/lua-resty-http.git 9bf951dfe162dd9710a0e1f4525738d4902e9d20
|
||||
echo "[*] Install lua-resty-http"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-http" do_and_check_cmd make install
|
||||
|
||||
# Download and install lualogging
|
||||
echo "[*] Clone Neopallium/lualogging"
|
||||
git_secure_clone https://github.com/lunarmodules/lualogging.git 5973188a1f8fc31abd98aceed2a4853986d779e9
|
||||
echo "[*] Install lualogging"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lualogging/src/* /usr/local/lib/lua
|
||||
|
||||
# Download, compile and install luasocket
|
||||
echo "[*] Clone diegonehab/luasocket"
|
||||
git_secure_clone https://github.com/diegonehab/luasocket.git 5b18e475f38fcf28429b1cc4b17baee3b9793a62
|
||||
echo "[*] Compile luasocket"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make -j $NTASK
|
||||
echo "[*] Install luasocket"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make CDIR_linux=lib/lua/5.1 LDIR_linux=lib/lua install
|
||||
|
||||
# Download, compile and install luasec
|
||||
echo "[*] Clone brunoos/luasec"
|
||||
git_secure_clone https://github.com/brunoos/luasec.git d5df31561751ec0d4098dfc09c92ece215a56a5a
|
||||
echo "[*] Compile luasec"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make linux -j $NTASK
|
||||
echo "[*] Install luasec"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make LUACPATH=/usr/local/lib/lua/5.1 LUAPATH=/usr/local/lib/lua install
|
||||
|
||||
# Download and install lua-cs-bouncer
|
||||
echo "[*] Clone crowdsecurity/lua-cs-bouncer"
|
||||
git_secure_clone https://github.com/crowdsecurity/lua-cs-bouncer.git 3c235c813fc453dcf51a391bc9e9a36ca77958b0
|
||||
echo "[*] Install lua-cs-bouncer"
|
||||
if [ ! -d /usr/local/lib/lua/crowdsec ] ; then
|
||||
do_and_check_cmd mkdir /usr/local/lib/lua/crowdsec
|
||||
fi
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-cs-bouncer/lib/* /usr/local/lib/lua/crowdsec
|
||||
do_and_check_cmd sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
|
||||
do_and_check_cmd sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
|
||||
|
||||
# Download and install lua-resty-iputils
|
||||
echo "[*] Clone hamishforbes/lua-resty-iputils"
|
||||
git_secure_clone https://github.com/hamishforbes/lua-resty-iputils.git 3151d6485e830421266eee5c0f386c32c835dba4
|
||||
echo "[*] Install lua-resty-iputils"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-iputils" do_and_check_cmd make LUA_LIB_DIR=/usr/local/lib/lua install
|
||||
|
||||
# Download nginx and decompress sources
|
||||
echo "[*] Download nginx-${NGINX_VERSION}.tar.gz"
|
||||
do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"
|
||||
do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz.asc" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz.asc"
|
||||
get_sign_source_keys > /tmp/bunkerized-nginx/nginx.key
|
||||
do_and_check_cmd gpg --import /tmp/bunkerized-nginx/nginx.key
|
||||
check=$(gpg --verify /tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz.asc /tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz 2>&1 | grep "^gpg: Good signature from ")
|
||||
if [ "$check" = "" ] ; then
|
||||
echo "[!] Wrong signature from nginx source !!!"
|
||||
cleanup
|
||||
exit 1
|
||||
fi
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERSION}.tar.gz
|
||||
|
||||
# Compile dynamic modules
|
||||
echo "[*] Compile dynamic modules"
|
||||
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
|
||||
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
|
||||
echo "\#/bin/sh" > "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli" >> "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
do_and_check_cmd chmod +x "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure-fix.sh
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
|
||||
if [ ! -d "/usr/lib/nginx/modules" ] ; then
|
||||
do_and_check_cmd mkdir -p /usr/lib/nginx/modules
|
||||
fi
|
||||
do_and_check_cmd chown -R root:root /usr/lib/nginx
|
||||
do_and_check_cmd chmod -R 755 /usr/lib/nginx
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib/nginx/modules
|
||||
do_and_check_cmd chmod 744 /usr/lib/nginx/modules/*
|
||||
|
||||
# Remove alpine build dependencies
|
||||
if [ "$OS" = "alpine" ] ; then
|
||||
apk del build > /dev/null 2>&1
|
||||
fi
|
||||
cleanup
|
||||
echo "[*] Dependencies for bunkerized-nginx successfully installed !"
|
||||
|
||||
# Install dependencies
|
||||
echo "[*] Update packet list"
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
do_and_check_cmd apt update
|
||||
fi
|
||||
echo "[*] Install runtime dependencies"
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
DEBIAN_DEPS="git cron curl python3 python3-pip procps"
|
||||
DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y $DEBIAN_DEPS
|
||||
|
@ -89,10 +595,10 @@ elif [ "$OS" = "centos" ] ; then
|
|||
do_and_check_cmd yum install -y epel-release
|
||||
CENTOS_DEPS="git crontabs curl python3 python3-pip procps"
|
||||
do_and_check_cmd yum install -y $CENTOS_DEPS
|
||||
elif [ "$OS" = "alpine" ] ; then
|
||||
ALPINE_DEPS="certbot bash libmaxminddb libgcc lua yajl libstdc++ openssl py3-pip"
|
||||
do_and_check_cmd apk add --no-cache $ALPINE_DEPS
|
||||
fi
|
||||
do_and_check_cmd pip3 install --upgrade pip
|
||||
do_and_check_cmd pip3 install jinja2 certbot docker requests flask gunicorn
|
||||
do_and_check_cmd pip3 install cryptography --upgrade
|
||||
|
||||
# Clone the repo
|
||||
echo "[*] Clone bunkerity/bunkerized-nginx"
|
||||
|
@ -101,6 +607,15 @@ echo "[*] Clone bunkerity/bunkerized-nginx"
|
|||
CHANGE_DIR="/tmp" do_and_check_cmd git clone https://github.com/bunkerity/bunkerized-nginx.git
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd git checkout dev
|
||||
|
||||
# Install Python dependencies
|
||||
echo "[*] Install python dependencies"
|
||||
do_and_check_cmd pip3 install --upgrade pip
|
||||
do_and_check_cmd pip3 install -r /tmp/bunkerized-nginx/gen/requirements.txt
|
||||
if [ "$OS" != "alpine" ] ; then
|
||||
do_and_check_cmd pip3 install -r /tmp/bunkerized-nginx/ui/requirements.txt
|
||||
fi
|
||||
do_and_check_cmd pip3 install cryptography --upgrade
|
||||
|
||||
# Copy generator
|
||||
echo "[*] Copy generator"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/gen /opt/bunkerized-nginx
|
||||
|
@ -134,9 +649,11 @@ echo "[*] Copy settings"
|
|||
do_and_check_cmd cp /tmp/bunkerized-nginx/settings.json /opt/bunkerized-nginx
|
||||
|
||||
# Copy UI
|
||||
echo "[*] Copy UI"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/ui /opt/bunkerized-nginx
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/ui/bunkerized-nginx-ui.service /etc/systemd/system
|
||||
if [ "$OS" != "alpine" ] ; then
|
||||
echo "[*] Copy UI"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/ui /opt/bunkerized-nginx
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/ui/bunkerized-nginx-ui.service /etc/systemd/system
|
||||
fi
|
||||
|
||||
# Copy bunkerized-nginx
|
||||
echo "[*] Copy bunkerized-nginx"
|
||||
|
@ -222,8 +739,10 @@ do_and_check_cmd chown -R nginx:nginx /etc/nginx
|
|||
do_and_check_cmd find /etc/nginx -type f -exec chmod 0774 {} \;
|
||||
do_and_check_cmd find /etc/nginx -type d -exec chmod 0775 {} \;
|
||||
# Set permissions for /etc/systemd/system/bunkerized-nginx-ui.service
|
||||
do_and_check_cmd chown root:root /etc/systemd/system/bunkerized-nginx-ui.service
|
||||
do_and_check_cmd chmod 744 /etc/systemd/system/bunkerized-nginx-ui.service
|
||||
if [ "$OS" != "alpine" ] ; then
|
||||
do_and_check_cmd chown root:root /etc/systemd/system/bunkerized-nginx-ui.service
|
||||
do_and_check_cmd chmod 744 /etc/systemd/system/bunkerized-nginx-ui.service
|
||||
fi
|
||||
|
||||
# Prepare log files and folders
|
||||
echo "[*] Prepare log files and folders"
|
||||
|
@ -269,10 +788,15 @@ do_and_check_cmd chmod 770 /var/lib/letsencrypt
|
|||
# Install cron
|
||||
echo "[*] Add jobs to crontab"
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/misc/cron /var/spool/cron/crontabs/nginx
|
||||
CRON_PATH="/var/spool/cron/crontabs/nginx"
|
||||
elif [ "$OS" = "centos" ] ; then
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/misc/cron /var/spool/cron/nginx
|
||||
CRON_PATH="/var/spool/cron/nginx"
|
||||
elif [ "$OS" = "alpine" ] ; then
|
||||
CRON_PATH="/etc/crontabs/nginx"
|
||||
fi
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/misc/cron "$CRON_PATH"
|
||||
do_and_check_cmd chown root:nginx "$CRON_PATH"
|
||||
do_and_check_cmd chmod 740 "$CRON_PATH"
|
||||
|
||||
# Download abusers list
|
||||
echo "[*] Download abusers list"
|
||||
|
@ -295,10 +819,10 @@ echo "[*] Download user agents list"
|
|||
do_and_check_cmd /opt/bunkerized-nginx/scripts/user-agents.sh
|
||||
|
||||
# Download geoip database
|
||||
echo "[*] Download proxies list"
|
||||
echo "[*] Download geoip DB"
|
||||
do_and_check_cmd /opt/bunkerized-nginx/scripts/geoip.sh
|
||||
|
||||
# We're done
|
||||
echo "[*] Remove temp files"
|
||||
do_and_check_cmd rm -rf /tmp/bunkerized-nginx
|
||||
echo "[*] bunkerized-nginx successfully installed !"
|
||||
echo "[*] bunkerized-nginx successfully installed !"
|
||||
|
|
77
prepare.sh
77
prepare.sh
|
@ -1,77 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# prepare /www
|
||||
mkdir /www
|
||||
chown -R root:nginx /www
|
||||
chmod -R 770 /www
|
||||
|
||||
# prepare /opt
|
||||
chown -R root:nginx /opt
|
||||
find /opt -type f -exec chmod 0740 {} \;
|
||||
find /opt -type d -exec chmod 0750 {} \;
|
||||
chmod ugo+x /opt/bunkerized-nginx/entrypoint/* /opt/bunkerized-nginx/scripts/*
|
||||
chmod ugo+x /opt/bunkerized-nginx/gen/main.py
|
||||
chmod 770 /opt/bunkerized-nginx
|
||||
chmod 440 /opt/bunkerized-nginx/settings.json
|
||||
|
||||
# prepare /etc/nginx
|
||||
chown -R root:nginx /etc/nginx
|
||||
chmod -R 770 /etc/nginx
|
||||
|
||||
# prepare /var/log
|
||||
rm -f /var/log/nginx/*
|
||||
chown root:nginx /var/log/nginx
|
||||
chmod -R 770 /var/log/nginx
|
||||
ln -s /proc/1/fd/2 /var/log/nginx/error.log
|
||||
ln -s /proc/1/fd/2 /var/log/nginx/modsec_audit.log
|
||||
ln -s /proc/1/fd/1 /var/log/nginx/access.log
|
||||
ln -s /proc/1/fd/1 /var/log/nginx/jobs.log
|
||||
mkdir /var/log/letsencrypt
|
||||
chown nginx:nginx /var/log/letsencrypt
|
||||
chmod 770 /var/log/letsencrypt
|
||||
|
||||
# prepare /acme-challenge
|
||||
mkdir /acme-challenge
|
||||
chown root:nginx /acme-challenge
|
||||
chmod 770 /acme-challenge
|
||||
|
||||
# prepare /etc/letsencrypt
|
||||
mkdir /etc/letsencrypt
|
||||
chown root:nginx /etc/letsencrypt
|
||||
chmod 770 /etc/letsencrypt
|
||||
|
||||
# prepare /var/lib/letsencrypt
|
||||
mkdir /var/lib/letsencrypt
|
||||
chown root:nginx /var/lib/letsencrypt
|
||||
chmod 770 /var/lib/letsencrypt
|
||||
|
||||
# prepare /usr/local/lib/lua
|
||||
chown -R root:nginx /usr/local/lib/lua
|
||||
chmod 770 /usr/local/lib/lua
|
||||
find /usr/local/lib/lua -type f -name "*.lua" -exec chmod 0760 {} \;
|
||||
find /usr/local/lib/lua -type d -exec chmod 0770 {} \;
|
||||
|
||||
# prepare /cache
|
||||
mkdir /cache
|
||||
chown root:nginx /cache
|
||||
chmod 770 /cache
|
||||
|
||||
# prepare /etc/crontabs/nginx
|
||||
chown root:nginx /etc/crontabs/nginx
|
||||
chmod 440 /etc/crontabs/nginx
|
||||
|
||||
# prepare /plugins
|
||||
mkdir /plugins
|
||||
chown root:nginx /plugins
|
||||
chmod 770 /plugins
|
||||
|
||||
# prepare symlinks
|
||||
ln -s /www /opt/bunkerized-nginx/www
|
||||
ln -s /http-confs /opt/bunkerized-nginx/http-confs
|
||||
ln -s /server-confs /opt/bunkerized-nginx/server-confs
|
||||
ln -s /modsec-confs /opt/bunkerized-nginx/modsec-confs
|
||||
ln -s /modsec-crs-confs /opt/bunkerized-nginx/modsec-crs-confs
|
||||
ln -s /cache /opt/bunkerized-nginx/cache
|
||||
ln -s /pre-server-confs /opt/bunkerized-nginx/pre-server-confs
|
||||
ln -s /acme-challenge /opt/bunkerized-nginx/acme-challenge
|
||||
ln -s /plugins /opt/bunkerized-nginx/plugins
|
|
@ -14,22 +14,6 @@ if [ $? -ne 0 ] ; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
echo "[*] Copy dependencies.sh"
|
||||
docker cp helpers/dependencies.sh "$id:/tmp"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker cp failed"
|
||||
cleanup "$id"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
echo "[*] Exec dependencies.sh"
|
||||
docker exec "$id" /bin/bash -c 'chmod +x /tmp/dependencies.sh && /tmp/dependencies.sh'
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker exec failed"
|
||||
cleanup "$id"
|
||||
exit 3
|
||||
fi
|
||||
|
||||
echo "[*] Copy install.sh"
|
||||
docker cp helpers/install.sh "$id:/tmp"
|
||||
if [ $? -ne 0 ] ; then
|
||||
|
|
Loading…
Reference in New Issue