Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in / Register
Toggle navigation
0
03-NGINXSEC
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Sacha Cochin
03-NGINXSEC
Commits
a18bca65
Commit
a18bca65
authored
Jul 25, 2018
by
fiorani
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- commit from makefile
parent
fd8f82d8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
30 additions
and
79 deletions
+30
-79
ModSecurity
ModSecurity
+1
-0
01-check_prerequisites.sh
code/01-check_prerequisites.sh
+13
-12
02-data_download.sh
code/02-data_download.sh
+1
-0
04-configuration.sh
code/04-configuration.sh
+9
-0
99-clean.sh
code/99-clean.sh
+1
-5
nginx_signing.key
config/nginx_signing.key
+0
-28
makefile
makefile
+5
-6
nginx_signing.key
nginx_signing.key
+0
-28
No files found.
ModSecurity
@
eed6b5f8
Subproject commit eed6b5f86d00ce7d6bf5e14d6f03647bafd6251d
code/01-check_prerequisites.sh
View file @
a18bca65
...
...
@@ -5,27 +5,28 @@ distro=$2
codename
=
$3
repofile
=
$4
echo
"deb http://nginx.org/packages/mainline/
$distro
/
$codename
nginx"
>>
$repofile
echo
"deb-src http://nginx.org/packages/mainline/
$distro
/
$codename
nginx"
>>
$repofile
# Configure the necessary repositories
wget http://nginx.org/keys/nginx_signing.key
sudo
apt-key add ./nginx_signing.key
echo
"deb http://nginx.org/packages/mainline/
$distro
/
$codename
nginx"
>
$repofile
echo
"deb-src http://nginx.org/packages/mainline/
$distro
/
$codename
nginx"
>
$repofile
# On RHEL/CentOS:
# sudo rpm --import
nginx_signing.key
wget http://nginx.org/keys/nginx_signing.key
apt-key add ./
nginx_signing.key
sudo
apt update
-y
sudo
apt upgrade
-y
# Update the server
#sudo apt install -y nginx
apt update
-y
apt upgrade
-y
sudo
apt
install
-y
apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev libssl-dev build-essential devscripts debhelper
# Install required libraries
sudo
apt update
-y
sudo
apt upgrade
-y
apt
install
-y
apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev libssl-dev build-essential devscripts debhelper
# Create temp directories
mkdir
-p
/tmp/nginx_sec_
$timestamp
/
# Remove nginx signing key
rm
nginx_signing.key
exit
code/02-data_download.sh
View file @
a18bca65
...
...
@@ -8,6 +8,7 @@ base_path=$3
cd
$base_path
git clone
--depth
1
-b
v3/master
--single-branch
https://github.com/SpiderLabs/ModSecurity
cd
ModSecurity
git submodule init
git submodule update
...
...
code/04-configuration.sh
View file @
a18bca65
...
...
@@ -5,6 +5,10 @@ inst_path=$3
base_path
=
$4
work_path
=
$(
pwd
)
#backup initial configuration if any
cp
-fr
/etc/nginx/ /tmp/nginx_backup_
$timestamp
rm
-f
/etc/nginx/
*
default
*
cp
$base_path
/nginx-
$nginx_version
/objs/ngx_http_modsecurity_module.so /etc/nginx/modules
mv
/etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
...
...
@@ -14,4 +18,9 @@ unzip $base_path/master.zip -d $inst_path/modsec/rules
cp
$work_path
/config/nginx.conf /etc/nginx/nginx.conf
cp
$work_path
/config/modsecurity.conf /etc/nginx/modsec/modsecurity.conf
# Restore from original configuration
cp
/tmp/nginx_backup_
$timestamp
/sites-available /etc/nginx/sites-available
cp
/tmp/nginx_backup_
$timestamp
/sites-enabled /etc/nginx/sites-enabled
cp
/tmp/nginx_backup_
$timestamp
/nginx.conf /etc/nginx/nginx.conf.old
exit
code/99-clean.sh
View file @
a18bca65
#!/bin/bash
timestamp
=
$(
date
+%Y-%m-%d
)
#remove nginx repo signing key
rm
-f
./nginx_signing.key
*
#remove last 2 rows of /etc/apt/sources.list
sed
-i
'/nginx/d'
/etc/apt/sources.list
#remove installed nginx
apt
-y
remove nginx
#remove temp directories of compilationi
rm
-fr
/tmp/nginx_sec_
$timestamp
/
...
...
config/nginx_signing.key
deleted
100644 → 0
View file @
fd8f82d8
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol
kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr
KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG
F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN
1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD
oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi
MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
Va3l3WuB+rgKjsQ=
=EWWI
-----END PGP PUBLIC KEY BLOCK-----
makefile
View file @
a18bca65
BASEPATH
=
./code
#TIMESTAMP = $(shell date +%Y-%m-%d-%H-%M-%S)
TARGET_prereq
=
01-check_prerequisites.sh
TARGET_download
=
02-data_download.sh
TARGET_compile
=
03-compile.sh
...
...
@@ -9,11 +7,12 @@ TARGET_configure= 04-configuration.sh
TARGET_clean
=
99-clean.sh
TARGET_packetize
=
10-debpacket.sh
timestamp
=
$
(
date
+%Y-%m-%d
)
#timestamp = $(date +%Y-%m-%d)
timestamp
=
2018-07-25
distro
=
ubuntu
codename
=
xenial
repofile
=
/etc/apt/sources.list
nginx_version
=
'1.14.0'
codename
=
bionic
repofile
=
/etc/apt/sources.list
.d/nginx.repo
nginx_version
=
1.15.2
base_path
=
"/tmp/nginx_sec_
$(timestamp)
/"
inst_path
=
"/etc/nginx"
...
...
nginx_signing.key
deleted
100644 → 0
View file @
fd8f82d8
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol
kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr
KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG
F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN
1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD
oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi
MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
Va3l3WuB+rgKjsQ=
=EWWI
-----END PGP PUBLIC KEY BLOCK-----
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment