- commit from makefile

a18bca65 · fiorani · fd8f82d8 · eed6b5f8 · a18bca65 · a18bca65
Commit a18bca65 authored Jul 25, 2018 by fiorani
8 changed files
--- a/ModSecurity @ eed6b5f8
+++ b/ModSecurity @ eed6b5f8
+Subproject commit eed6b5f86d00ce7d6bf5e14d6f03647bafd6251d
--- a/code/01-check_prerequisites.sh
+++ b/code/01-check_prerequisites.sh
@@ -5,27 +5,28 @@ distro=$2
 codename=$3
 repofile=$4

-echo "deb http://nginx.org/packages/mainline/$distro/ $codename nginx" >> $repofile
-echo "deb-src http://nginx.org/packages/mainline/$distro/ $codename nginx" >> $repofile
+# Configure the necessary repositories

-wget http://nginx.org/keys/nginx_signing.key
-sudo apt-key add ./nginx_signing.key
+echo "deb http://nginx.org/packages/mainline/$distro/ $codename nginx" > $repofile
+echo "deb-src http://nginx.org/packages/mainline/$distro/ $codename nginx" > $repofile

-# On RHEL/CentOS:
-# sudo rpm --import nginx_signing.key
+wget http://nginx.org/keys/nginx_signing.key
+apt-key add ./nginx_signing.key

-sudo apt update -y
-sudo apt upgrade -y
+# Update the server

-#sudo apt install -y nginx
+apt update -y
+apt upgrade -y

-sudo apt install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev libssl-dev build-essential devscripts debhelper
+# Install required libraries

-sudo apt update -y
-sudo apt upgrade -y
+apt install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev libssl-dev build-essential devscripts debhelper

 # Create temp directories

 mkdir -p /tmp/nginx_sec_$timestamp/

+# Remove nginx signing key
+rm nginx_signing.key
+
 exit
--- a/code/02-data_download.sh
+++ b/code/02-data_download.sh
@@ -8,6 +8,7 @@ base_path=$3

 cd $base_path
 git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
+
 cd ModSecurity
 git submodule init
 git submodule update

--- a/code/04-configuration.sh
+++ b/code/04-configuration.sh
@@ -5,6 +5,10 @@ inst_path=$3
 base_path=$4

 work_path=$(pwd)
+
+#backup initial configuration if any
+cp -fr /etc/nginx/ /tmp/nginx_backup_$timestamp 
+
 rm -f /etc/nginx/*default*
 cp $base_path/nginx-$nginx_version/objs/ngx_http_modsecurity_module.so /etc/nginx/modules
 mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
@@ -14,4 +18,9 @@ unzip $base_path/master.zip -d $inst_path/modsec/rules
 cp $work_path/config/nginx.conf /etc/nginx/nginx.conf
 cp $work_path/config/modsecurity.conf /etc/nginx/modsec/modsecurity.conf

+# Restore from original configuration
+cp /tmp/nginx_backup_$timestamp/sites-available /etc/nginx/sites-available
+cp /tmp/nginx_backup_$timestamp/sites-enabled /etc/nginx/sites-enabled
+cp /tmp/nginx_backup_$timestamp/nginx.conf /etc/nginx/nginx.conf.old
+
 exit
--- a/code/99-clean.sh
+++ b/code/99-clean.sh
 #!/bin/bash
 timestamp=$(date +%Y-%m-%d)

-#remove nginx repo signing key
-rm -f ./nginx_signing.key*
-
 #remove last 2 rows of /etc/apt/sources.list
 sed -i '/nginx/d' /etc/apt/sources.list
-#remove installed nginx
-apt -y remove nginx 
+
 #remove temp directories of compilationi
 rm -fr /tmp/nginx_sec_$timestamp/


--- a/config/nginx_signing.key
+++ b/config/nginx_signing.key
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
-W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
-QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
-fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
-97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
-XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
-a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV
-CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol
-kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr
-KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG
-F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN
-1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD
-oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi
-MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
-YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
-JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
-Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
-RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
-SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
-Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
-cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
-YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
-Va3l3WuB+rgKjsQ=
-=EWWI
-----END PGP PUBLIC KEY BLOCK-----
--- a/makefile
+++ b/makefile
 BASEPATH = ./code

-#TIMESTAMP = $(shell date +%Y-%m-%d-%H-%M-%S)
-
 TARGET_prereq   = 01-check_prerequisites.sh
 TARGET_download = 02-data_download.sh 
 TARGET_compile  = 03-compile.sh 
@@ -9,11 +7,12 @@ TARGET_configure= 04-configuration.sh
 TARGET_clean    = 99-clean.sh
 TARGET_packetize= 10-debpacket.sh

-timestamp	= $(date +%Y-%m-%d)
+#timestamp	= $(date +%Y-%m-%d)
+timestamp	= 2018-07-25
 distro		= ubuntu
-codename	= xenial
-repofile	= /etc/apt/sources.list
-nginx_version	= '1.14.0'
+codename	= bionic 
+repofile	= /etc/apt/sources.list.d/nginx.repo 
+nginx_version	= 1.15.2

 base_path	= "/tmp/nginx_sec_$(timestamp)/"
 inst_path	= "/etc/nginx"

--- a/nginx_signing.key
+++ b/nginx_signing.key
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
-W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
-QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
-fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
-97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
-XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
-a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV
-CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol
-kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr
-KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG
-F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN
-1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD
-oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi
-MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
-YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
-JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
-Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
-RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
-SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
-Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
-cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
-YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
-Va3l3WuB+rgKjsQ=
-=EWWI
-----END PGP PUBLIC KEY BLOCK-----