linux - started work on installer
This commit is contained in:
bunkerity
parent
15bdb076c8
commit
9636013f5e
212
helpers/install.sh
Normal file
212
helpers/install.sh
Normal file
@ -0,0 +1,212 @@
|
||||
#!/bin/bash
|
||||
|
||||
function git_secure_checkout() {
|
||||
if [ "$CHANGE_DIR" != "" ] ; then
|
||||
cd "$CHANGE_DIR"
|
||||
fi
|
||||
path="$1"
|
||||
commit="$2"
|
||||
cd "$path"
|
||||
output="$(git checkout "${commit}^{commit}" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] Commit hash $commit is absent from submodules $path !"
|
||||
echo "$output"
|
||||
exit 4
|
||||
fi
|
||||
}
|
||||
|
||||
function git_secure_clone() {
|
||||
cd /tmp/bunkerized-nginx
|
||||
repo="$1"
|
||||
commit="$2"
|
||||
folder="$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")"
|
||||
output="$(git clone "$repo" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] Error cloning $1"
|
||||
echo "$output"
|
||||
exit 2
|
||||
fi
|
||||
cd "$folder"
|
||||
output="$(git checkout "${commit}^{commit}" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] Commit hash $commit is absent from repository $repo"
|
||||
echo "$output"
|
||||
exit 3
|
||||
fi
|
||||
}
|
||||
|
||||
function do_and_check_cmd() {
|
||||
if [ "$CHANGE_DIR" != "" ] ; then
|
||||
cd "$CHANGE_DIR"
|
||||
fi
|
||||
output=$($* 2>&1)
|
||||
ret="$?"
|
||||
if [ $ret -ne 0 ] ; then
|
||||
echo "[!] Error from command : $*"
|
||||
echo "$output"
|
||||
exit $ret
|
||||
fi
|
||||
#echo $output
|
||||
return 0
|
||||
}
|
||||
|
||||
# Variables
|
||||
NTASK=$(nproc)
|
||||
NGINX_VERSION="${NGINX_VERSION-1.20.1}"
|
||||
|
||||
# Check if we are root
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "[!] Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Create /tmp/bunkerized-nginx
|
||||
echo "[*] Prepare /tmp/bunkerized-nginx"
|
||||
if [ -e "/tmp/bunkerized-nginx" ] ; then
|
||||
do_and_check_cmd rm -rf /tmp/bunkerized-nginx
|
||||
fi
|
||||
do_and_check_cmd mkdir /tmp/bunkerized-nginx
|
||||
|
||||
# Create /opt/bunkerized-nginx
|
||||
echo "[*] Prepare /opt/bunkerized-nginx"
|
||||
if [ -e "/opt/bunkerized-nginx" ] ; then
|
||||
do_and_check_cmd rm -rf /opt/bunkerized-nginx
|
||||
fi
|
||||
do_and_check_cmd mkdir /opt/bunkerized-nginx
|
||||
|
||||
# Install dependencies
|
||||
echo "[*] Update packet list"
|
||||
do_and_check_cmd apt update
|
||||
echo "[*] Install dependencies"
|
||||
do_and_check_cmd apt install -y git autoconf pkg-config libpcre++-dev automake libtool g++ make
|
||||
|
||||
# Download, compile and install ModSecurity
|
||||
echo "[*] Clone SpiderLabs/ModSecurity"
|
||||
git_secure_clone https://github.com/SpiderLabs/ModSecurity.git 753145fbd1d6751a6b14fdd700921eb3cc3a1d35
|
||||
echo "[*] Compile and install ModSecurity"
|
||||
# temp fix : Debian run it twice
|
||||
cd /tmp/bunkerized-nginx/ModSecurity && ./build.sh > /dev/null 2>&1
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd sh build.sh
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule init
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule update
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout bindings/python 47a6925df187f96e4593afab18dc92d5f22bd4d5
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout others/libinjection bf234eb2f385b969c4f803b35fda53cffdd93922
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout test/test-cases/secrules-language-tests d03f4c1e930440df46c1faa37d820a919704d9da
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd ./configure --enable-static=no --disable-doxygen-doc --disable-dependency-tracking --disable-examples
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make install-strip
|
||||
|
||||
# Download and install OWASP Core Rule Set
|
||||
echo "[*] Clone coreruleset/coreruleset"
|
||||
git_secure_clone https://github.com/coreruleset/coreruleset.git 7776fe23f127fd2315bad0e400bdceb2cabb97dc
|
||||
echo "[*] Install coreruleset"
|
||||
do_and_check_cmd mkdir /opt/bunkerized-nginx/crs
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules /opt/bunkerized-nginx/crs/
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs.conf
|
||||
|
||||
# Download ModSecurity-nginx module
|
||||
echo "[*] Clone SpiderLabs/ModSecurity-nginx"
|
||||
git_secure_clone https://github.com/SpiderLabs/ModSecurity-nginx.git 2497e6ac654d0b117b9534aa735b757c6b11c84f
|
||||
|
||||
# Download headers more module
|
||||
echo "[*] Clone openresty/headers-more-nginx-module"
|
||||
git_secure_clone https://github.com/openresty/headers-more-nginx-module.git d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17
|
||||
|
||||
# Download GeoIP moduke
|
||||
echo "[*] Clone leev/ngx_http_geoip2_module"
|
||||
git_secure_clone https://github.com/leev/ngx_http_geoip2_module.git 1cabd8a1f68ea3998f94e9f3504431970f848fbf
|
||||
|
||||
# Download cookie flag module
|
||||
echo "[*] Clone AirisX/nginx_cookie_flag_module"
|
||||
git_secure_clone https://github.com/AirisX/nginx_cookie_flag_module.git c4ff449318474fbbb4ba5f40cb67ccd54dc595d4
|
||||
|
||||
# Download brotli module
|
||||
echo "[*] Clone google/ngx_brotli"
|
||||
git_secure_clone https://github.com/google/ngx_brotli.git 9aec15e2aa6feea2113119ba06460af70ab3ea62
|
||||
|
||||
# Download lua-nginx module
|
||||
git_secure_clone https://github.com/openresty/lua-nginx-module.git 2d23bc4f0a29ed79aaaa754c11bffb1080aa44ba
|
||||
|
||||
# Download, compile and install luajit2
|
||||
echo "[*] Clone openresty/luajit2"
|
||||
git_secure_clone https://github.com/openresty/luajit2.git fe32831adcb3f5fe9259a9ce404fc54e1399bba3
|
||||
echo "[*] Compile luajit2"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make -j $NTASK
|
||||
echo "[*] Install luajit2"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-core
|
||||
git_secure_clone https://github.com/openresty/lua-resty-core.git b7d0a681bb41e6e3f29e8ddc438ef26fd819bb19
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-core" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-lrucache
|
||||
git_secure_clone https://github.com/openresty/lua-resty-lrucache.git b2035269ac353444ac65af3969692bcae4fc1605
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-lrucache" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-dns
|
||||
git_secure_clone https://github.com/openresty/lua-resty-dns.git 24c9a69808aedfaf029ae57707cdef75d83e2d19
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-dns" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-session
|
||||
git_secure_clone https://github.com/bungle/lua-resty-session.git f300870ce4eee3f4903e0565c589f1faf0c1c5aa
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-resty-session/lib/resty/* /usr/local/lib/lua/resty
|
||||
|
||||
# Download and install lua-resty-random
|
||||
git_secure_clone https://github.com/bungle/lua-resty-random.git 17b604f7f7dd217557ca548fc1a9a0d373386480
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-random" do_and_check_cmd make install
|
||||
|
||||
# Download and install lua-resty-string
|
||||
git_secure_clone https://github.com/openresty/lua-resty-string.git 9a543f8531241745f8814e8e02475351042774ec
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-string" do_and_check_cmd make install
|
||||
|
||||
# Download, compile and install lua-cjson
|
||||
git_secure_clone https://github.com/openresty/lua-cjson.git 0df488874f52a881d14b5876babaa780bb6200ee
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install-extra
|
||||
|
||||
# Download, compile and install lua-gd
|
||||
git_secure_clone https://github.com/ittner/lua-gd.git 2ce8e478a8591afd71e607506bc8c64b161bbd30
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make INSTALL_PATH=/usr/local/lib/lua/5.1 install
|
||||
|
||||
# Download and install lua-resty-http
|
||||
git_secure_clone https://github.com/ledgetech/lua-resty-http.git 984fdc26054376384e3df238fb0f7dfde01cacf1
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-http" do_and_check_cmd make install
|
||||
|
||||
# Download and install lualogging
|
||||
git_secure_clone https://github.com/Neopallium/lualogging.git cadc4e8fd652be07a65b121a3e024838db330c15
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lualogging/src/* /usr/local/lib/lua
|
||||
|
||||
# Download, compile and install luasocket
|
||||
git_secure_clone https://github.com/diegonehab/luasocket.git 5b18e475f38fcf28429b1cc4b17baee3b9793a62
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make CDIR_linux=lib/lua/5.1 LDIR_linux=lib/lua install
|
||||
|
||||
# Download, compile and install luasec
|
||||
git_secure_clone https://github.com/brunoos/luasec.git c6704919bdc85f3324340bdb35c2795a02f7d625
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make linux -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make LUACPATH=/usr/local/lib/lua/5.1 LUAPATH=/usr/local/lib/lua install
|
||||
|
||||
# Download and install lua-cs-bouncer
|
||||
git_secure_clone https://github.com/crowdsecurity/lua-cs-bouncer.git 3c235c813fc453dcf51a391bc9e9a36ca77958b0
|
||||
do_and_check_cmd mkdir /usr/local/lib/lua/crowdsec
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-cs-bouncer/lib/* /usr/local/lib/lua/crowdsec
|
||||
do_and_check_cmd sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
|
||||
do_and_check_cmd sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
|
||||
|
||||
# Download and install lua-resty-iputils
|
||||
git_secure_clone https://github.com/hamishforbes/lua-resty-iputils.git 3151d6485e830421266eee5c0f386c32c835dba4
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-iputils" do_and_check_cmd make LUA_LIB_DIR=/usr/local/lib/lua install
|
||||
|
||||
# Download nginx and decompress sources
|
||||
# TODO : check GPG signature
|
||||
do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERSION}.tar.gz
|
||||
|
||||
# Compile dynamic modules
|
||||
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
|
||||
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd ./configure "$CONFARGS" --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib/nginx/modules
|
||||
Loading…
x
Reference in New Issue
Block a user