diff --git a/confs/site/modsecurity-rules.conf b/confs/site/modsecurity-rules.conf index b3b8354..8f5fa4e 100644 --- a/confs/site/modsecurity-rules.conf +++ b/confs/site/modsecurity-rules.conf @@ -55,7 +55,7 @@ SecAuditLog /var/log/nginx/modsec_audit.log # include OWASP CRS configuration {% if USE_MODSECURITY_CRS == "yes" %} -include /opt/owasp/crs.conf +include /opt/bunkerized-nginx/crs-setup.conf # custom CRS configurations before loading rules (exclusions) {% if is_custom_conf("/modsec-crs-confs") %} @@ -66,7 +66,7 @@ include /modsec-crs-confs/{{ FIRST_SERVER }}/*.conf {% endif %} # include OWASP CRS rules -include /opt/owasp/crs/*.conf +include /opt/bunkerized-nginx/crs/*.conf {% endif %} # custom rules after loading the CRS diff --git a/helpers/dependencies.sh b/helpers/dependencies.sh index 00e781c..927f5b9 100644 --- a/helpers/dependencies.sh +++ b/helpers/dependencies.sh @@ -373,8 +373,8 @@ echo "[*] Clone coreruleset/coreruleset" git_secure_clone https://github.com/coreruleset/coreruleset.git 7776fe23f127fd2315bad0e400bdceb2cabb97dc echo "[*] Install coreruleset" do_and_check_cmd mkdir /opt/bunkerized-nginx/crs -do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules /opt/bunkerized-nginx/crs/ -do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs.conf +do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules/* /opt/bunkerized-nginx/crs +do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs-setup.conf # Download ModSecurity-nginx module echo "[*] Clone SpiderLabs/ModSecurity-nginx" @@ -527,7 +527,7 @@ CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERS echo "[*] Compile dynamic modules" CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')" CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}" -CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure "$CONFARGS" --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli +CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules if [ "$OS" = "centos" ] ; then CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib64/nginx/modules diff --git a/helpers/install.sh b/helpers/install.sh index c568edd..72fe3bd 100644 --- a/helpers/install.sh +++ b/helpers/install.sh @@ -83,11 +83,11 @@ if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then fi echo "[*] Install dependencies" if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then - DEBIAN_DEPS="git cron" + DEBIAN_DEPS="git cron curl" DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y $DEBIAN_DEPS elif [ "$OS" = "centos" ] ; then do_and_check_cmd yum install -y epel-release - CENTOS_DEPS="git crontabs" + CENTOS_DEPS="git crontabs curl" do_and_check_cmd yum install -y $CENTOS_DEPS fi @@ -137,5 +137,29 @@ elif [ "$OS" = "centos" ] ; then do_and_check_cmd cp /tmp/bunkerized-nginx/misc/cron /var/spool/cron/nginx fi +# Download abusers list +echo "[*] Download abusers list" +# TODO : call external script + +# Download TOR exit nodes list +echo "[*] Download TOR exit nodes list" +# TODO : call external script + +# Download proxies list +echo "[*] Download proxies list" +# TODO : call external script + +# Download referrers list +echo "[*] Download referrers list" +# TODO : call external script + +# Download user agents list +echo "[*] Download user agents list" +# TODO : call external script + +# Download geoip database +echo "[*] Download proxies list" +# TODO : call external script + # We're done echo "[*] bunkerized-nginx successfully installed !"