Skip to content

Commit

Permalink
update prep for ModSecurity v3.0 part 4
Browse files Browse the repository at this point in the history
  • Loading branch information
centminmod committed Aug 4, 2017
1 parent 051ca1e commit 10863ad
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
1 change: 1 addition & 0 deletions centmin.sh
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,7 @@ NGINX_HTTP2='y' # Nginx http/2 patch https://community.centminmod.c
NGINX_HTTPPUSH='n' # Nginx http/2 push patch https://community.centminmod.com/threads/11910/
NGINX_ZLIBNG='n' # 64bit OS only for Nginx compiled against zlib-ng https://github.com/Dead2/zlib-ng
NGINX_MODSECURITY='n' # modsecurity module support https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX
MODSECURITY_OWASPVER='3.0.2' # owasp modsecurity ruleset https://github.com/SpiderLabs/owasp-modsecurity-crs/releases
NGINX_REALIP='y' # http://nginx.org/en/docs/http/ngx_http_realip_module.html
NGINX_RDNS='n' # https://github.com/flant/nginx-http-rdns
NGINX_NJS='n' # nginScript https://www.nginx.com/blog/launching-nginscript-and-looking-ahead/
Expand Down
14 changes: 14 additions & 0 deletions inc/mod_security.inc
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,25 @@ modsecurity_install() {
mv /usr/local/nginx/modsec/modsecurity.conf-recommended /usr/local/nginx/modsec/modsecurity.conf
# sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /usr/local/nginx/modsec/modsecurity.conf
fi
if [ ! -f "/usr/local/nginx/owasp-modsecurity-crs-${MODSECURITY_OWASPVER}/crs-setup.conf" ]; then
pushd "$DIR_TMP"
wget "https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v${MODSECURITY_OWASPVER}.tar.gz"
tar xvzf "v${MODSECURITY_OWASPVER}.tar.gz"
mv "owasp-modsecurity-crs-${MODSECURITY_OWASPVER}" /usr/local/nginx
ls -lah "/usr/local/nginx/owasp-modsecurity-crs-${MODSECURITY_OWASPVER}"
cp "/usr/local/nginx/owasp-modsecurity-crs-${MODSECURITY_OWASPVER}/crs-setup.conf.example" "/usr/local/nginx/owasp-modsecurity-crs-${MODSECURITY_OWASPVER}/crs-setup.conf"
ls -lah "/usr/local/nginx/owasp-modsecurity-crs-${MODSECURITY_OWASPVER}/rules/"
popd
fi
if [ ! -f /usr/local/nginx/modsec/main.conf ]; then
cat > "/usr/local/nginx/modsec/main.conf" <<EOF
# Edit to set SecRuleEngine On
Include "/usr/local/nginx/modsec/modsecurity.conf"

# OWASP CRS v3 rules
Include "/usr/local/nginx/owasp-modsecurity-crs-${MODSECURITY_OWASPVER}/crs-setup.conf"
Include "/usr/local/nginx/owasp-modsecurity-crs-${MODSECURITY_OWASPVER}/rules/*.conf"

# Basic test rule
SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"
EOF
Expand Down

0 comments on commit 10863ad

Please sign in to comment.