ModSecurity's OWASP Core Rule Set 3.2.0 in 123.09beta01

- update optional Nginx modsecurity OWASP core rule set from 3.1.1 to 3.2.0 https://github.com/SpiderLabs/owasp-modsecurity-crs/releases when NGINX_MODSECURITY='y' is set in persistent config file /etc/centminmod/custom_config.inc prior to centmin.sh menu option 4 nginx recompiles. By default, NGINX_MODSECURITY='n' is the default so not enabled by default - add support for devtoolset-9 GCC 9 when detected as available
centminmod · Mar 3, 2020 · 58d4656 · 58d4656
1 parent 30cc7dc
commit 58d4656
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/centmin.sh b/centmin.sh
@@ -27,7 +27,7 @@ DT=$(date +"%d%m%y-%H%M%S")
 branchname='123.09beta01'
 SCRIPT_MAJORVER='1.2.3'
 SCRIPT_MINORVER='09'
-SCRIPT_INCREMENTVER='444'
+SCRIPT_INCREMENTVER='445'
 SCRIPT_VERSIONSHORT="${branchname}"
 SCRIPT_VERSION="${SCRIPT_VERSIONSHORT}.b${SCRIPT_INCREMENTVER}"
 SCRIPT_DATE='29/02/2020'
@@ -528,7 +528,7 @@ NGINX_HTTPPUSH='n'           # Nginx http/2 push patch https://community.centmin
 NGINX_ZLIBNG='n'             # 64bit OS only for Nginx compiled against zlib-ng https://github.com/Dead2/zlib-ng
 NGINX_MODSECURITY='n'        # modsecurity module support https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX
 NGINX_MODSECURITY_MAXMIND='y' # modsecurity built with libmaxminddb is failing to compile so disable it in favour of GeoIP legacy
-MODSECURITY_OWASPVER='3.1.1' # owasp modsecurity ruleset https://github.com/SpiderLabs/owasp-modsecurity-crs/releases
+MODSECURITY_OWASPVER='3.2.0' # owasp modsecurity ruleset https://github.com/SpiderLabs/owasp-modsecurity-crs/releases
 NGINX_REALIP='y'             # http://nginx.org/en/docs/http/ngx_http_realip_module.html
 NGINX_RDNS='n'               # https://github.com/flant/nginx-http-rdns
 NGINX_NJS='n'                # nginScript https://www.nginx.com/blog/launching-nginscript-and-looking-ahead/

diff --git a/inc/mod_security.inc b/inc/mod_security.inc
@@ -10,8 +10,26 @@ modsecurity_install() {
     echo "build libmodsecurity..."
     # https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes
 
-    # force devtoolset-8 gcc 8+ usage
-      if [[ ! -f /opt/rh/devtoolset-8/root/usr/bin/gcc || ! -f /opt/rh/devtoolset-8/root/usr/bin/g++ ]]; then
+    # force devtoolset-9 gcc 8+ usage
+      if [[ ! -f /opt/rh/devtoolset-9/root/usr/bin/gcc || ! -f /opt/rh/devtoolset-9/root/usr/bin/g++ ]]; then
+        scl_install
+        unset CC
+        unset CXX
+        export CC="ccache gcc"
+        export CXX="ccache g++"
+        # export CFLAGS="-Wimplicit-fallthrough=0"
+        gcc --version
+        g++ --version
+      elif [[ -f /opt/rh/devtoolset-9/root/usr/bin/gcc && -f /opt/rh/devtoolset-9/root/usr/bin/g++ ]]; then
+        source /opt/rh/devtoolset-8/enable
+        unset CC
+        unset CXX
+        export CC="ccache gcc"
+        export CXX="ccache g++"
+        # export CFLAGS="-Wimplicit-fallthrough=0"
+        gcc --version
+        g++ --version
+      elif [[ ! -f /opt/rh/devtoolset-8/root/usr/bin/gcc || ! -f /opt/rh/devtoolset-8/root/usr/bin/g++ ]]; then
         scl_install
         unset CC
         unset CXX