-
Notifications
You must be signed in to change notification settings - Fork 0
/
config_nginx_modsec.sh
executable file
·73 lines (66 loc) · 1.97 KB
/
config_nginx_modsec.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/bin/bash
# /********************************************************************
# HTTP2 Benchmark Modify Server for ModSecurity config Nginx modsec
# *********************************************************************/
silent() {
if [[ $debug ]] ; then
"$@"
else
"$@" >/dev/null 2>&1
fi
}
### Tools
echoY() {
echo -e "\033[38;5;148m${1}\033[39m"
}
echoG() {
echo -e "\033[38;5;71m${1}\033[39m"
}
echoR()
{
echo -e "\033[38;5;203m${1}\033[39m"
}
fail_exit(){
echoR "${1}"
}
fail_exit_fatal(){
echoR "${1}"
if [ $# -gt 1 ] ; then
popd "+${2}"
fi
exit 1
}
if [ $# -lt 3 ] ; then
if [ $# -eq 0 ]; then
./modsec.sh "nginx"
exit $?
fi
fail_exit_fatal "Needs to be run by modsec.sh"
fi
TEMP_DIR="${1}"
OWASP_DIR="${2}"
NGDIR="${3}"
if [ $# -eq 4 ] ; then
COMODO=1
else
COMODO=0
fi
config_nginxModSec(){
silent grep ngx_http_modsecurity_module.so $NGDIR/nginx.conf
if [ $? -eq 0 ] ; then
echoG "Nginx already configured for modsecurity"
return 0
fi
cp -f $NGDIR/nginx.conf $NGDIR/nginx.conf.nomodsec
cp -f $NGDIR/conf.d/default.conf $NGDIR/conf.d/default.conf.nomodsec
cp -f $NGDIR/conf.d/wordpress.conf $NGDIR/conf.d/wordpress.conf.nomodsec
sed -i '1iload_module modules/ngx_http_modsecurity_module.so;' $NGDIR/nginx.conf
if [ $COMODO -eq 1 ] ; then
sed -i "s=server {=server {\n modsecurity on;\n modsecurity_rules_file $OWASP_DIR/rules.conf.main;=g" $NGDIR/conf.d/default.conf
sed -i "s=server {=server {\n modsecurity on;\n modsecurity_rules_file $OWASP_DIR/rules.conf.main;=g" $NGDIR/conf.d/wordpress.conf
else
sed -i "s=server {=server {\n modsecurity on;\n modsecurity_rules_file $OWASP_DIR/modsec_includes.conf;=g" $NGDIR/conf.d/default.conf
sed -i "s=server {=server {\n modsecurity on;\n modsecurity_rules_file $OWASP_DIR/modsec_includes.conf;=g" $NGDIR/conf.d/wordpress.conf
fi
}
config_nginxModSec