netscylla/Build Nginx & Naxsi [Debian]

## Build Nginx & Naxsi [Debian]
#!/usr/bin/env bash

apt-get install -y libpcre3 libpcre3-dev libssl-dev unzip make \
  libgoogle-perftools-dev google-perftools jq gcc zlib1g-dev
mkdir /tmp/ngxbuild
cd /tmp/ngxbuild
ng_cookies=$(curl -s http://hg.nginx.org/nginx/tags|grep cookie|cut -f 2 -d '"'|tr -d '\n')
latestNginx=$(curl --cookie ${ng_cookies} -s http://hg.nginx.org/nginx/tags|grep "^ *release-" | head -1 | cut -c 9-)
echo "found: ${latestNginx}"
latestNaxsi=$(curl -s https://api.github.com/repos/nbs-system/naxsi/releases |
  jq -r .[].tag_name | grep -v rc | head -1)
wget -q http://nginx.org/download/nginx-${latestNginx}.tar.gz
wget -q https://github.com/nbs-system/naxsi/archive/${latestNaxsi}.tar.gz
tar xzf nginx-${latestNginx}.tar.gz
tar xzf ${latestNaxsi}.tar.gz
cd nginx-${latestNginx}
./configure --conf-path=/etc/nginx/nginx.conf \
  --add-module=../naxsi-${latestNaxsi}/naxsi_src/ \
  --error-log-path=/var/log/nginx/error.log \
  --http-client-body-temp-path=/var/lib/nginx/body \
  --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
  --http-log-path=/var/log/nginx/access.log \
  --http-proxy-temp-path=/var/lib/nginx/proxy \
  --lock-path=/var/lock/nginx.lock \
  --pid-path=/var/run/nginx.pid \
  --with-http_ssl_module \
  --with-http_v2_module \
  --with-http_realip_module \
  --with-stream \
  --with-stream_realip_module \
  --with-stream_ssl_module \
  --with-google_perftools_module \
  --without-mail_pop3_module \
  --without-mail_smtp_module \
  --without-mail_imap_module \
  --without-http_uwsgi_module \
  --without-http_scgi_module \
  --prefix=/usr
make -j 4
make install
cp /tmp/ngxbuild/naxsi-${latestNaxsi}/naxsi_config/naxsi_core.rules /etc/nginx/
cat << EOF >/etc/nginx/naxsi_custom.rules
#LearningMode;
SecRulesEnabled;
DeniedUrl "/RequestDenied.html";
## check rules
CheckRule "\$SQL >= 8" BLOCK;
CheckRule "\$RFI >= 8" BLOCK;
CheckRule "\$TRAVERSAL >= 4" BLOCK;
CheckRule "\$EVADE >= 4" BLOCK;
CheckRule "\$XSS >= 8" BLOCK;
EOF
	#!/usr/bin/env bash

	apt-get install -y libpcre3 libpcre3-dev libssl-dev unzip make \
	libgoogle-perftools-dev google-perftools jq gcc zlib1g-dev
	mkdir /tmp/ngxbuild
	cd /tmp/ngxbuild
	ng_cookies=$(curl -s http://hg.nginx.org/nginx/tags\|grep cookie\|cut -f 2 -d '"'\|tr -d '\n')
	latestNginx=$(curl --cookie ${ng_cookies} -s http://hg.nginx.org/nginx/tags\|grep "^ *release-" \| head -1 \| cut -c 9-)
	echo "found: ${latestNginx}"
	latestNaxsi=$(curl -s https://api.github.com/repos/nbs-system/naxsi/releases \|
	jq -r .[].tag_name \| grep -v rc \| head -1)
	wget -q http://nginx.org/download/nginx-${latestNginx}.tar.gz
	wget -q https://github.com/nbs-system/naxsi/archive/${latestNaxsi}.tar.gz
	tar xzf nginx-${latestNginx}.tar.gz
	tar xzf ${latestNaxsi}.tar.gz
	cd nginx-${latestNginx}
	./configure --conf-path=/etc/nginx/nginx.conf \
	--add-module=../naxsi-${latestNaxsi}/naxsi_src/ \
	--error-log-path=/var/log/nginx/error.log \
	--http-client-body-temp-path=/var/lib/nginx/body \
	--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
	--http-log-path=/var/log/nginx/access.log \
	--http-proxy-temp-path=/var/lib/nginx/proxy \
	--lock-path=/var/lock/nginx.lock \
	--pid-path=/var/run/nginx.pid \
	--with-http_ssl_module \
	--with-http_v2_module \
	--with-http_realip_module \
	--with-stream \
	--with-stream_realip_module \
	--with-stream_ssl_module \
	--with-google_perftools_module \
	--without-mail_pop3_module \
	--without-mail_smtp_module \
	--without-mail_imap_module \
	--without-http_uwsgi_module \
	--without-http_scgi_module \
	--prefix=/usr
	make -j 4
	make install
	cp /tmp/ngxbuild/naxsi-${latestNaxsi}/naxsi_config/naxsi_core.rules /etc/nginx/
	cat << EOF >/etc/nginx/naxsi_custom.rules
	#LearningMode;
	SecRulesEnabled;
	DeniedUrl "/RequestDenied.html";
	## check rules
	CheckRule "\$SQL >= 8" BLOCK;
	CheckRule "\$RFI >= 8" BLOCK;
	CheckRule "\$TRAVERSAL >= 4" BLOCK;
	CheckRule "\$EVADE >= 4" BLOCK;
	CheckRule "\$XSS >= 8" BLOCK;
	EOF