netscylla/Build Nginx & Naxsi [Redhat]

## Build Nginx & Naxsi [Redhat]
#!/usr/bin/env bash

yum install -y pcre.x86_64 pcre-devel.x86_64 openssl-devel.x86_64 unzip make \
  gperftools-devel.x86_64 gperftools.x86_64 jq.x86_64
mkdir /tmp/ngxbuild
cd /tmp/ngxbuild
latestNginx=$(curl -s http://hg.nginx.org/nginx/tags |
  grep "^ *release-" | head -1 | cut -c 9-)
latestNaxsi=$(curl -s https://api.github.com/repos/nbs-system/naxsi/releases |
  jq -r .[].tag_name | grep -v rc | head -1)
wget -q http://nginx.org/download/nginx-${latestNginx}.tar.gz
wget -q https://github.com/nbs-system/naxsi/archive/${latestNaxsi}.tar.gz
tar xzf nginx-${latestNginx}.tar.gz
tar xzf ${latestNaxsi}.tar.gz
cd nginx*
./configure --conf-path=/etc/nginx/nginx.conf \
  --add-module=../naxsi-${latestNaxsi}/naxsi_src/ \
  --error-log-path=/var/log/nginx/error.log \
  --http-client-body-temp-path=/var/lib/nginx/body \
  --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
  --http-log-path=/var/log/nginx/access.log \
  --http-proxy-temp-path=/var/lib/nginx/proxy \
  --lock-path=/var/lock/nginx.lock \
  --pid-path=/var/run/nginx.pid \
  --with-http_ssl_module \
  --with-http_v2_module \
  --with-http_realip_module \
  --with-stream \
  --with-stream_realip_module \
  --with-stream_ssl_module \
  --with-http_gzip_static_module \
  --with-http_gunzip_module \
  --with-google_perftools_module \
  --without-mail_pop3_module \
  --without-mail_smtp_module \
  --without-mail_imap_module \
  --without-http_uwsgi_module \
  --without-http_scgi_module \
  --prefix=/usr
make -j 4
make install
cp /tmp/ngxbuild/naxsi-${latestNaxsi}/naxsi_config/naxsi_core.rules /etc/nginx/
cat << EOF >/etc/nginx/naxsi_custom.rules
#LearningMode;
SecRulesEnabled;
DeniedUrl "/RequestDenied.html";
## check rules
CheckRule "\$SQL >= 8" BLOCK;
CheckRule "\$RFI >= 8" BLOCK;
CheckRule "\$TRAVERSAL >= 4" BLOCK;
CheckRule "\$EVADE >= 4" BLOCK;
CheckRule "\$XSS >= 8" BLOCK;
EOF
	#!/usr/bin/env bash

	yum install -y pcre.x86_64 pcre-devel.x86_64 openssl-devel.x86_64 unzip make \
	gperftools-devel.x86_64 gperftools.x86_64 jq.x86_64
	mkdir /tmp/ngxbuild
	cd /tmp/ngxbuild
	latestNginx=$(curl -s http://hg.nginx.org/nginx/tags \|
	grep "^ *release-" \| head -1 \| cut -c 9-)
	latestNaxsi=$(curl -s https://api.github.com/repos/nbs-system/naxsi/releases \|
	jq -r .[].tag_name \| grep -v rc \| head -1)
	wget -q http://nginx.org/download/nginx-${latestNginx}.tar.gz
	wget -q https://github.com/nbs-system/naxsi/archive/${latestNaxsi}.tar.gz
	tar xzf nginx-${latestNginx}.tar.gz
	tar xzf ${latestNaxsi}.tar.gz
	cd nginx*
	./configure --conf-path=/etc/nginx/nginx.conf \
	--add-module=../naxsi-${latestNaxsi}/naxsi_src/ \
	--error-log-path=/var/log/nginx/error.log \
	--http-client-body-temp-path=/var/lib/nginx/body \
	--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
	--http-log-path=/var/log/nginx/access.log \
	--http-proxy-temp-path=/var/lib/nginx/proxy \
	--lock-path=/var/lock/nginx.lock \
	--pid-path=/var/run/nginx.pid \
	--with-http_ssl_module \
	--with-http_v2_module \
	--with-http_realip_module \
	--with-stream \
	--with-stream_realip_module \
	--with-stream_ssl_module \
	--with-http_gzip_static_module \
	--with-http_gunzip_module \
	--with-google_perftools_module \
	--without-mail_pop3_module \
	--without-mail_smtp_module \
	--without-mail_imap_module \
	--without-http_uwsgi_module \
	--without-http_scgi_module \
	--prefix=/usr
	make -j 4
	make install
	cp /tmp/ngxbuild/naxsi-${latestNaxsi}/naxsi_config/naxsi_core.rules /etc/nginx/
	cat << EOF >/etc/nginx/naxsi_custom.rules
	#LearningMode;
	SecRulesEnabled;
	DeniedUrl "/RequestDenied.html";
	## check rules
	CheckRule "\$SQL >= 8" BLOCK;
	CheckRule "\$RFI >= 8" BLOCK;
	CheckRule "\$TRAVERSAL >= 4" BLOCK;
	CheckRule "\$EVADE >= 4" BLOCK;
	CheckRule "\$XSS >= 8" BLOCK;
	EOF