nurhambali/install.txt

## install.txt
#### install mode Security NGINX


# update

yum update -y  &&  yum groupinstall -y "Development Tools" && yum install gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel -y &&  yum install lmdb lmdb-devel libxml2 libxml2-devel ssdeep ssdeep-devel lua lua-devel pcre-devel -y


### Add Repo NGINX

cat <<EOF> /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=https://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=1
EOF


yum repolist

yum install nginx -y

#### install libmodsecurity:

cd /usr/src
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
cd ModSecurity
git submodule init
git submodule update
./build.sh
./configure
make
make install

#### install conector nginx

cd /usr/src
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git

### dwonload nginx && #### Test ModSecurity

cd /usr/src

NGINX_VERSION=$(nginx -v 2>&1 |  grep -o '[0-9.]*$')
wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz
tar zxvf nginx-$NGINX_VERSION.tar.gz
cd nginx-$NGINX_VERSION
unset  NGINX_VERSION
./configure --with-compat --add-dynamic-module=../ModSecurity-nginx
make modules
cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
sed -i '4 a load_module modules/ngx_http_modsecurity_module.so;' /etc/nginx/nginx.conf

mkdir /etc/nginx/modsec
cp /usr/src/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
cp /usr/src/ModSecurity/unicode.mapping /etc/nginx/modsec/
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/g' /etc/nginx/modsec/modsecurity.conf


cd /usr/src
wget https://github.com/coreruleset/coreruleset/archive/v3.3.0.tar.gz
tar zxvf v3.3.0.tar.gz
mv coreruleset-3.3.0 /etc/nginx/modsec/coreruleset

cat <<EOF> /etc/nginx/modsec/main.conf
include modsecurity.conf
include /etc/nginx/modsec/coreruleset/crs-setup.conf
include /etc/nginx/modsec/coreruleset/rules/*.conf

# Additional custom rules here

SecRule REQUEST_URI "@beginsWith /rss/" "phase:1,t:none,pass,id:'26091902',nolog,ctl:ruleRemoveById=200002"
SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"
EOF


cp /etc/nginx/modsec/coreruleset/crs-setup.conf.example /etc/nginx/modsec/coreruleset/crs-setup.conf


#### Tambahkan di konfigurasi /etc/nginx/conf.d/default.conf Atau pada reverse proxy

sed -i '4 a modsecurity on;' /etc/nginx/conf.d/default.conf
sed -i '5 a modsecurity_rules_file /etc/nginx/modsec/main.conf;' /etc/nginx/conf.d/default.conf


#### restart nginx

nginx -t
systemctl restart nginx

curl -I -H "User-Agent: floodgate" localhost
curl localhost?testparam=test
	#### install mode Security NGINX



	# update

	yum update -y && yum groupinstall -y "Development Tools" && yum install gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel -y && yum install lmdb lmdb-devel libxml2 libxml2-devel ssdeep ssdeep-devel lua lua-devel pcre-devel -y


	### Add Repo NGINX

	cat <<EOF> /etc/yum.repos.d/nginx.repo
	[nginx]
	name=nginx repo
	baseurl=https://nginx.org/packages/centos/\$releasever/\$basearch/
	gpgcheck=0
	enabled=1
	EOF


	yum repolist

	yum install nginx -y

	#### install libmodsecurity:

	cd /usr/src
	git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
	cd ModSecurity
	git submodule init
	git submodule update
	./build.sh
	./configure
	make
	make install

	#### install conector nginx

	cd /usr/src
	git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git

	### dwonload nginx && #### Test ModSecurity

	cd /usr/src

	NGINX_VERSION=$(nginx -v 2>&1 \| grep -o '[0-9.]*$')
	wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz
	tar zxvf nginx-$NGINX_VERSION.tar.gz
	cd nginx-$NGINX_VERSION
	unset NGINX_VERSION
	./configure --with-compat --add-dynamic-module=../ModSecurity-nginx
	make modules
	cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
	sed -i '4 a load_module modules/ngx_http_modsecurity_module.so;' /etc/nginx/nginx.conf

	mkdir /etc/nginx/modsec
	cp /usr/src/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
	cp /usr/src/ModSecurity/unicode.mapping /etc/nginx/modsec/
	sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/g' /etc/nginx/modsec/modsecurity.conf


	cd /usr/src
	wget https://github.com/coreruleset/coreruleset/archive/v3.3.0.tar.gz
	tar zxvf v3.3.0.tar.gz
	mv coreruleset-3.3.0 /etc/nginx/modsec/coreruleset

	cat <<EOF> /etc/nginx/modsec/main.conf
	include modsecurity.conf
	include /etc/nginx/modsec/coreruleset/crs-setup.conf
	include /etc/nginx/modsec/coreruleset/rules/*.conf

	# Additional custom rules here

	SecRule REQUEST_URI "@beginsWith /rss/" "phase:1,t:none,pass,id:'26091902',nolog,ctl:ruleRemoveById=200002"
	SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"
	EOF



	cp /etc/nginx/modsec/coreruleset/crs-setup.conf.example /etc/nginx/modsec/coreruleset/crs-setup.conf



	#### Tambahkan di konfigurasi /etc/nginx/conf.d/default.conf Atau pada reverse proxy

	sed -i '4 a modsecurity on;' /etc/nginx/conf.d/default.conf
	sed -i '5 a modsecurity_rules_file /etc/nginx/modsec/main.conf;' /etc/nginx/conf.d/default.conf


	#### restart nginx

	nginx -t
	systemctl restart nginx

	curl -I -H "User-Agent: floodgate" localhost
	curl localhost?testparam=test