Skip to content

Instantly share code, notes, and snippets.

@sts

sts/coraza-ruleloader

Last active August 17, 2022 14:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sts/c200fa424170ec7c44097598d8db1e9f to your computer and use it in GitHub Desktop.
Save sts/c200fa424170ec7c44097598d8db1e9f to your computer and use it in GitHub Desktop.
Download ZIP
Core Ruleset Loader
Raw
coraza-ruleloader
#!/bin/bash
# Copyright 2022, Stefan Schlesinger
#
# Coraza Core Ruleset Downloader
# - download, manage and activate local copies of CRS versions
#
# Usage:
# coraza-ruleloader 4.0.0-rc1
# coraza-ruleloader 4.0.0-rc1 /etc/coraza
#
# Uses the following directory structure:
#
# /etc/coraza/corerulesets/4.0.0-rc1
# /etc/coraza/corerulesets/4.0.0-rc1/crs-setup.conf
# /etc/coraza/corerulesets/4.0.0-rc1/rules
# /etc/coraza/corerulesets/4.0.0-rc1/plugins
# /etc/coraza/corerulesets/3.3.2
# /etc/coraza/corerulesets/3.3.2/crs-setup.conf
# /etc/coraza/corerulesets/3.3.2/rules
# /etc/coraza/rules -> coraza/corerulesets/4.0.0-rc1/rules
# /etc/coraza/crs-setup.conf -> coraza/corerulesets/4.0.0-rc1/crs-setup.conf
#
set -eo pipefail
CORERULESET_VERSION=${1:-4.0.0-rc1}
TARGET_BASE="${2:-coraza}"
TARGET_DIR="${TARGET_BASE}/corerulesets/${CORERULESET_VERSION}"
trap cleanup HUP INT QUIT TERM
crs_download() {
SCRATCH=$(mktemp -d)
if ! curl -sL https://github.com/coreruleset/coreruleset/archive/refs/tags/v${CORERULESET_VERSION}.tar.gz \
| tar -xz --strip-components 1 -C "${SCRATCH}" 2>/dev/null ; then
echo ERROR: Unable to download https://github.com/coreruleset/coreruleset/archive/refs/tags/v${CORERULESET_VERSION}.tar.gz
exit 1
fi
}
crs_install() {
mkdir -p $TARGET_DIR
mv $SCRATCH/crs-setup.conf.example $TARGET_DIR/crs-setup.conf
mv $SCRATCH/rules $TARGET_DIR
[[ -d $SCRATCH/plugins ]] && mv $SCRATCH/plugins $TARGET_DIR
echo Loaded ruleset to $TARGET_DIR 1>&2
}
crs_activate() {
cd $TARGET_BASE
ln -sf "corerulesets/${CORERULESET_VERSION}/rules"
ln -sf "corerulesets/${CORERULESET_VERSION}/crs-setup.conf"
if [[ -d corerulesets/${CORERULESET_VERSION}/plugins ]] ; then
ln -sf "corerulesets/${CORERULESET_VERSION}/plugins"
else
rm -f plugins
fi
echo SUCCESS: Activated corerulesets/${CORERULESET_VERSION}
}
cleanup() {
[[ -d $SCRATCH ]] && rm -rf $SCRATCH
}
[[ -n `which curl &> /dev/null` ]] && echo "ERROR: Please install the curl command" && exit 1
if [[ ! -d $TARGET_DIR ]] ; then
echo Ruleset not found, attemting download from Github. 1>&2
crs_download && crs_install
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment