Join the community today
Become a Member

Beta Branch update inc/nginx_configure.inc and centmin.sh modsecurity detection

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jan 18, 2016.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    29,031
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,782
    Local Time:
    11:50 AM
    Nginx 1.13.x
    MariaDB 5.5
    update inc/nginx_configure.inc and centmin.sh modsecurity detection

    Added detection support to nginx configuration routine for modsecurity nginx module https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX. This is detection support specifically. So if modsecurity is compiled and installed in default location i.e. /usr/local/modsecurity/lib/ and source tarball install directory is at /svr-setup/modsecurity-${MODSEC_VER} where MODSEC_VER is the version number 2.9.0, then centmin mod nginx configuration routine will dynamically determine the modsecurity version number via string search in /usr/local/modsecurity/lib/mod_security2.so.

    This allows me to bundle a separate standalone centmin mod addon later on into addons/modsecurity.sh which can install the actual modsecurity libs and dependencies. These dependencies also require installation of Apache on Centmin Mod but will stop and disable Apache from auto startup on reboot. The yum package and dependency requirements include: libuuid libuuid-devel libcurl-devel httpd-devel lua lua-devel ssdeep ssdeep-devel as well as source installs for openssl static build, apr, apr-util, pcre.

    While Nginx modsecurity module will be installed if modsecurity libs are detected via nginx configure option: --add-module=../modsecurity-${MODSEC_VER}/nginx/modsecurity the actual configuration of modsecurity on Nginx will be left to end user without any support from me. I'll provide the install but configuration and tuning of modsecurity for nginx will be left to end user.

    Continue reading...

    123.09beta01 branch
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    29,031
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,782
    Local Time:
    11:50 AM
    Nginx 1.13.x
    MariaDB 5.5
    default centmin mod 123.09beta01 nginx install has NGINX_MODSECURITY=n disabled in centmin.sh
    to enable modsecurity nginx module detection, create or append into your persistent config file at /etc/centminmod/custom_config.inc the following:
    Code:
    NGINX_MODSECURITY=y
    then run centmin.sh menu option 4 to recompile Nginx. If modsecurity is installed at know paths, then nginx will be configured with modsecurity nginx module. If modsecurity is not installed, nginx will auto configure without modsecurity nginx module
    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu                  
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + WP Super Cache
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    --------------------------------------------------------
    
    Do you want to run YUM install checks ?  [y/n]
    
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the
    YUM install check to speed up upgrade time.
    
    [y/n]: n
    **********************************************************************
    * Nginx Update script - Included in Centmin Extras
    * Version: 1.2.3-eva2000.09 - Date: 31/09/2015 - Copyright 2011-2015 CentminMod.com
    **********************************************************************
    This software comes with no warranty of any kind. You are free to use
    it for both personal and commercial use as licensed under the GPL.
    Nginx Upgrade - Would you like to continue? [y/n] y
    
    Install which version of Nginx? (version i.e. 1.9.9}): 1.9.9