Beta Branch update inc/nginx_configure.inc and centmin.sh modsecurity detection

eva2000 · Jan 18, 2016

update inc/nginx_configure.inc and centmin.sh modsecurity detection

Added detection support to nginx configuration routine for modsecurity nginx module https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX. This is detection support specifically. So if modsecurity is compiled and installed in default location i.e. /usr/local/modsecurity/lib/ and source tarball install directory is at /svr-setup/modsecurity-${MODSEC_VER} where MODSEC_VER is the version number 2.9.0, then centmin mod nginx configuration routine will dynamically determine the modsecurity version number via string search in /usr/local/modsecurity/lib/mod_security2.so.

This allows me to bundle a separate standalone centmin mod addon later on into addons/modsecurity.sh which can install the actual modsecurity libs and dependencies. These dependencies also require installation of Apache on Centmin Mod but will stop and disable Apache from auto startup on reboot. The yum package and dependency requirements include: libuuid libuuid-devel libcurl-devel httpd-devel lua lua-devel ssdeep ssdeep-devel as well as source installs for openssl static build, apr, apr-util, pcre.

While Nginx modsecurity module will be installed if modsecurity libs are detected via nginx configure option: --add-module=../modsecurity-${MODSEC_VER}/nginx/modsecurity the actual configuration of modsecurity on Nginx will be left to end user without any support from me. I'll provide the install but configuration and tuning of modsecurity for nginx will be left to end user.

Continue reading...

123.09beta01 branch

Branch: https://github.com/centminmod/centminmod/tree/123.09beta01

Commit History: https://github.com/centminmod/centminmod/commits/123.09beta01

eva2000 · Jan 18, 2016

default centmin mod 123.09beta01 nginx install has NGINX_MODSECURITY=n disabled in centmin.sh

nginx -V
nginx version: nginx/1.9.9
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.2.5
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module --with-http_secure_link_module --with-openssl-opt=enable-tlsext --add-module=../nginx-module-vts --with-libatomic --with-threads --with-stream --with-stream_ssl_module --with-http_gzip_static_module --add-module=../ngx_pagespeed-release-1.9.32.11-beta --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_geoip_module --with-http_realip_module --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --add-module=../ngx-fancyindex-ngx-fancyindex --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.2.19 --add-module=../set-misc-nginx-module-0.29 --add-module=../echo-nginx-module-0.58 --add-module=../redis2-nginx-module-0.12 --add-module=../ngx_http_redis-0.3.7 --add-module=../lua-nginx-module-0.9.20 --add-module=../lua-upstream-nginx-module-0.04 --add-module=../lua-upstream-cache-nginx-module-0.1.1 --add-module=../nginx_upstream_check_module-0.3.0 --add-module=../openresty-memc-nginx-module-4f6f78f --add-module=../openresty-srcache-nginx-module-ffa9ab7 --add-module=../headers-more-nginx-module-0.29 --with-pcre=../pcre-8.38 --with-pcre-jit --with-http_ssl_module --with-http_v2_module --with-openssl=../libressl-2.2.5
Click to expand...

to enable modsecurity nginx module detection, create or append into your persistent config file at /etc/centminmod/custom_config.inc the following:
Code:
NGINX_MODSECURITY=y
then run centmin.sh menu option 4 to recompile Nginx. If modsecurity is installed at know paths, then nginx will be configured with modsecurity nginx module. If modsecurity is not installed, nginx will auto configure without modsecurity nginx module
Code:
--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu                  
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + WP Super Cache
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 4
--------------------------------------------------------

Do you want to run YUM install checks ?  [y/n]

This will increase your upgrade duration time wise.
Check the change log centminmod.com/changelog.html
to see if any Nginx or PHP related new additions
which require checking YUM prequisites are met.
If no new additions made, you can skip the
YUM install check to speed up upgrade time.

[y/n]: n
**********************************************************************
* Nginx Update script - Included in Centmin Extras
* Version: 1.2.3-eva2000.09 - Date: 31/09/2015 - Copyright 2011-2015 CentminMod.com
**********************************************************************
This software comes with no warranty of any kind. You are free to use
it for both personal and commercial use as licensed under the GPL.
Nginx Upgrade - Would you like to continue? [y/n] y

Install which version of Nginx? (version i.e. 1.9.9}): 1.9.9
nginx -V
nginx version: nginx/1.9.9
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.2.5
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module --with-http_secure_link_module --with-openssl-opt=enable-tlsext --add-module=../nginx-module-vts --with-libatomic --with-threads --with-stream --with-stream_ssl_module --with-http_gzip_static_module --add-module=../ngx_pagespeed-release-1.9.32.11-beta --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_geoip_module --with-http_realip_module --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --add-module=../ngx-fancyindex-ngx-fancyindex --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.2.19 --add-module=../set-misc-nginx-module-0.29 --add-module=../echo-nginx-module-0.58 --add-module=../redis2-nginx-module-0.12 --add-module=../ngx_http_redis-0.3.7 --add-module=../lua-nginx-module-0.9.20 --add-module=../lua-upstream-nginx-module-0.04 --add-module=../lua-upstream-cache-nginx-module-0.1.1 --add-module=../nginx_upstream_check_module-0.3.0 --add-module=../openresty-memc-nginx-module-4f6f78f --add-module=../openresty-srcache-nginx-module-ffa9ab7 --add-module=../headers-more-nginx-module-0.29 --with-pcre=../pcre-8.38 --with-pcre-jit --with-http_ssl_module --with-http_v2_module --with-openssl=../libressl-2.2.5 --add-module=../modsecurity-2.9.0/nginx/modsecurity
Click to expand...

Log in / Register

Forums

Welcome to Centmin Mod Community

Beta Branch update inc/nginx_configure.inc and centmin.sh modsecurity detection

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

Beta Branch update inc/nginx_configure.inc and centmin.sh modsecurity detection

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.