Skip to content

Instantly share code, notes, and snippets.

@MuriloChianfa
Created November 22, 2024 22:39
Show Gist options
  • Save MuriloChianfa/5125ec8fef39b3e38fcc86fbc2e1faed to your computer and use it in GitHub Desktop.
Save MuriloChianfa/5125ec8fef39b3e38fcc86fbc2e1faed to your computer and use it in GitHub Desktop.
Build TempestaFW inside a Rocky 9 Linux, modded Kernel, and all tempesta Kernel modules.
# All commands was runned using the root user
# Building TempestaFW modded Kernel
cd /root
dnf -y install ncurses-devel openssl-devel elfutils-libelf-devel python3 git make flex bison gcc gcc-c++ boost-devel openssl-devel bc fakeroot dwarves elfutils-libelf-devel cmake elfutils-libelf-devel libdwarf-devel elfutils-devel elfutils-devel gnome-software tar
git clone --depth 1 https://github.com/tempesta-tech/linux-5.10.35-tfw
cd linux-5.10.35-tfw/
cp /boot/config-$(uname -r) .config
sed -i 's/CONFIG_SYSTEM_TRUSTED_KEYRING/#CONFIG_SYSTEM_TRUSTED_KEYRING/g' ./.config
sed -i 's/CONFIG_SYSTEM_TRUSTED_KEYS/#CONFIG_SYSTEM_TRUSTED_KEYS/g' ./.config
sed -i 's/CONFIG_DEFAULT_SECURITY_SELINUX/#CONFIG_DEFAULT_SECURITY_SELINUX/g' ./.config
sed -i 's/CONFIG_LSM=/#CONFIG_LSM=/g' ./.config
sed -i 's/CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0/CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC=y\nCONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=1/g' ./.config
make olddefconfig
git clone https://git.kernel.org/pub/scm/devel/pahole/pahole.git
cd pahole/
git checkout v1.22
./buildcmd.sh
cd build && rm /usr/local/bin/pahole && cp pahole /usr/local/bin/pahole
cd ../..
make -j$(nproc)
make modules_install
make install
reboot
# Building Tempesta-FW Kernel modules
cd /root
git clone --depth=1 https://github.com/tempesta-tech/tempesta
cd tempesta
make
yum install iptables-services iptables-utils
systemctl disable --now firewalld
cp /root/tempesta/pkg/debian/tempesta-fw.service /etc/systemd/system/
sed -i 's/TFW_PATH=.*/TFW_PATH=\/root\/tempesta\/fw"/g' /etc/systemd/system/tempesta-fw.service
sed -i 's/TDB_PATH=.*/TDB_PATH=\/root\/tempesta\/db\/core"/g' /etc/systemd/system/tempesta-fw.service
sed -i 's/TLS_PATH=.*/TLS_PATH=\/root\/tempesta\/tls"/g' /etc/systemd/system/tempesta-fw.service
sed -i 's/LIB_PATH=.*/LIB_PATH=\/root\/tempesta\/lib"/g' /etc/systemd/system/tempesta-fw.service
sed -i 's/lib\/tempesta/root\/tempesta/g' /etc/systemd/system/tempesta-fw.service
mkdir -p /etc/tempesta/
cp /root/tempesta/etc/tempesta_fw.conf /etc/tempesta/
cat <<EOF > /etc/tempesta/tempesta_fw.conf
access_log on;
listen 0.0.0.0:8080;
listen [::0]:8081;
cache 0;
server 192.168.0.15:80;
vhost example.com {
proxy_pass default;
sticky {
sticky_sessions allow_failover;
sess_lifetime 60;
}
}
EOF
systemctl daemon-reload
systemctl enable --now tempesta-fw
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment