neuronsoverflow · October 12, 2019 12:00
diff --git a/nginx_modsecurity_automatic_install.sh b/nginx_modsecurity_automatic_install.sh
 #!/bin/bash

 set -e
 set -o pipefail

 NGINX_PREVIOUS_VER=$(2>&1 nginx -V -t | xargs -n1)
 sudo wget https://nginx.org/keys/nginx_signing.key
 sudo apt-key add nginx_signing.key
 apt update -y
 apt install -y --reinstall nginx-module-geoip linux-headers-generic linux-image-generic linux-generic geoip-database libgeoip-dev libgeoip1

 ## ModSecurity-nginx compilation
 cd /opt
 if cd ModSecurity-nginx; then
    if ! git pull -r | grep "Current branch master is up to date"; then;
    ./build.sh
    ./configure
    make
    make install;
    fi
 else
 git clone https://github.com/SpiderLabs/ModSecurity-nginx;
 cd ModSecurity-nginx
 ./build.sh
 ./configure
 make
 make install
 fi

 ## ModSecurity compilation
 cd /opt
 if cd ModSecurity; then
    if ! git pull -r | grep "Current branch master is up to date"; then;
    git submodule init
    git submodule update
    sh build.sh
    ./configure
    make
    make install
    fi
 else
 git clone  --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity;
 cd ModSecurity
 git submodule init
 git submodule update
 sh build.sh
 ./configure
 make
 make install
 fi
 ## Nginx compilation
 cd /opt
 NGINX_VER=$(apt-cache madison nginx | cut -d$'\n' -f1 | cut -d$'|' -f2 | tr -d '[:space:]' | cut -d$'-' -f1)
 wget http://nginx.org/download/nginx-$NGINX_VER.tar.gz
 tar zxvf "nginx-$NGINX_VER".tar.gz
 cd "nginx-$NGINX_VER"
 # --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.17.2/debian/debuild-base/nginx-1.17.2=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
 ./configure --with-compat --add-dynamic-module=../ModSecurity-nginn
 make modules
 cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
 systemctl restart nginx
 {
    IFS=
    echo "Nginx previous version:"
    echo "$NGINX_PREVIOUS_VER"
    echo "Nginx version:"
    echo "$(2>&1 nginx -V -t | xargs -n1)"
    echo "Nginx modules:"
    echo "$($$2>&1 nginx -V | tr -- - '\n' | grep _module)"
    echo "$(2>&1 nginx -V | xargs -n1)"
    #echo "\nNginx infos:"
    #$(nginx -V -t) | printf ""
    #echo "\nNginx conf:"
    #echo "$(nginx -T)"
    echo "\nPolicy version installed:"
    echo "$(apt policy nginx)"
    echo "\nLast access logs of nginx are:"
    echo "$(tail -n 25 /var/log/nginx/access.log)"
    echo "\nLast error logs of nginx are:"
    echo "$(tail -n 25 /var/log/nginx/error.log)"
    echo "\nLast mod-security logs of nginx are:"
    echo "$(tail -n 25 /var/log/nginx/modsec-audit.log)"
    echo "\nStatus of nginx service is:"
    echo "$(systemctl -l status nginx --no-pager)"
 } | mail -s "Nginx has been compilated after package upgrade" root
	#!/bin/bash

	set -e
	set -o pipefail

	NGINX_PREVIOUS_VER=$(2>&1 nginx -V -t \| xargs -n1)
	sudo wget https://nginx.org/keys/nginx_signing.key
	sudo apt-key add nginx_signing.key
	apt update -y
	apt install -y --reinstall nginx-module-geoip linux-headers-generic linux-image-generic linux-generic geoip-database libgeoip-dev libgeoip1

	## ModSecurity-nginx compilation
	cd /opt
	if cd ModSecurity-nginx; then
	if ! git pull -r \| grep "Current branch master is up to date"; then;
	./build.sh
	./configure
	make
	make install;
	fi
	else
	git clone https://github.com/SpiderLabs/ModSecurity-nginx;
	cd ModSecurity-nginx
	./build.sh
	./configure
	make
	make install
	fi

	## ModSecurity compilation
	cd /opt
	if cd ModSecurity; then
	if ! git pull -r \| grep "Current branch master is up to date"; then;
	git submodule init
	git submodule update
	sh build.sh
	./configure
	make
	make install
	fi
	else
	git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity;
	cd ModSecurity
	git submodule init
	git submodule update
	sh build.sh
	./configure
	make
	make install
	fi
	## Nginx compilation
	cd /opt
	NGINX_VER=$(apt-cache madison nginx \| cut -d$'\n' -f1 \| cut -d$'\|' -f2 \| tr -d '[:space:]' \| cut -d$'-' -f1)
	wget http://nginx.org/download/nginx-$NGINX_VER.tar.gz
	tar zxvf "nginx-$NGINX_VER".tar.gz
	cd "nginx-$NGINX_VER"
	# --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.17.2/debian/debuild-base/nginx-1.17.2=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
	./configure --with-compat --add-dynamic-module=../ModSecurity-nginn
	make modules
	cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
	systemctl restart nginx
	{
	IFS=
	echo "Nginx previous version:"
	echo "$NGINX_PREVIOUS_VER"
	echo "Nginx version:"
	echo "$(2>&1 nginx -V -t \| xargs -n1)"
	echo "Nginx modules:"
	echo "$($$2>&1 nginx -V \| tr -- - '\n' \| grep _module)"
	echo "$(2>&1 nginx -V \| xargs -n1)"
	#echo "\nNginx infos:"
	#$(nginx -V -t) \| printf ""
	#echo "\nNginx conf:"
	#echo "$(nginx -T)"
	echo "\nPolicy version installed:"
	echo "$(apt policy nginx)"
	echo "\nLast access logs of nginx are:"
	echo "$(tail -n 25 /var/log/nginx/access.log)"
	echo "\nLast error logs of nginx are:"
	echo "$(tail -n 25 /var/log/nginx/error.log)"
	echo "\nLast mod-security logs of nginx are:"
	echo "$(tail -n 25 /var/log/nginx/modsec-audit.log)"
	echo "\nStatus of nginx service is:"
	echo "$(systemctl -l status nginx --no-pager)"
	} \| mail -s "Nginx has been compilated after package upgrade" root