From aa564e56fc232a444bd4ce4f6b82a8b6517d9dac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C6=ACHE=20=D0=AFAW=20=E2=98=A3?= Date: Wed, 26 Oct 2022 16:40:24 -0700 Subject: [PATCH 1/6] u22.04.1 --- install | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 113 insertions(+), 4 deletions(-) diff --git a/install b/install index be768f9..da7a84f 100644 --- a/install +++ b/install @@ -37,7 +37,7 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in echo "then execute again bash install" exit 1 fi - + apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata apt-get install libtool pkg-config -y @@ -57,7 +57,7 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in cd /opt/mod/ModSecurity && git submodule init && git submodule update cd /opt/mod/ModSecurity && ./configure && make -j`nproc` && make install - # Nginx + # Nginx cd /opt/ && wget https://nginx.org/download/nginx-${NGINX}.tar.gz && tar xf nginx-${NGINX}.tar.gz && rm -Rf nginx-${NGINX}.tar.gz cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/builder > builder; bash builder @@ -77,7 +77,7 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_js_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_lua_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_modsecurity_module.so - cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_naxsi_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_naxsi_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_set_misc_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_testcookie_access_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_pagespeed.so @@ -85,7 +85,7 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_stream_js_module.so #cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_php8-0.so #cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_php8-1.so - + # Fixes mkdir -p /nginx/modsec curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core @@ -100,6 +100,115 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in # Start + unset NGINX + killall nginx + useradd nginx + systemctl enable nginx + systemctl daemon-reload + systemctl enable nginx + systemctl stop nginx + systemctl start nginx + ;; + jammy) + if [ "$(whoami)" != "root" ] + then + echo "You should Login as root to use this script!"; + echo "May you already have access for sudo, but commands aren't designed with sudo! so.."; + echo "sudo -i"; + exit 1 + fi + + if [ -d "/nginx/" ]; then + echo "We've detect a folder '/nginx/' which means" + echo "Maybe you have use this script before!" + echo "You wipe old installation by executing!" + echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)" + echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*" + echo "then execute again bash install" + exit 1 + fi + + if [ -d "/etc/nginx" ]; then + echo "We've detect a folder '/etc/nginx' which means" + echo "Maybe you have use this script before!" + echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)" + echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*" + echo "then execute again bash install" + exit 1 + fi + + if [ -d "/opt/nginx/" ]; then + echo "DETECTED '/opt/nginx/'" + echo "Maybe script has already been used you need to start clean!" + echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)" + echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*" + echo "then execute again bash install" + exit 1 + fi + + apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y + DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata + apt-get install libtool pkg-config -y + apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev -y + + mkdir -p /opt/mod/ + #Luajit 2.1 + cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v2.1-20220310.tar.gz + cd /opt/mod && tar xf v2.1-20220310.tar.gz; rm -Rf v2.1-20220310.tar.gz + cd /opt/mod/luajit2-2.1-20220310/ && make install PREFIX=/usr/local/LuaJIT && ldconfig + rm -Rf /opt/mod/luajit2-2.1-20220310/ + + # ModSecurity + cd /opt/mod && git clone https://github.com/SpiderLabs/ModSecurity + cd /opt/mod/ModSecurity/ && git checkout -b v3/master origin/v3/master + cd /opt/mod/ModSecurity && sh build.sh + cd /opt/mod/ModSecurity && git submodule init && git submodule update + cd /opt/mod/ModSecurity && ./configure && make -j`nproc` && make install + + # Nginx + cd /opt/ && wget https://nginx.org/download/nginx-${NGINX}.tar.gz && tar xf nginx-${NGINX}.tar.gz && rm -Rf nginx-${NGINX}.tar.gz + cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch + cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/builder > builder; bash builder + cd /opt/nginx-${NGINX} && make -j`nproc` + cd /opt/nginx-${NGINX} && make install + curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.service.Focal > /lib/systemd/system/nginx.service + rm -Rf /nginx/*.default + + # Download Dynamic Modules + mkdir -p /nginx/modules + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ndk_http_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_brotli_filter_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_brotli_static_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_flv_live_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_geoip2_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_headers_more_filter_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_js_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_lua_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_modsecurity_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_naxsi_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_set_misc_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_testcookie_access_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_pagespeed.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_stream_geoip2_module.so + cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_stream_js_module.so + #cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_php8-0.so + #cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_php8-1.so + + # Fixes + mkdir -p /nginx/modsec + curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core + curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf + curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf + curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf + curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping + curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.conf > /nginx/nginx.conf + mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default + mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html + mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js + + + # Start + unset NGINX killall nginx useradd nginx systemctl enable nginx From 8b62590c08b0b92706eb685490efb0df685ab3b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C6=ACHE=20=D0=AFAW=20=E2=98=A3?= Date: Wed, 26 Oct 2022 16:42:39 -0700 Subject: [PATCH 2/6] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b91a7a9..e7eaf11 100644 --- a/README.md +++ b/README.md @@ -3,11 +3,13 @@ Now easier then before, you will have to compile only Nginx, Rest of modules com ![Simple](https://c.tenor.com/uYqsM9uIyuYAAAAC/simple-easy.gif) - [x] Support Ubuntu 20.04. +- [x] Support Ubuntu 22.04.1 -- Security Dynamic Modules. - [x] ModSecurity Support. - [x] Naxsi Support. - [x] Cookie Based Challenge. + - [x] [ALL MOD LIST](https://github.com/theraw/The-World-Is-Yours/tree/u22.04.1/static/mod/) How do these 3 modules work together? Well L7 will block all or most of bots, however modSecurity and Naxsi take priority over cookie challenge! So if its a offensive request that modsecurity or naxsi detect it as such then these 2 will deal with that request otherwise cookie challenge will appear. From 88378f5e9af61299bc0518f15e6b7812e9cbcdac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C6=ACHE=20=D0=AFAW=20=E2=98=A3?= Date: Wed, 26 Oct 2022 16:48:19 -0700 Subject: [PATCH 3/6] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e7eaf11..22f980e 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ Now easier then before, you will have to compile only Nginx, Rest of modules com - [x] Naxsi Support. - [x] Cookie Based Challenge. - [x] [ALL MOD LIST](https://github.com/theraw/The-World-Is-Yours/tree/u22.04.1/static/mod/) + - [x] [View nginx compile options](https://github.com/theraw/The-World-Is-Yours/blob/u22.04.1/static/builder) How do these 3 modules work together? Well L7 will block all or most of bots, however modSecurity and Naxsi take priority over cookie challenge! So if its a offensive request that modsecurity or naxsi detect it as such then these 2 will deal with that request otherwise cookie challenge will appear. @@ -41,6 +42,7 @@ So if its a offensive request that modsecurity or naxsi detect it as such then t ## KEEP IN MIND! 1. You're trading perfomance for security. 2. If your server provider does not have anti-ddos your IPTABLES will fail to keep the bans, and your server may be offline in cases of big attacks. +3. This is not a free script that will do everything for you. Read Modules Documentations about how to use them. ## Contributors From 62a49e0056d76132969edda06c5d1a7c181c1ada Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C6=ACHE=20=D0=AFAW=20=E2=98=A3?= Date: Wed, 26 Oct 2022 16:52:53 -0700 Subject: [PATCH 4/6] Update README.md --- README.md | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 22f980e..552d881 100644 --- a/README.md +++ b/README.md @@ -21,21 +21,18 @@ So if its a offensive request that modsecurity or naxsi detect it as such then t 2. **`curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/install > install; bash install`** -## FOLDER PATH. +## Basic info. ``` -=> /nginx/ = Nginx Path, (private) -=> /nginx/live/ = Vhosts Configs (private) -=> /nginx/modsec/ = Security Rules Dir (private) -=> /hostdata/ = Place to store your domain folders. (private) -=> /hostdata/yourdomain.com/ = Ex of domain dir (private folder), -=> /hostdata/yourdomain.com/public_html/ = Ex of your domain webroot (public files only), -=> /hostdata/yourdomain.com/logs/ = Place where to store your Domains logs (access.log) (private folder), -=> /hostdata/yourdomain.com/ssl/ = Place where to store domain ssl/key (private folder), -=> /hostdata/yourdomain.com/cache/ = Place where to store site cache (private folder). +=> Nginx Folder = /nginx/ +=> --conf-path = /nginx/nginx.conf +=> --pid-path = /var/run/nginx.pid +=> --user = nginx +=> --group = nginx +=> --sbin-path = /usr/sbin/nginx +=> --error-log-path = /var/log/nginx/error.log -// Private Folder - Means this cannot be accessed by public. -// Public Folder - Means files into this folder can be accessed by public. +// YOUR NGINX IS LOCATED AT /nginx NOT /etc/nginx ``` From 306eba8c1c3f136458d0e562b38170a2cb446d1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C6=ACHE=20=D0=AFAW=20=E2=98=A3?= Date: Wed, 26 Oct 2022 16:57:12 -0700 Subject: [PATCH 5/6] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 552d881..499f4bd 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ Now easier then before, you will have to compile only Nginx, Rest of modules com -- Security Dynamic Modules. - [x] ModSecurity Support. - [x] Naxsi Support. + - [x] Lua Support. - [x] Cookie Based Challenge. - [x] [ALL MOD LIST](https://github.com/theraw/The-World-Is-Yours/tree/u22.04.1/static/mod/) - [x] [View nginx compile options](https://github.com/theraw/The-World-Is-Yours/blob/u22.04.1/static/builder) From a33a51423d94c07c2989aaac3fd61e75c5713470 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C6=ACHE=20=D0=AFAW=20=E2=98=A3?= Date: Wed, 26 Oct 2022 16:58:44 -0700 Subject: [PATCH 6/6] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 499f4bd..e07cca4 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ So if its a offensive request that modsecurity or naxsi detect it as such then t ## KEEP IN MIND! 1. You're trading perfomance for security. 2. If your server provider does not have anti-ddos your IPTABLES will fail to keep the bans, and your server may be offline in cases of big attacks. -3. This is not a free script that will do everything for you. Read Modules Documentations about how to use them. +3. This is not a free script that will do everything for you. Read Modules Documentations about how to get the best out of them. ## Contributors