ƬHE ЯAW ☣
@@ -3,11 +3,15 @@ Now easier then before, you will have to compile only Nginx, Rest of modules com
|
|||||||
|
|
||||||
|
|
||||||
- [x] Support Ubuntu 20.04.
|
- [x] Support Ubuntu 20.04.
|
||||||
|
- [x] Support Ubuntu 22.04.1
|
||||||
|
|
||||||
-- Security Dynamic Modules.
|
-- Security Dynamic Modules.
|
||||||
- [x] ModSecurity Support.
|
- [x] ModSecurity Support.
|
||||||
- [x] Naxsi Support.
|
- [x] Naxsi Support.
|
||||||
|
- [x] Lua Support.
|
||||||
- [x] Cookie Based Challenge.
|
- [x] Cookie Based Challenge.
|
||||||
|
- [x] [ALL MOD LIST](https://github.com/theraw/The-World-Is-Yours/tree/u22.04.1/static/mod/)
|
||||||
|
- [x] [View nginx compile options](https://github.com/theraw/The-World-Is-Yours/blob/u22.04.1/static/builder)
|
||||||
|
|
||||||
How do these 3 modules work together? Well L7 will block all or most of bots, however modSecurity and Naxsi take priority over cookie challenge!
|
How do these 3 modules work together? Well L7 will block all or most of bots, however modSecurity and Naxsi take priority over cookie challenge!
|
||||||
So if its a offensive request that modsecurity or naxsi detect it as such then these 2 will deal with that request otherwise cookie challenge will appear.
|
So if its a offensive request that modsecurity or naxsi detect it as such then these 2 will deal with that request otherwise cookie challenge will appear.
|
||||||
@@ -18,27 +22,25 @@ So if its a offensive request that modsecurity or naxsi detect it as such then t
|
|||||||
|
|
||||||
2. **`curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/install > install; bash install`**
|
2. **`curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/install > install; bash install`**
|
||||||
|
|
||||||
## FOLDER PATH.
|
## Basic info.
|
||||||
|
|
||||||
```
|
```
|
||||||
=> /nginx/ = Nginx Path, (private)
|
=> Nginx Folder = /nginx/
|
||||||
=> /nginx/live/ = Vhosts Configs (private)
|
=> --conf-path = /nginx/nginx.conf
|
||||||
=> /nginx/modsec/ = Security Rules Dir (private)
|
=> --pid-path = /var/run/nginx.pid
|
||||||
=> /hostdata/ = Place to store your domain folders. (private)
|
=> --user = nginx
|
||||||
=> /hostdata/yourdomain.com/ = Ex of domain dir (private folder),
|
=> --group = nginx
|
||||||
=> /hostdata/yourdomain.com/public_html/ = Ex of your domain webroot (public files only),
|
=> --sbin-path = /usr/sbin/nginx
|
||||||
=> /hostdata/yourdomain.com/logs/ = Place where to store your Domains logs (access.log) (private folder),
|
=> --error-log-path = /var/log/nginx/error.log
|
||||||
=> /hostdata/yourdomain.com/ssl/ = Place where to store domain ssl/key (private folder),
|
|
||||||
=> /hostdata/yourdomain.com/cache/ = Place where to store site cache (private folder).
|
|
||||||
|
|
||||||
// Private Folder - Means this cannot be accessed by public.
|
// YOUR NGINX IS LOCATED AT /nginx NOT /etc/nginx
|
||||||
// Public Folder - Means files into this folder can be accessed by public.
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## KEEP IN MIND!
|
## KEEP IN MIND!
|
||||||
1. You're trading perfomance for security.
|
1. You're trading perfomance for security.
|
||||||
2. If your server provider does not have anti-ddos your IPTABLES will fail to keep the bans, and your server may be offline in cases of big attacks.
|
2. If your server provider does not have anti-ddos your IPTABLES will fail to keep the bans, and your server may be offline in cases of big attacks.
|
||||||
|
3. This is not a free script that will do everything for you. Read Modules Documentations about how to get the best out of them.
|
||||||
|
|
||||||
## Contributors
|
## Contributors
|
||||||
|
|
||||||
|
|||||||
@@ -100,6 +100,115 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
|
|||||||
|
|
||||||
|
|
||||||
# Start
|
# Start
|
||||||
|
unset NGINX
|
||||||
|
killall nginx
|
||||||
|
useradd nginx
|
||||||
|
systemctl enable nginx
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable nginx
|
||||||
|
systemctl stop nginx
|
||||||
|
systemctl start nginx
|
||||||
|
;;
|
||||||
|
jammy)
|
||||||
|
if [ "$(whoami)" != "root" ]
|
||||||
|
then
|
||||||
|
echo "You should Login as root to use this script!";
|
||||||
|
echo "May you already have access for sudo, but commands aren't designed with sudo! so..";
|
||||||
|
echo "sudo -i";
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d "/nginx/" ]; then
|
||||||
|
echo "We've detect a folder '/nginx/' which means"
|
||||||
|
echo "Maybe you have use this script before!"
|
||||||
|
echo "You wipe old installation by executing!"
|
||||||
|
echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
|
||||||
|
echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
|
||||||
|
echo "then execute again bash install"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d "/etc/nginx" ]; then
|
||||||
|
echo "We've detect a folder '/etc/nginx' which means"
|
||||||
|
echo "Maybe you have use this script before!"
|
||||||
|
echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
|
||||||
|
echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
|
||||||
|
echo "then execute again bash install"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d "/opt/nginx/" ]; then
|
||||||
|
echo "DETECTED '/opt/nginx/'"
|
||||||
|
echo "Maybe script has already been used you need to start clean!"
|
||||||
|
echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
|
||||||
|
echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
|
||||||
|
echo "then execute again bash install"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
|
||||||
|
DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata
|
||||||
|
apt-get install libtool pkg-config -y
|
||||||
|
apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev -y
|
||||||
|
|
||||||
|
mkdir -p /opt/mod/
|
||||||
|
#Luajit 2.1
|
||||||
|
cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v2.1-20220310.tar.gz
|
||||||
|
cd /opt/mod && tar xf v2.1-20220310.tar.gz; rm -Rf v2.1-20220310.tar.gz
|
||||||
|
cd /opt/mod/luajit2-2.1-20220310/ && make install PREFIX=/usr/local/LuaJIT && ldconfig
|
||||||
|
rm -Rf /opt/mod/luajit2-2.1-20220310/
|
||||||
|
|
||||||
|
# ModSecurity
|
||||||
|
cd /opt/mod && git clone https://github.com/SpiderLabs/ModSecurity
|
||||||
|
cd /opt/mod/ModSecurity/ && git checkout -b v3/master origin/v3/master
|
||||||
|
cd /opt/mod/ModSecurity && sh build.sh
|
||||||
|
cd /opt/mod/ModSecurity && git submodule init && git submodule update
|
||||||
|
cd /opt/mod/ModSecurity && ./configure && make -j`nproc` && make install
|
||||||
|
|
||||||
|
# Nginx
|
||||||
|
cd /opt/ && wget https://nginx.org/download/nginx-${NGINX}.tar.gz && tar xf nginx-${NGINX}.tar.gz && rm -Rf nginx-${NGINX}.tar.gz
|
||||||
|
cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
|
||||||
|
cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/builder > builder; bash builder
|
||||||
|
cd /opt/nginx-${NGINX} && make -j`nproc`
|
||||||
|
cd /opt/nginx-${NGINX} && make install
|
||||||
|
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.service.Focal > /lib/systemd/system/nginx.service
|
||||||
|
rm -Rf /nginx/*.default
|
||||||
|
|
||||||
|
# Download Dynamic Modules
|
||||||
|
mkdir -p /nginx/modules
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ndk_http_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_brotli_filter_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_brotli_static_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_flv_live_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_geoip2_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_headers_more_filter_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_js_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_lua_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_modsecurity_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_naxsi_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_set_misc_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_testcookie_access_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_pagespeed.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_stream_geoip2_module.so
|
||||||
|
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_stream_js_module.so
|
||||||
|
#cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_php8-0.so
|
||||||
|
#cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_php8-1.so
|
||||||
|
|
||||||
|
# Fixes
|
||||||
|
mkdir -p /nginx/modsec
|
||||||
|
curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core
|
||||||
|
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf
|
||||||
|
curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
|
||||||
|
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
|
||||||
|
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
|
||||||
|
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.conf > /nginx/nginx.conf
|
||||||
|
mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default
|
||||||
|
mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
|
||||||
|
mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js
|
||||||
|
|
||||||
|
|
||||||
|
# Start
|
||||||
|
unset NGINX
|
||||||
killall nginx
|
killall nginx
|
||||||
useradd nginx
|
useradd nginx
|
||||||
systemctl enable nginx
|
systemctl enable nginx
|
||||||
|
|||||||
Reference in New Issue
Block a user