theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: theraw/The-World-Is-Yours:v2
Branches Tags
theraw/The-World-Is-Yours:master theraw/The-World-Is-Yours:raweb-upcoming-release theraw/The-World-Is-Yours:ffs theraw/The-World-Is-Yours:v2-1 theraw/The-World-Is-Yours:pcre-fix theraw/The-World-Is-Yours:docker theraw/The-World-Is-Yours:v3.0 theraw/The-World-Is-Yours:v2 theraw/The-World-Is-Yours:v2.0
theraw/The-World-Is-Yours:v1.27.4 theraw/The-World-Is-Yours:v1.26.0 theraw/The-World-Is-Yours:0.0.1
...
compare: theraw/The-World-Is-Yours:9e2a82d681ce68156ba96ce3c5f13c7c242e2308
Branches Tags
theraw/The-World-Is-Yours:master theraw/The-World-Is-Yours:raweb-upcoming-release theraw/The-World-Is-Yours:ffs theraw/The-World-Is-Yours:v2-1 theraw/The-World-Is-Yours:pcre-fix theraw/The-World-Is-Yours:docker theraw/The-World-Is-Yours:v3.0 theraw/The-World-Is-Yours:v2 theraw/The-World-Is-Yours:v2.0
theraw/The-World-Is-Yours:v1.27.4 theraw/The-World-Is-Yours:v1.26.0 theraw/The-World-Is-Yours:0.0.1

50 Commits
v2 ... 9e2a82d681

Author SHA1 Message Date
theraw 9e2a82d681 Update nginx-reverse.yml 2019-05-07 14:31:16 +02:00
theraw 76cbd601b0 Update README.md 2019-05-03 23:14:51 +02:00
theraw a3696a99eb Update README.md 2019-05-03 22:56:48 +02:00
theraw c60de7ca37 Update README.md 2019-05-03 22:48:58 +02:00
theraw 4d20bf697d Create install 2019-05-03 22:44:46 +02:00
theraw 2d9e86299b Update nginx-reverse.yml 2019-05-03 13:30:01 +02:00
theraw e7e59ccda1 Update nginx-reverse.yml 2019-04-25 07:11:33 +02:00
theraw 1c337bedd1 Update nginx-reverse.yml 2019-04-25 07:08:24 +02:00
theraw 26de75ff62 Update nginx-reverse.yml 2019-04-25 06:59:53 +02:00
theraw d20e447b01 Update nginx-reverse.yml 2019-04-25 06:59:38 +02:00
theraw 58746b68e9 Update nginx-reverse.yml 2019-04-25 06:55:50 +02:00
theraw 05a33f8a09 Update nginx-reverse.yml 2019-04-25 06:55:07 +02:00
theraw a380f57555 Update nginx-reverse.yml 2019-04-25 06:54:53 +02:00
theraw 961a4e3f1f Update nginx-reverse.yml 2019-04-25 06:42:47 +02:00
theraw 0bdcdce644 Update nginx-reverse.yml 2019-04-25 06:36:19 +02:00
theraw e48c8e57b8 Update README.md 2019-04-25 05:41:31 +02:00
theraw a6fcc8e5f3 Update README.md 2019-04-25 05:24:15 +02:00
theraw 890a8f21ba Update README.md 2019-04-25 05:23:44 +02:00
theraw c0e99809ae Update README.md 2019-04-25 05:23:30 +02:00
theraw ec00277e98 Create nginx-reverse.yml 2019-04-25 05:20:59 +02:00
theraw 80a31c4014 Delete error-report.md 2019-04-25 05:17:01 +02:00
theraw 5344f3d20f Delete feature_request.md 2019-04-25 05:16:54 +02:00
theraw 653e8fc16e Delete nginx.conf 2019-04-25 05:16:44 +02:00
theraw e75f633343 Delete nginx.service 2019-04-25 05:16:36 +02:00
theraw b667e720b1 Delete config 2019-04-25 05:16:29 +02:00
theraw 33042a80ce Delete install 2019-04-25 05:16:23 +02:00
theraw de837d48d7 Delete install 2019-04-25 05:15:37 +02:00
theraw 54b7610b83 Delete bot.conf 2019-04-25 05:15:19 +02:00
theraw 84e4d1353b Delete whitelist-ips.conf 2019-04-25 05:15:11 +02:00
theraw c79be05bb5 Delete install 2019-04-25 05:15:04 +02:00
theraw 55b5d53df8 Delete README.md 2019-04-25 05:14:56 +02:00
theraw a27f2b9ef2 Delete nginx.service 2019-04-25 05:14:50 +02:00
theraw 56b5cd4855 Delete nginx-ban.conf 2019-04-25 05:14:40 +02:00
theraw 7be59aedb3 Delete nginx-limits.conf 2019-04-25 05:14:34 +02:00
theraw b0997f76f2 Delete install 2019-04-25 05:14:26 +02:00
theraw 62ce627948 Delete jail.local 2019-04-25 05:14:20 +02:00
theraw 2036acaa2b Delete rules 2019-04-25 05:14:11 +02:00
theraw b416603327 Delete banlist.conf 2019-04-25 05:14:00 +02:00
theraw 8ffdce57ea Delete country.conf 2019-04-25 05:13:54 +02:00
theraw 203dae10b7 Delete index.html 2019-04-25 05:13:47 +02:00
theraw 25e6f5fdf9 Delete template 2019-04-25 05:13:38 +02:00
theraw f642bbd52b Delete aes.min.js 2019-04-25 05:13:30 +02:00
theraw c140e7ab56 Delete default 2019-04-25 05:13:24 +02:00
theraw 9179c69aeb Delete GeoLite2-Country.mmdb 2019-04-25 05:13:16 +02:00
theraw 09d0cfa7b6 Delete nbuild.sh 2019-04-25 05:13:09 +02:00
theraw b1d6586f08 Delete nginx.conf 2019-04-25 05:13:03 +02:00
theraw 155b972a48 Delete sysctl.conf 2019-04-25 05:12:57 +02:00
theraw 1b5b47670b Delete config 2019-04-25 05:12:44 +02:00
theraw 3963d8c199 Delete install 2019-04-25 05:12:34 +02:00
theraw cbc2dbe047 Update README.md 2019-04-25 05:11:19 +02:00
31 changed files with 84 additions and 3479 deletions
Expand all files Collapse all files
.github/ISSUE_TEMPLATE/error-report.md
-14
View File
@@ -1,14 +0,0 @@
---
name: Error report
about: Create a report to help us improve
---
**Describe the Error**
What you expected and what you got? Please write it here.
```bash
Make sure you include a output of your terminal where you see the error
```
*I'm not the one who created nginx or any of those modules so don't expect much if i'm not able to help your request will be forwarded somewhere else based on kind of it.*
.github/ISSUE_TEMPLATE/feature_request.md
-17
View File
@@ -1,17 +0,0 @@
---
name: Feature request
about: Suggest an idea for this project
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
ArchLinux/config
-2
View File
@@ -1,2 +0,0 @@
export user=raw
ArchLinux/install
-176
View File
@@ -1,176 +0,0 @@
#!/bin/bash
case "`grep ID_LIKE /etc/*-release | awk -F '=' '{print $2}'`" in
archlinux)
if [ "$(whoami)" != "root" ]
then
echo "You should Login as root to use this script!";
echo "May you already have access for sudo, but commands aren't designed with sudo! so..";
echo "sudo -i";
exit 1
fi
if [ -d "/nginx/" ]; then
echo "We've detect a folder '/nginx/' which means"
echo "Maybe you have use this script before!"
echo "You can fix this by executing!"
echo "./setup clean"
exit 1
fi
if [ -d "/etc/nginx" ]; then
echo "We've detect a folder '/etc/nginx' which means"
echo "Maybe you have use this script before!"
echo "./setup clean"
exit 1
fi
if [ -d "/opt/nginx/" ]; then
echo "We've detect a folder '/opt/nginx/' which means"
echo "Maybe you have use this script before!"
echo "./setup clean"
exit 1
fi
mkdir -p /hostdata/
mkdir -p /var/log/nginx/
mkdir -p /opt/nginx/modules/
useradd -m -g users -s /bin/bash $user
yes|pacman -Syy
yes|pacman -Syyu
yes|pacman -S curl wget zip unzip git gcc make cmake automake sudo
yes|pacman -S geoip geoip-database zlib geoip-database-extra autoconf libtool
yes|pacman -S yajl lmdb glibc libxml2 icu ncurses readline xz python3 python-pip
yes|pacman -S net-tools lua htop iftop gd
yes|pacman -S libmaxminddb geoip2-database mmdblookup libxml2 libxslt
su $user <<'EOF'
git clone https://aur.archlinux.org/ssdeep.git /home/$user/ssdeep
cd /home/$user/ssdeep/ && makepkg --syncdeps
yes|makepkg --install
makepkg --clean
rm -Rf /home/$user/ssdeep
EOF
cd /opt/
git clone https://github.com/SpiderLabs/ModSecurity
cd /opt/ModSecurity/
git checkout -b v3/master origin/v3/master
sh build.sh
git submodule init
git submodule update
./configure
make -j`nproc`
make install
cd /opt/nginx/modules/
wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.zip
unzip v0.3.0.zip; rm -Rf v0.3.0.zip
mv /opt/nginx/modules/ngx_devel_kit-0.3.0/ /opt/nginx/modules/ngx_devel_kit/
#Pagespeed Library
cd /opt/nginx/modules/
wget https://github.com/pagespeed/ngx_pagespeed/archive/v1.13.35.1-beta.zip
unzip v1.13.35.1-beta.zip
rm -Rf v1.13.35.1-beta.zip
mv /opt/nginx/modules/incubator-pagespeed-ngx-1.13.35.1-beta /opt/nginx/modules/ngx_pagespeed-1.13.35.1-beta
cd /opt/nginx/modules/ngx_pagespeed-1.13.35.1-beta
wget https://dl.google.com/dl/page-speed/psol/1.13.35.1-x64.tar.gz
tar -xzvf 1.13.35.1-x64.tar.gz; rm -Rf 1.13.35.1-x64.tar.gz
#LuaJIT Library
cd /opt/nginx/modules/
git clone http://luajit.org/git/luajit-2.0.git
cd luajit-2.0/
make -j`nproc`
sudo make install
ldconfig
#Naxsi Mod
cd /opt/nginx/modules/
wget https://github.com/nbs-system/naxsi/archive/master.zip
unzip master.zip; rm -Rf master.zip
mv /opt/nginx/modules/naxsi-master /opt/nginx/modules/naxsi
mkdir -p /opt/nginx/modules/
cd /opt/nginx/modules/
rm -Rf nginx_redis/
git clone https://github.com/openresty/set-misc-nginx-module.git
git clone https://github.com/FRiCKLE/ngx_cache_purge.git
git clone https://github.com/kyprizel/testcookie-nginx-module.git
git clone https://github.com/openresty/headers-more-nginx-module.git
git clone https://github.com/openresty/echo-nginx-module.git
git clone https://github.com/leev/ngx_http_geoip2_module.git
git clone https://github.com/openresty/lua-nginx-module.git
git clone https://github.com/arut/nginx-mtask-module.git
git clone https://github.com/arut/nginx-mysql-module.git
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git
git clone https://github.com/openresty/encrypted-session-nginx-module.git
git clone https://github.com/flant/nginx-http-rdns.git
# OpenSSL 1.0.2h
mkdir -p /opt/nginx/
cd /opt/nginx/; wget wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_2h.zip
unzip OpenSSL_1_0_2h.zip; rm -Rf OpenSSL_1_0_2h.zip
# Download Nginx
mkdir -p /opt/nginx/sources/
cd /opt/nginx/sources/
wget 'http://nginx.org/download/nginx-1.13.8.tar.gz'
tar -xzvf nginx-1.13.8.tar.gz; rm -Rf nginx-1.13.8.tar.gz
cd /opt/nginx/sources/nginx-1.13.8/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nbuild.sh
chmod +x nbuild.sh
./nbuild.sh
make -j`nproc`
make install
ldconfig
mkdir -p /nginx
mkdir -p /nginx/live
mkdir -p /nginx/logs
mkdir -p /nginx/cache
mkdir -p /nginx/conf.d
touch /nginx/logs/access.log
touch /nginx/logs/error.log
useradd -r nginx
rm -Rf /etc/init.d/nginx
cd /etc/init.d/; wget https://raw.githubusercontent.com/systemroot/my-nginx/master/nginx-as-firewall/static/nginx
chmod +x /etc/init.d/nginx
cd /nginx/; mkdir conf.d; rm -Rf nginx.conf*; wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/ArchLinux/static/nginx.conf
mkdir -p /nginx/live/
cd /nginx/live/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/vhost/default
mkdir -p /hostdata/default
mkdir -p /hostdata/default/public_html
mkdir -p /hostdata/default/logs
mkdir -p /hostdata/default/cache
mkdir -p /nginx/modsecurity/
cd /hostdata/default/public_html/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/html/index.html
sudo update-rc.d nginx defaults
mkdir -p /tmp/; cd /tmp; wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/sysctl.conf
cat /tmp/sysctl.conf >> /etc/sysctl.conf
sysctl -p
clear
cd /nginx/; mkdir db/; cd db/; wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/GeoLite2-Country.mmdb
cd /nginx/; rm -Rf *.default
cp /opt/nginx/modules/naxsi/naxsi_config/naxsi_core.rules /nginx/naxsi_core.rules
cp /opt/ModSecurity/modsecurity.conf-recommended /nginx/modsecurity/modsecurity.conf
cd /opt/; git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cp -a /opt/owasp-modsecurity-crs/rules/ /nginx/modsecurity/
cp -a /opt/owasp-modsecurity-crs/crs-setup.conf.example /nginx/modsecurity/crs-setup.conf
clear
#mkdir -p /tmp/; cd /tmp; wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/install
#chmod +x install; ./install
#clear
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/ArchLinux/static/nginx.service > /usr/lib/systemd/system/nginx.service
clear
systemctl enable nginx
nginx -t
;;
esac
ArchLinux/static/nginx.conf
-120
View File
@@ -1,120 +0,0 @@
# Suggestions? => https://github.com/theraw/The-World-Is-Yours/issues
# Problems? => https://github.com/theraw/The-World-Is-Yours/issues
# Errors? => https://github.com/theraw/The-World-Is-Yours/issues
user root;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
use epoll;
worker_connections 65535;
}
http {
# ////////////////////////////////////////////////////// #
# =================== START L7 ========================= #
# turn this 'on' if you want to use L7 For every domain hosted in your server
testcookie off;
testcookie_name DOPEHOSTING;
testcookie_secret random;
testcookie_session $remote_addr;
#testcookie_arg GO;
testcookie_httponly_flag on;
testcookie_max_attempts 3;
testcookie_secure_flag on;
testcookie_get_only on;
testcookie_p3p 'CP="CUR ADM OUR NOR STA NID", policyref="/w3c/p3p.xml"';
testcookie_fallback /cookies.html?backurl=$scheme://$host$request_uri;
# Those are some ip's whitelisted by me. mostly are search engines. But not everything!
testcookie_whitelist {
8.8.8.8/32;
127.0.0.1/32;
# I don't suggest using alot of IPs here as this whitelist can fail!.
}
testcookie_redirect_via_refresh on;
testcookie_refresh_encrypt_cookie on;
testcookie_refresh_encrypt_cookie_key random;
testcookie_refresh_encrypt_cookie_iv random;
testcookie_refresh_template '<html><head><meta http-equiv="refresh" content="0; $testcookie_nexturl"><title>Just a moment please...</title></head><body> </script><script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script type=\"text/javascript\" src="//proxy2.dopehosting.net/aes.min.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("$testcookie_enc_key"),b=toNumbers("$testcookie_enc_iv"),c=toNumbers("$testcookie_enc_set");document.cookie="DOPEHOSTING="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";</script></body></html>';
# ===================== END L7 ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== LOGS =========================== #
log_format main '$remote_addr |==| $status |==| $request |==| $time_local';
# -------------------------------------------------------#
log_format agent '$remote_addr |==| $status |==| $request |==| $http_user_agent';
# -------------------------------------------------------#
log_format full '$remote_addr |==| $remote_user |==| $time_local |==| $request |==| $status |==| $body_bytes_sent |==| $http_referer |==| $http_user_agent |==| $http_x_forwarded_for';
# =================== END LOGS ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== GEIP =========================== #
geoip2 /nginx/db/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=US country iso_code;
$geoip2_data_country_name country names en;
}
# EX Ban China!
#map $geoip2_data_country_code $allowed_country {
# default yes;
# CN no;
#}
# =================== END GEIP ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== EXTRA ========================== #
# Don't Go with "Nginx Can Handle Everything" !
limit_conn_zone $server_name zone=max:1m;
limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;
# =================== END EXTRA ======================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== GENERAL ========================= #
client_body_buffer_size 1M;
client_header_buffer_size 1M;
client_body_timeout 90s;
client_header_timeout 90s;
client_max_body_size 2M;
keepalive_timeout 10s;
port_in_redirect off;
sendfile on;
server_names_hash_bucket_size 6969;
server_name_in_redirect off;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
types_hash_max_size 2048;
resolver 8.8.8.8 8.8.4.4;
default_type application/octet-stream;
include /nginx/mime.types;
# =================== END GENERAL ====================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# =================== LOAD CONFIGS ===================== #
include /nginx/live/*;
include /nginx/conf.d/*;
include /nginx/naxsi_core.rules;
# =================== END CONFIGS ====================== #
# ////////////////////////////////////////////////////// #
}
ArchLinux/static/nginx.service
-17
View File
@@ -1,17 +0,0 @@
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target network-online.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
PrivateDevices=yes
SyslogLevel=err
ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;'
ExecReload=/usr/bin/nginx -s reload
KillSignal=SIGQUIT
KillMode=mixed
[Install]
WantedBy=multi-user.target
CENTOS7/install
-6
View File
@@ -1,6 +0,0 @@
#!/bin/bash
yum -y update; yum -y upgrade; yum -y install epel-release wget zip unzip git nano
yum -y install lvemanager
yum -y install cagefs
yum -y groupinstall alt-php
README.md
+36 -95
View File
@@ -3,115 +3,56 @@
# To-Do # To-Do
- [x] Nginx Version, Always Latest. - [x] Nginx V. each 10th release, current 1.60.0, next repo release 1.70.0!
- [x] Support Ubuntu Trusty. (14.04) - [x] Support Ubuntu Bionic. (18.04)
- [x] Support Ubuntu Xenial. (16.04)
- [x] Support Ubuntu Cosmic. (18.10)
- [ ] Support Debian.
- [ ] Support Centos.
- [x] Support Arch Linux.
- [x] ModSecurity Support. - [x] ModSecurity Support.
- [x] Naxsi Support. - [x] Naxsi Support.
- [x] L7 Protection. - [x] L7 Protection.
- [x] AutoBan System. - [x] AutoBan System.
- [x] Integrate Fail2Ban > IpTables. - [x] Integrate Fail2Ban > IpTables.
- [ ] GUI ? - [-] L7 Protection (TestCookie Module) Add Recaptcha!
- [ ] Monitor requests in live time from browser. - [-/x] [Suggestions](https://github.com/theraw/The-World-Is-Yours/issues)
- [ ] L7 Protection (TestCookie Module) Add Recaptcha!
- [ ] ..... # Q/A
-- Why are only latest distros supported and not some distro like Ubuntu 14.04?!
-- *Actually i'm a big fan of ubuntu 14.04 and some more old distros however, we should move with technology and be up to date, example for ubuntu 14.04 there are no security releases anymore furthermore one day it will be forgotten like ubuntu 12 or something else and so we should move with time*
-- What knowledge should i have to be able to run nginx L7 properly?!
-- *You should have at last basic knowledge about Nginx + Iptables and some docker, most of rules here will be premade that's why i'm creating a docker container so everything will come build-in and you'll not have to compile everything to avoid problems on set-up.*
-- How much can this set-up protect my website?
-- *This script is mostly meant for Layer 7 Attacks, However example if someone break some rule the ip from where this offence came will be banned by iptables for a perioid of time, now here is where your server provider plays a big role, when you ban a ip with iptables your provider should be able to handle that ban, there are many providers who claim that they can handle this but based on amount of attack not all can handle it so i've been using ovh all this time and i never had a problem about this.*
-- How much resources do i need for this?
-- *Actually that's based on kind of attack however i have run this setup even on a 1 Core 2.4Ghz, 4GB RAM, 40GB SSD, 100Mbps and everything has went well because i have the knowledge to optimize most of things and take care for everything, but i cannot deny that there were cases in big attacks where my webserver has went offline because of high cpu usage, so at that case i've shut down nginx i've filter and ban IPs from where attack came and i've been able to start nginx back all this happend in case of minutes... However as i said resources are more based on kind of attack because nginx uses multi-thread if you are using this setup for some company website or something really important i highly suggest you take someone who has really knowledge about those things so he/she can give you the best suggestion for how much resources you need and how to properly protect your website against L7 attacks*
-- Can i hire you?
-- *Yes, I can set this up however you want single server or load balancing + multi-backend, cache or no cache + varnish cache, company or a simple blog, I'm not that kind of person that just comes and says you "activate cloudflare" cloudflare claims to have protection against attack and maybe they do but i still see them only as a good DNS provider nothing else! And if i fail on it you'll not pay anything! raw@dope.al*
# Installation # Installation
For each new system ubuntu, centos or whatever your distro may be you need a update/upgrade then do one reboot! So outdates packages will be up to date your kernel will be up to date and not needed files will get removed.
1. **`apt-get install build-essential libssl-dev curl nano wget zip unzip sudo git psmisc -y`** X. **`Ubuntu`**
2. **`git clone https://github.com/theraw/The-World-Is-Yours.git`** 1. **`apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y; shutdown -r now`**
3. **`cd The-World-Is-Yours/; chmod +x *`** 2. **`apt-get install build-essential libssl-dev curl nano wget zip unzip sudo git psmisc -y`**
4. **`./install`** 3. **[Install Docker](https://docs.docker.com/install/linux/docker-ce/ubuntu/)**
4. **[Install Docker-Composer](https://github.com/docker/compose/releases) use latest version > execute provided cmds**
5. **`curl -s https:// > nginx.yml`**
6. **`docker-compose -f nginx.yml up -d`**
# Informations.
**What if installation script fails?** - Check what was the problem source fix it (mostly should be for missing packages) then remove everything under /opt/ folder and just execute again ./install
```
=> /nginx/ = Nginx Path,
=> /nginx/live/ = Vhosts Config Files Dir,
=> /nginx/logs/ = Core Logs Files,
=> /nginx/modsecurity/ = ModSecurity Rules Dir,
=> /hostdata/ = Place to store your domain folders.
=> /hostdata/yourdomain.com/ = Ex of domain dir (private folder),
=> /hostdata/yourdomain.com/public_html/ = Ex of your domain webroot (public files only),
=> /hostdata/yourdomain.com/logs/ = Place where to store your Domains logs (access.log) (private folder),
=> /hostdata/yourdomain.com/ssl/ = Place where to store domain ssl/key (private folder),
=> /hostdata/yourdomain.com/cache/ = Place where to store site cache (private folder).
// Private Folder - Means this cannot be accessed by public.
// Public Folder - Means files into this folder can be accessed by public.
```
# Check.
1 . [L7 (Cookie Based Protection)](https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L15-L42) AND [Replace "proxy2.dope.. links with yours click here to find aes](https://github.com/theraw/The-World-Is-Yours/tree/master/static/vhost) which should be stored on a external link or in a place where L7 is disabled because it will not work if you put it in main site dir!.
2 . [Auto Ban System](https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L111) based on [Connection for ip](https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L72-L73)
3 . [Auto Ban 444 Reqs](https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L113-L118) A day i've been under attack of multiple proxies, and even after they got banned they still was keep trying the same thing so when you ban someone when that ip tries to access your website that request will not go on `error.log` but in `access.log` so i created this rule to ban with iptables every request who have stauts `444` so nginx will not have to handle those.
4 . [Kernel Settings](https://github.com/theraw/The-World-Is-Yours/blob/master/static/sysctl.conf#L1-L34)
5 . [Naxsi Rules Included](https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L118)
6 . [Example of Naxsi](https://github.com/theraw/The-World-Is-Yours/blob/master/static/vhost/default#L22-L29)
7 . [Check Iptables rules](https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/rules) It will not be automatically enabled, because this changes based on providers in ovh it work in azure it doesn't work. so you need to manually activate iptables!
8 . ModSecurity is not loaded. However you need to set it up by yourself. you have a folder `/nginx/modsecurity/`
which ModSecurity rules are stored, open `/nginx/modsecurity/modsecurity.conf` add those
```bash
Include crs-setup.conf
Include rules/*.conf
```
ModSecurity is by default enabled as "detect only" you can turn it on always by doing this
```bash
SecRuleEngine On
```
Using modSecurity for your site
```bash
server {
.....
modsecurity on;
modsecurity_rules_file /nginx/modsecurity/modsecurity.conf;
location / {
.....
}
}
```
**Careful** Using modsec rules like
```
location / {
modsecurity_rules_file /nginx/modsecurity/modsecurity.conf;
}
```
it means that's enabled just for your main place `/` not for other dirs in your site ex `/admin/` (:
Test it!
`curl 'http://localhost/?q="><script>wanna hack</script>'`
```html
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
```
# Keep In Mind. # Keep In Mind.
The **L7 Protection** is the same way which **cloudflare** have that banner "Under Attack" A.K.A Cookie based authorization. Most of bots from where attacks will come doesn't support cookies so it will fail to access your site. (Test it by yourself to "curl http://yoursite.com" before you activate L7 and after you start L7 so you will understand better.) The **L7 Protection** is the same way which **cloudflare** have that banner "Under Attack" A.K.A Cookie based authorization. Most of bots from where attacks will come doesn't support cookies so it will fail to access your site. (Test it by yourself to "curl http://yoursite.com" before you activate L7 and after you start L7 so you will understand better.)
UBUNTU14/conf.d/bot.conf
-4
View File
@@ -1,4 +0,0 @@
geo $white_bot {
default 0;
include /nginx/whitelist/whitelist-ips.conf;
}
UBUNTU14/install
-63
View File
@@ -1,63 +0,0 @@
#!/bin/bash
ireqs() {
mkdir -p /tmp/nginx-plus/; cd /tmp/nginx-plus
wget
apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y
apt-get autoremove -y
apt-get install apt-utils build-essential -y
apt-get install git -y
apt-get install checkinstall libpcre3 libpcre3-dev zlib1g zlib1g-dbg libxml2 zlib1g-dev -y
apt-get install -y unzip
apt-get install -y libicu-dev libcurl4-gnutls-dev libtool
apt-get install -y libmozjs-24-dev
apt-get install -y libmozjs-24-bin; sudo ln -sf /usr/bin/js24 /usr/bin/js
apt-get install openssl libssl-dev libperl-dev libexpat-dev -y
apt-get install mercurial meld -y
apt-get install libxslt-dev -y
apt-get install libgd2-xpm -y
apt-get install libgd2-xpm-dev -y
apt-get install libgeoip-dev -y
apt-get install libssl libssl-dev -y
apt-get install dh-autoreconf -y
apt-get install -y software-properties-common
apt-get install -y python-software-properties
apt-get install -y libcairo2 libcairo2-dev
apt-get install -y python-dev
sudo add-apt-repository ppa:maxmind/ppa -y
apt-get install aptitude -y
aptitude update -y
aptitude upgrade -y
aptitude install libmaxminddb0 libmaxminddb-dev mmdb-bin -y
apt-get install libmysqlclient-dev -y
apt-get install libmariadbclient-dev -y
apt-get install g++ flex bison curl doxygen libyajl-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev -y
}
# Nginx Env's Extra Stuff.
#ngx-envs() {
#
#}
download() {
cd /
wget https://github.com/systemroot/my-nginx/raw/master/nginx-plus/nginx-plus.zip
unzip -P ****** nginx-plus.zip; rm -Rf nginx-plus.zip
clear
}
rebuild-conf() {
}
download-mods() {
}
compile-mods() {
}
move-mods() {
}
UBUNTU14/whitelist/whitelist-ips.conf
-498
View File
@@ -1,498 +0,0 @@
# ====================================
# GOOGLE.
# ====================================
108.177.8.0/21 1;
54.36.0.0/16 1;
104.132.0.0/23 1;
104.132.11.0/24 1;
104.132.141.0/24 1;
104.132.34.0/24 1;
104.132.5.0/24 1;
104.132.51.0/24 1;
104.132.7.0/24 1;
104.132.8.0/24 1;
104.133.0.0/24 1;
104.133.2.0/23 1;
104.154.0.0/15 1;
104.196.0.0/14 1;
107.167.160.0/19 1;
107.178.192.0/18 1;
108.170.192.0/18 1;
108.177.0.0/17 1;
108.177.10.0/24 1;
108.177.103.0/24 1;
108.177.104.0/24 1;
108.177.11.0/24 1;
108.177.112.0/24 1;
108.177.119.0/24 1;
108.177.120.0/24 1;
108.177.12.0/24 1;
108.177.121.0/24 1;
108.177.125.0/24 1;
108.177.126.0/24 1;
108.177.127.0/24 1;
108.177.13.0/24 1;
108.177.14.0/24 1;
108.177.15.0/24 1;
108.177.28.0/24 1;
108.177.30.0/24 1;
108.177.8.0/24 1;
108.177.9.0/24 1;
108.177.96.0/24 1;
108.177.97.0/24 1;
108.177.98.0/24 1;
108.59.80.0/20 1;
130.211.0.0/16 1;
142.250.0.0/15 1;
146.148.0.0/17 1;
162.216.148.0/22 1;
162.222.176.0/21 1;
172.102.10.0/24 1;
172.102.11.0/24 1;
172.102.12.0/23 1;
172.102.14.0/23 1;
172.102.8.0/21 1;
172.102.8.0/24 1;
172.110.32.0/21 1;
172.217.0.0/16 1;
172.217.0.0/24 1;
172.217.10.0/24 1;
172.217.1.0/24 1;
172.217.11.0/24 1;
172.217.12.0/24 1;
172.217.13.0/24 1;
172.217.14.0/24 1;
172.217.15.0/24 1;
172.217.16.0/24 1;
172.217.17.0/24 1;
172.217.18.0/24 1;
172.217.19.0/24 1;
172.217.20.0/24 1;
172.217.2.0/24 1;
172.217.21.0/24 1;
172.217.22.0/24 1;
172.217.23.0/24 1;
172.217.24.0/24 1;
172.217.25.0/24 1;
172.217.26.0/24 1;
172.217.27.0/24 1;
172.217.28.0/24 1;
172.217.29.0/24 1;
172.217.30.0/24 1;
172.217.3.0/24 1;
172.217.31.0/24 1;
172.217.4.0/24 1;
172.217.5.0/24 1;
172.217.6.0/24 1;
172.217.7.0/24 1;
172.217.8.0/24 1;
172.217.9.0/24 1;
172.253.0.0/16 1;
173.194.112.0/24 1;
173.194.113.0/24 1;
173.194.117.0/24 1;
173.194.118.0/24 1;
173.194.119.0/24 1;
173.194.120.0/24 1;
173.194.121.0/24 1;
173.194.124.0/24 1;
173.194.132.0/24 1;
173.194.136.0/24 1;
173.194.140.0/24 1;
173.194.141.0/24 1;
173.194.142.0/24 1;
173.194.175.0/24 1;
173.194.192.0/24 1;
173.194.193.0/24 1;
173.194.194.0/24 1;
173.194.195.0/24 1;
173.194.196.0/24 1;
173.194.197.0/24 1;
173.194.198.0/24 1;
173.194.199.0/24 1;
173.194.200.0/24 1;
173.194.201.0/24 1;
173.194.202.0/24 1;
173.194.203.0/24 1;
173.194.204.0/24 1;
173.194.205.0/24 1;
173.194.206.0/24 1;
173.194.207.0/24 1;
173.194.208.0/24 1;
173.194.209.0/24 1;
173.194.210.0/24 1;
173.194.211.0/24 1;
173.194.212.0/24 1;
173.194.213.0/24 1;
173.194.214.0/24 1;
173.194.215.0/24 1;
173.194.216.0/24 1;
173.194.217.0/24 1;
173.194.218.0/24 1;
173.194.219.0/24 1;
173.194.220.0/24 1;
173.194.221.0/24 1;
173.194.222.0/24 1;
173.194.223.0/24 1;
173.194.32.0/24 1;
173.194.34.0/24 1;
173.194.35.0/24 1;
173.194.36.0/24 1;
173.194.37.0/24 1;
173.194.38.0/24 1;
173.194.39.0/24 1;
173.194.40.0/24 1;
173.194.41.0/24 1;
173.194.42.0/24 1;
173.194.44.0/24 1;
173.194.46.0/24 1;
173.194.53.0/24 1;
173.194.63.0/24 1;
173.194.66.0/24 1;
173.194.67.0/24 1;
173.194.68.0/24 1;
173.194.69.0/24 1;
173.194.70.0/24 1;
173.194.7.0/24 1;
173.194.73.0/24 1;
173.194.74.0/24 1;
173.194.76.0/24 1;
173.194.78.0/24 1;
173.194.79.0/24 1;
173.255.112.0/20 1;
185.150.148.0/22 1;
185.25.28.0/23 1;
192.104.160.0/23 1;
192.158.28.0/22 1;
192.178.0.0/15 1;
199.192.112.0/22 1;
199.223.232.0/21 1;
207.223.160.0/20 1;
208.68.108.0/22 1;
208.81.188.0/22 1;
209.107.176.0/20 1;
209.107.176.0/23 1;
209.107.182.0/23 1;
209.107.184.0/23 1;
209.107.185.0/24 1;
209.85.144.0/24 1;
209.85.145.0/24 1;
209.85.147.0/24 1;
209.85.200.0/24 1;
209.85.201.0/24 1;
209.85.202.0/24 1;
209.85.203.0/24 1;
209.85.232.0/24 1;
209.85.233.0/24 1;
209.85.234.0/24 1;
209.85.235.0/24 1;
216.239.32.0/24 1;
216.239.33.0/24 1;
216.239.34.0/24 1;
216.239.35.0/24 1;
216.239.36.0/24 1;
216.239.38.0/24 1;
216.239.39.0/24 1;
216.252.220.0/22 1;
216.252.220.0/24 1;
216.252.222.0/24 1;
216.58.200.0/24 1;
216.58.208.0/24 1;
216.58.209.0/24 1;
216.58.210.0/24 1;
216.58.211.0/24 1;
216.58.212.0/24 1;
216.58.213.0/24 1;
216.58.214.0/24 1;
216.58.215.0/24 1;
216.58.216.0/24 1;
216.58.217.0/24 1;
216.58.218.0/24 1;
216.58.219.0/24 1;
216.58.220.0/24 1;
216.58.221.0/24 1;
216.58.222.0/24 1;
216.58.223.0/24 1;
216.73.80.0/20 1;
23.236.48.0/20 1;
23.251.128.0/19 1;
35.184.0.0/13 1;
35.192.0.0/13 1;
35.200.0.0/14 1;
35.204.0.0/15 1;
35.224.0.0/14 1;
35.228.0.0/14 1;
35.232.0.0/14 1;
35.236.0.0/14 1;
35.240.0.0/14 1;
35.244.0.0/14 1;
64.233.161.0/24 1;
64.233.162.0/24 1;
64.233.163.0/24 1;
64.233.164.0/24 1;
64.233.165.0/24 1;
64.233.166.0/24 1;
64.233.167.0/24 1;
64.233.168.0/24 1;
64.233.169.0/24 1;
64.233.170.0/24 1;
64.233.171.0/24 1;
64.233.176.0/24 1;
64.233.177.0/24 1;
64.233.178.0/24 1;
64.233.179.0/24 1;
64.233.180.0/24 1;
64.233.181.0/24 1;
64.233.182.0/24 1;
64.233.183.0/24 1;
64.233.184.0/24 1;
64.233.185.0/24 1;
64.233.186.0/24 1;
64.233.187.0/24 1;
64.233.188.0/24 1;
64.233.189.0/24 1;
64.233.190.0/24 1;
64.233.191.0/24 1;
66.102.1.0/24 1;
66.102.12.0/24 1;
66.102.2.0/24 1;
66.102.3.0/24 1;
66.102.4.0/24 1;
66.249.64.0/19 1;
70.32.128.0/19 1;
70.32.131.0/24 1;
70.32.145.0/24 1;
70.32.146.0/23 1;
70.32.151.0/24 1;
74.114.24.0/21 1;
74.125.124.0/24 1;
74.125.126.0/24 1;
74.125.127.0/24 1;
74.125.128.0/24 1;
74.125.129.0/24 1;
74.125.130.0/24 1;
74.125.131.0/24 1;
74.125.132.0/24 1;
74.125.133.0/24 1;
74.125.134.0/24 1;
74.125.135.0/24 1;
74.125.136.0/24 1;
74.125.138.0/24 1;
74.125.139.0/24 1;
74.125.140.0/24 1;
74.125.141.0/24 1;
74.125.143.0/24 1;
74.125.192.0/24 1;
74.125.196.0/24 1;
74.125.197.0/24 1;
74.125.198.0/24 1;
74.125.199.0/24 1;
74.125.200.0/24 1;
74.125.201.0/24 1;
74.125.202.0/24 1;
74.125.203.0/24 1;
74.125.204.0/24 1;
74.125.205.0/24 1;
74.125.206.0/24 1;
74.125.21.0/24 1;
74.125.22.0/24 1;
74.125.225.0/24 1;
74.125.226.0/24 1;
74.125.227.0/24 1;
74.125.228.0/24 1;
74.125.230.0/24 1;
74.125.23.0/24 1;
74.125.232.0/24 1;
74.125.234.0/24 1;
74.125.235.0/24 1;
74.125.236.0/24 1;
74.125.238.0/24 1;
74.125.24.0/24 1;
74.125.26.0/24 1;
74.125.27.0/24 1;
74.125.28.0/24 1;
74.125.29.0/24 1;
74.125.30.0/24 1;
74.125.31.0/24 1;
74.125.39.0/24 1;
74.125.6.0/24 1;
74.125.68.0/24 1;
74.125.69.0/24 1;
74.125.70.0/24 1;
74.125.71.0/24 1;
8.34.208.0/21 1;
8.34.216.0/21 1;
8.35.192.0/21 1;
8.35.200.0/21 1;
8.8.4.0/24 1;
8.8.8.0/24 1;
108.177.96.0/19 1;
172.217.0.0/19 1;
173.194.0.0/16 1;
2001:4860:4000::/36 1;
203.208.60.0/24 1;
207.126.144.0/20 1;
209.85.128.0/17 1;
216.239.32.0/19 1;
216.58.192.0/19 1;
2404:6800:4000::/36 1;
2607:f8b0:4000::/36 1;
2800:3f0:4000::/36 1;
2a00:1450:4000::/36 1;
2c0f:fb50:4000::/36 1;
64.18.0.0/20 1;
64.233.160.0/19 1;
64.68.80.0/21 1;
66.102.0.0/20 1;
66.249.64.0/18 1;
72.14.192.0/18 1;
74.125.0.0/16 1;
# ====================================
# END GOOGLE.
# ====================================
# ====================================
# START BING.
# ====================================
131.253.24.0/22 1;
131.253.46.0/23 1;
157.54.0.0/15 1;
157.56.0.0/14 1;
157.60.0.0/16 1;
199.30.16.0/24 1;
199.30.27.0/24 1;
207.46.0.0/16 1;
40.112.0.0/13 1;
40.120.0.0/14 1;
40.124.0.0/16 1;
40.125.0.0/17 1;
40.74.0.0/15 1;
40.76.0.0/14 1;
40.80.0.0/12 1;
40.96.0.0/12 1;
65.52.104.0/24 1;
65.52.108.0/22 1;
65.55.213.0/24 1;
65.55.217.0/24 1;
65.55.24.0/24 1;
65.55.52.0/24 1;
65.55.55.0/24 1;
# ====================================
# END BING.
# ====================================
# ====================================
# START CLOUDFLARE.
# ====================================
103.21.244.0/22 1;
103.22.200.0/22 1;
103.31.4.0/22 1;
104.16.0.0/12 1;
108.162.192.0/18 1;
131.0.72.0/22 1;
141.101.64.0/18 1;
162.158.0.0/15 1;
172.64.0.0/13 1;
173.245.48.0/20 1;
188.114.96.0/20 1;
190.93.240.0/20 1;
197.234.240.0/22 1;
198.41.128.0/17 1;
# ====================================
# END CLOUDFLARE.
# ====================================
# ====================================
# START UPTIME ROBOT.
# ====================================
216.144.250.150 1;
69.162.124.226 1;
69.162.124.227 1;
69.162.124.228 1;
69.162.124.229 1;
69.162.124.230 1;
69.162.124.231 1;
69.162.124.232 1;
69.162.124.233 1;
69.162.124.234 1;
69.162.124.235 1;
69.162.124.236 1;
69.162.124.237 1;
63.143.42.242 1;
63.143.42.243 1;
63.143.42.244 1;
63.143.42.245 1;
63.143.42.246 1;
63.143.42.247 1;
63.143.42.248 1;
63.143.42.249 1;
63.143.42.250 1;
63.143.42.251 1;
63.143.42.252 1;
63.143.42.253 1;
46.137.190.132 1;
122.248.234.23 1;
188.226.183.141 1;
178.62.52.237 1;
54.79.28.129 1;
54.94.142.218 1;
104.131.107.63 1;
54.67.10.127 1;
54.64.67.106 1;
159.203.30.41 1;
46.101.250.135 1;
18.221.56.27 1;
52.60.129.180 1;
159.89.8.111 1;
146.185.143.14 1;
139.59.173.249 1;
165.227.83.148 1;
128.199.195.156 1;
138.197.150.151 1;
34.233.66.117 1;
# ====================================
# END UPTIME ROBOT.
# ====================================
# ====================================
# START DOPEHOSTING.NET
# ====================================
54.37.223.16/30 1;
37.59.144.72/30 1;
137.74.180.224 1;
54.36.45.68 1;
46.105.102.209 1;
188.165.209.76 1;
178.32.143.180 1;
94.23.174.121 1;
145.239.109.72/30 1;
51.254.165.84/30 1;
176.31.143.0/30 1;
151.80.88.22 1;
151.80.88.23 1;
164.132.205.172 1;
91.134.123.247 1;
145.239.77.50 1;
178.33.104.93 1;
178.33.104.96 1;
178.33.104.181 1;
178.33.106.145 1;
51.254.94.129 1;
178.32.56.33 1;
164.132.30.228 1;
137.74.234.202 1;
94.23.172.79 1;
46.105.53.116 1;
91.134.201.79 1;
137.74.234.209 1;
54.36.100.120 1;
94.23.172.83 1;
46.105.51.193 1;
178.32.53.54 1;
# ====================================
# END DOPEHOSTING.NET
# ====================================
UBUNTU16/README.md
-1
View File
@@ -1 +0,0 @@
`
UBUNTU16/nginx.service
-16
View File
@@ -1,16 +0,0 @@
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
config
-37
View File
@@ -1,37 +0,0 @@
#!/bin/bash
# ===============================================================================
# YOU SHOULD CHANGE THOSE.
# ===============================================================================
export NS_PORT='80' # $BIND_IP:80.
export ADMIN_PORT='8282' # $BIND_IP:8282.
export BIND_IP='145.239.109.73' # $BIND_IP:$NS_PORT Will be used for your nginx vhosts configs.
export MY_OS='UBUNTU14' # (UBUNTU14 = Ubuntu 14.04, CENTOS7 = Centos 7.x, Debian7 = Debian 7.9).
export SYM_IT='/nginx' # (Easy way to find nginx 'cd /nginx').
# ===============================================================================
# ===============================================================================
# ===============================================================================
# I DON'T GAVE SUPPORT IF YOU CHANGE THOSE.
# ===============================================================================
export OWNER='root' # Under which user will nginx run!
export PHP_OWNER='root' # Under which group will nginx run!
export HOSTDATA='/hostdata/' # In which folder will website files stored!
export HOSTDATA_DEF='/hostdata/default/public_html/' # Where is the default_server folder.
# CONFIGS.
# ===============================================================================
export NGINX_CONF='/nginx/nginx.conf' # nginx.conf
export VHOST_LIVE_DIR='/nginx/live/' # Live sites.conf folder.
export DEFAULT_SERVER='/nginx/live/default.conf' # Where is the default_server conf.
# EXAMPLE OF EXTRA CONFIGS.
# ===============================================================================
export NGINX_RAILS_UNICORN_CONF_FILE='/etc/nginx/conf.d/rails-unicorn.conf'
export NGINX_RAILS_THIN_CONF_FILE='/etc/nginx/conf.d/rails-thin.conf'
export NGINX_PYRAMID_CONF_FILE='/etc/nginx/conf.d/pyramid.conf'
export NGINX_DJANGO_CONF_FILE='/etc/nginx/conf.d/django.conf'
export NGINX_PHP_CONF_FILE='/etc/nginx/conf.d/php-fpm.conf'
# ===============================================================================
# ===============================================================================
install
+13 -551
View File
@@ -1,10 +1,10 @@
#!/bin/bash #!/bin/bash
case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
trusty) bionic)
if [ "$(whoami)" != "root" ] if [ "$(whoami)" != "root" ]
then then
echo "You should Login as root to use this script!"; echo "You should Login as root to use this script!";
echo "May you already have access for sudo, but commands aren't designed with sudo! so.."; echo "May you already have access for sudo, but this script has no sudo before his commands so please switch";
echo "sudo -i"; echo "sudo -i";
exit 1 exit 1
fi fi
@@ -13,564 +13,26 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
echo "We've detect a folder '/nginx/' which means" echo "We've detect a folder '/nginx/' which means"
echo "Maybe you have use this script before!" echo "Maybe you have use this script before!"
echo "You can fix this by executing!" echo "You can fix this by executing!"
echo "./setup clean" echo "./clean"
exit 1 exit 1
fi fi
if [ -d "/etc/nginx" ]; then if [ -d "/etc/nginx" ]; then
echo "We've detect a folder '/etc/nginx' which means" echo "We've detect a folder '/etc/nginx' which means"
echo "Maybe you have use this script before!" echo "May you've already installed nginx what's important is that for this installation we need port :80 free"
echo "./setup clean" echo "So please remove nginx or disable it with"
echo "service nginx stop"
echo "systemctl disable nginx"
exit 1 exit 1
fi fi
if [ -d "/opt/nginx/" ]; then if [ -d "/etc/apache2" ]; then
echo "We've detect a folder '/opt/nginx/' which means" echo "We've detect a folder '/etc/apache2/' which means"
echo "Maybe you have use this script before!" echo "May you've already installed apache2 what's important is that for this installation we need port :80 free"
echo "./setup clean" echo "So please remove apache2 or disable it with"
echo "service apache2 stop"
echo "systemctl disable apache2"
exit 1 exit 1
fi fi
apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y;
apt-get install sudo -y
apt-get install build-essential libssl-dev curl nano wget zip unzip git -y
apt-get purge --remove nginx -y
apt-get purge --remove apache2 -y
cd ~/;
wget https://raw.githubusercontent.com/systemroot/my-nginx/master/nginx-as-firewall/setup
chmod +x setup
./setup clean
rm -Rf ~/setup
apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y
apt-get autoremove -y
apt-get install apt-utils build-essential -y
apt-get install git -y
apt-get install checkinstall libpcre3 libpcre3-dev zlib1g zlib1g-dbg libxml2 zlib1g-dev -y
apt-get install -y unzip
apt-get install -y libicu-dev libcurl4-gnutls-dev libtool
apt-get install -y libmozjs-24-dev
apt-get install -y libmozjs-24-bin; sudo ln -sf /usr/bin/js24 /usr/bin/js
apt-get install openssl libssl-dev libperl-dev libexpat-dev -y
apt-get install mercurial meld -y
apt-get install libxslt-dev -y
apt-get install libgd2-xpm -y
apt-get install libgd2-xpm-dev -y
apt-get install libgeoip-dev -y
apt-get install libssl libssl-dev -y
apt-get install dh-autoreconf -y
apt-get install -y software-properties-common
apt-get install -y python-software-properties
apt-get install -y libcairo2 libcairo2-dev
apt-get install -y python-dev
sudo add-apt-repository ppa:maxmind/ppa -y
apt-get install aptitude -y
aptitude update -y
aptitude upgrade -y
aptitude install libmaxminddb0 libmaxminddb-dev mmdb-bin -y
apt-get install libmysqlclient-dev -y
apt-get install libmariadbclient-dev -y
apt-get install g++ flex bison curl doxygen libyajl-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev -y
apt-get install libuuid1 uuid-dev -y
apt-get install libgd-dev libc6 -y
mkdir -p /hostdata/
mkdir -p /var/log/nginx/
mkdir -p /opt/nginx/modules/
cd /opt/
git clone https://github.com/SpiderLabs/ModSecurity
cd /opt/ModSecurity/
git checkout -b v3/master origin/v3/master
sh build.sh
git submodule init
git submodule update
./configure
make -j`nproc`
make install
cd /opt/nginx/modules/
wget https://github.com/simplresty/ngx_devel_kit/archive/v0.3.1rc1.zip
unzip v0.3.1rc1.zip; rm -Rf v0.3.1rc1.zip
mv /opt/nginx/modules/ngx_devel_kit-0.3.1rc1/ /opt/nginx/modules/ngx_devel_kit/
#Pagespeed Library
cd /opt/nginx/modules/
wget https://github.com/apache/incubator-pagespeed-ngx/archive/v1.13.35.2-stable.zip
unzip v1.13.35.2-stable.zip
rm -Rf v1.13.35.2-stable.zip
mv /opt/nginx/modules/incubator-pagespeed-ngx-1.13.35.2-stable /opt/nginx/modules/ngx_pagespeed-1.13.35.2-stable
cd /opt/nginx/modules/ngx_pagespeed-1.13.35.2-stable
wget https://dl.google.com/dl/page-speed/psol/1.13.35.2-x64.tar.gz
tar -xzvf 1.13.35.2-x64.tar.gz; rm -Rf 1.13.35.2-x64.tar.gz
#LuaJIT Library
cd /opt/nginx/modules/
git clone http://luajit.org/git/luajit-2.0.git
cd luajit-2.0/
make -j`nproc`
sudo make install
ldconfig
#Naxsi Mod
cd /opt/nginx/modules/
wget https://github.com/nbs-system/naxsi/archive/master.zip
unzip master.zip; rm -Rf master.zip
mv /opt/nginx/modules/naxsi-master /opt/nginx/modules/naxsi
mkdir -p /opt/nginx/modules/
cd /opt/nginx/modules/
rm -Rf nginx_redis/
git clone https://github.com/openresty/set-misc-nginx-module.git
git clone https://github.com/FRiCKLE/ngx_cache_purge.git
git clone https://github.com/kyprizel/testcookie-nginx-module.git
git clone https://github.com/openresty/headers-more-nginx-module.git
git clone https://github.com/openresty/echo-nginx-module.git
git clone https://github.com/leev/ngx_http_geoip2_module.git
git clone https://github.com/openresty/lua-nginx-module.git
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git
git clone https://github.com/openresty/encrypted-session-nginx-module.git
git clone https://github.com/flant/nginx-http-rdns.git
# Download Nginx
mkdir -p /opt/nginx/sources/
cd /opt/nginx/sources/
wget 'http://nginx.org/download/nginx-1.15.5.tar.gz'
tar -xzvf nginx-1.15.5.tar.gz; rm -Rf nginx-1.15.5.tar.gz
cd /opt/nginx/sources/nginx-1.15.5/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nbuild.sh
chmod +x nbuild.sh
./nbuild.sh
make -j`nproc`
make install
ldconfig
mkdir -p /nginx/live
mkdir -p /nginx/logs
mkdir -p /nginx/conf.d
touch /nginx/logs/access.log
touch /nginx/logs/error.log
useradd -r nginx
rm -Rf /etc/init.d/nginx
cd /etc/init.d/; wget https://raw.githubusercontent.com/systemroot/my-nginx/master/nginx-as-firewall/static/nginx
chmod +x /etc/init.d/nginx
cd /nginx/; mkdir conf.d; rm -Rf nginx.conf*; wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.conf
mkdir -p /nginx/live/
cd /nginx/live/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/vhost/default
mkdir -p /hostdata/default
mkdir -p /hostdata/default/public_html
mkdir -p /hostdata/default/logs
mkdir -p /hostdata/default/cache
mkdir -p /nginx/modsecurity/
cd /hostdata/default/public_html/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/html/index.html
sudo update-rc.d nginx defaults
cd /nginx/; mkdir db/; cd db/; wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/GeoLite2-Country.mmdb
cd /nginx/; rm -Rf *.default
cp /opt/nginx/modules/naxsi/naxsi_config/naxsi_core.rules /nginx/naxsi_core.rules
cp /opt/ModSecurity/modsecurity.conf-recommended /nginx/modsecurity/modsecurity.conf
cd /opt/; git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cp -a /opt/owasp-modsecurity-crs/rules/ /nginx/modsecurity/
cp -a /opt/owasp-modsecurity-crs/crs-setup.conf.example /nginx/modsecurity/crs-setup.conf
clear
#mkdir -p /tmp/; cd /tmp; wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/install
#chmod +x install; ./install
clear
sudo apt-get install fail2ban -y
sudo service fail2ban stop
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/jail.local > /etc/fail2ban/jail.local
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/filter.d/nginx-limits.conf > /etc/fail2ban/filter.d/nginx-limits.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/filter.d/nginx-ban.conf > /etc/fail2ban/filter.d/nginx-ban.conf
touch /nginx/logs/error.log
clear
sudo service fail2ban start
clear
service fail2ban status
nginx -t
service nginx stop
service nginx start
;;
xenial)
if [ "$(whoami)" != "root" ]
then
echo "You should Login as root to use this script!";
echo "May you already have access for sudo, but commands aren't designed with sudo! so..";
echo "sudo -i";
exit 1
fi
if [ -d "/nginx/" ]; then
echo "We've detect a folder '/nginx/' which means"
echo "Maybe you have use this script before!"
echo "You can fix this by executing!"
echo "./setup clean"
exit 1
fi
if [ -d "/etc/nginx" ]; then
echo "We've detect a folder '/etc/nginx' which means"
echo "Maybe you have use this script before!"
echo "./setup clean"
exit 1
fi
if [ -d "/opt/nginx/" ]; then
echo "We've detect a folder '/opt/nginx/' which means"
echo "Maybe you have use this script before!"
echo "./setup clean"
exit 1
fi
apt update
apt upgrade -y
apt dist-upgrade -y
apt install build-essential apt-utils libssl-dev curl nano wget zip unzip git htop iftop whois screen sudo -y
apt purge --remove nginx -y
apt purge --remove apache2 -y
apt autoremove -y
cd ~/;
wget https://raw.githubusercontent.com/systemroot/my-nginx/master/nginx-as-firewall/setup
chmod +x setup
./setup clean
rm -Rf ~/setup
apt install -y checkinstall libpcre3 libpcre3-dev zlib1g zlib1g-dbg libxml2 zlib1g-dev
apt install -y libicu-dev libcurl4-gnutls-dev libtool
apt install -y libmozjs-24-dev
apt install -y libmozjs-24-bin; sudo ln -sf /usr/bin/js24 /usr/bin/js
apt install openssl libssl-dev libperl-dev libexpat-dev -y
apt install mercurial meld -y
apt install libxslt-dev -y
apt install libgd2-xpm -y
apt install libgd2-xpm-dev -y
apt install libgeoip-dev -y
apt install dh-autoreconf -y
apt install -y software-properties-common
apt install -y python-software-properties
apt install -y libcairo2 libcairo2-dev
apt install -y python-dev
sudo add-apt-repository ppa:maxmind/ppa -y
apt update; apt upgrade -y; apt dist-upgrade -y
apt install aptitude -y
aptitude update -y
aptitude upgrade -y
aptitude install libmaxminddb0 libmaxminddb-dev mmdb-bin -y
apt install libmysqlclient-dev -y
apt install libmariadbclient-dev -y
apt install g++ flex bison curl doxygen libyajl-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev -y
apt install libuuid1 uuid-dev -y
mkdir -p /hostdata/
mkdir -p /var/log/nginx/
mkdir -p /opt/nginx/modules/
cd /opt/
git clone https://github.com/SpiderLabs/ModSecurity
cd /opt/ModSecurity/
git checkout -b v3/master origin/v3/master
sh build.sh
git submodule init
git submodule update
./configure
make -j`nproc`
make install
cd /opt/nginx/modules/
wget https://github.com/simplresty/ngx_devel_kit/archive/v0.3.1rc1.zip
unzip v0.3.1rc1.zip; rm -Rf v0.3.1rc1.zip
mv /opt/nginx/modules/ngx_devel_kit-0.3.1rc1/ /opt/nginx/modules/ngx_devel_kit/
cd /opt/nginx/modules/
wget https://github.com/apache/incubator-pagespeed-ngx/archive/v1.13.35.2-stable.zip
unzip v1.13.35.2-stable.zip
rm -Rf v1.13.35.2-stable.zip
mv /opt/nginx/modules/incubator-pagespeed-ngx-1.13.35.2-stable /opt/nginx/modules/ngx_pagespeed-1.13.35.2-stable
cd /opt/nginx/modules/ngx_pagespeed-1.13.35.2-stable
wget https://dl.google.com/dl/page-speed/psol/1.13.35.2-x64.tar.gz
tar -xzvf 1.13.35.2-x64.tar.gz; rm -Rf 1.13.35.2-x64.tar.gz
#LuaJIT Library
cd /opt/nginx/modules/
git clone http://luajit.org/git/luajit-2.0.git
cd luajit-2.0/
make -j`nproc`
sudo make install
ldconfig
cd /opt/nginx/modules/
wget https://github.com/nbs-system/naxsi/archive/master.zip
unzip master.zip; rm -Rf master.zip
mv /opt/nginx/modules/naxsi-master /opt/nginx/modules/naxsi
mkdir -p /opt/nginx/modules/
cd /opt/nginx/modules/
rm -Rf nginx_redis/
git clone https://github.com/openresty/set-misc-nginx-module.git
git clone https://github.com/FRiCKLE/ngx_cache_purge.git
git clone https://github.com/kyprizel/testcookie-nginx-module.git
git clone https://github.com/openresty/headers-more-nginx-module.git
git clone https://github.com/openresty/echo-nginx-module.git
git clone https://github.com/leev/ngx_http_geoip2_module.git
git clone https://github.com/openresty/lua-nginx-module.git
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git
git clone https://github.com/openresty/encrypted-session-nginx-module.git
git clone https://github.com/flant/nginx-http-rdns.git
# Download Nginx
mkdir -p /opt/nginx/sources/
cd /opt/nginx/sources/
wget 'http://nginx.org/download/nginx-1.14.0.tar.gz'
tar -xzvf nginx-1.14.0.tar.gz; rm -Rf nginx-1.14.0.tar.gz
cd /opt/nginx/sources/nginx-1.14.0/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nbuild.sh
chmod +x nbuild.sh
./nbuild.sh
make -j`nproc`
make install
ldconfig
mkdir -p /nginx/live
mkdir -p /nginx/logs
mkdir -p /nginx/conf.d
touch /nginx/logs/access.log
touch /nginx/logs/error.log
useradd -r nginx
rm -Rf /etc/init.d/nginx
cd /etc/init.d/; wget https://raw.githubusercontent.com/systemroot/my-nginx/master/nginx-as-firewall/static/nginx
chmod +x /etc/init.d/nginx
cd /nginx/; mkdir conf.d; rm -Rf nginx.conf*; wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.conf
cd /nginx/live/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/vhost/default
mkdir -p /hostdata/default
mkdir -p /hostdata/default/public_html
mkdir -p /hostdata/default/logs
mkdir -p /hostdata/default/cache
mkdir -p /nginx/modsecurity/
cd /hostdata/default/public_html/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/html/index.html
sudo update-rc.d nginx defaults
cd /nginx/; mkdir db/; cd db/; wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/GeoLite2-Country.mmdb
cd /nginx/; rm -Rf *.default
cp /opt/nginx/modules/naxsi/naxsi_config/naxsi_core.rules /nginx/naxsi_core.rules
cp /opt/ModSecurity/modsecurity.conf-recommended /nginx/modsecurity/modsecurity.conf
cd /opt/; git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cp -a /opt/owasp-modsecurity-crs/rules/ /nginx/modsecurity/
cp -a /opt/owasp-modsecurity-crs/crs-setup.conf.example /nginx/modsecurity/crs-setup.conf
clear
cd /etc/systemd/system/; wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/UBUNTU16/nginx.service
sudo systemctl start nginx.service && sudo systemctl enable nginx.service
killall nginx
systemctl daemon-reload
service nginx stop
service nginx start
;;
cosmic)
if [ "$(whoami)" != "root" ]
then
echo "You should Login as root to use this script!";
echo "May you already have access for sudo, but commands aren't designed with sudo! so..";
echo "sudo -i";
exit 1
fi
if [ -d "/nginx/" ]; then
echo "We've detect a folder '/nginx/' which means"
echo "Maybe you have use this script before!"
echo "You can fix this by executing!"
echo "./setup clean"
exit 1
fi
if [ -d "/etc/nginx" ]; then
echo "We've detect a folder '/etc/nginx' which means"
echo "Maybe you have use this script before!"
echo "./setup clean"
exit 1
fi
if [ -d "/opt/nginx/" ]; then
echo "We've detect a folder '/opt/nginx/' which means"
echo "Maybe you have use this script before!"
echo "./setup clean"
exit 1
fi
apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y;
apt-get install sudo -y
apt-get install build-essential libssl-dev curl nano wget zip unzip git -y
apt-get purge --remove nginx -y
apt-get purge --remove apache2 -y
cd ~/;
wget https://raw.githubusercontent.com/systemroot/my-nginx/master/nginx-as-firewall/setup
chmod +x setup
./setup clean
rm -Rf ~/setup
apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y
apt-get autoremove -y
apt-get install apt-utils build-essential -y
apt-get install git -y
apt-get install checkinstall libpcre3 libpcre3-dev zlib1g zlib1g-dbg libxml2 zlib1g-dev -y
apt-get install -y unzip
apt-get install -y libicu-dev libcurl4-gnutls-dev libtool
apt-get install -y libmozjs-24-dev
apt-get install -y libmozjs-24-bin; sudo ln -sf /usr/bin/js24 /usr/bin/js
apt-get install openssl libssl-dev libperl-dev libexpat-dev -y
apt-get install mercurial meld -y
apt-get install libxslt-dev -y
apt-get install libgd2-xpm -y
apt-get install libgd2-xpm-dev -y
apt-get install libgeoip-dev -y
apt-get install libssl libssl-dev -y
apt-get install dh-autoreconf -y
apt-get install -y software-properties-common
apt-get install -y python-software-properties
apt-get install -y libcairo2 libcairo2-dev
apt-get install -y python-dev
sudo add-apt-repository ppa:maxmind/ppa -y
apt-get install aptitude -y
aptitude update -y
aptitude upgrade -y
aptitude install libmaxminddb0 libmaxminddb-dev mmdb-bin -y
apt-get install libmysqlclient-dev -y
apt-get install libmariadbclient-dev -y
apt-get install g++ flex bison curl doxygen libyajl-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev -y
apt-get install libuuid1 uuid-dev -y
apt-get install libgd-dev libc6 -y
mkdir -p /hostdata/
mkdir -p /var/log/nginx/
mkdir -p /opt/nginx/modules/
cd /opt/
git clone https://github.com/SpiderLabs/ModSecurity
cd /opt/ModSecurity/
git checkout -b v3/master origin/v3/master
sh build.sh
git submodule init
git submodule update
./configure
make -j`nproc`
make install
cd /opt/nginx/modules/
wget https://github.com/simplresty/ngx_devel_kit/archive/v0.3.1rc1.zip
unzip v0.3.1rc1.zip; rm -Rf v0.3.1rc1.zip
mv /opt/nginx/modules/ngx_devel_kit-0.3.1rc1/ /opt/nginx/modules/ngx_devel_kit/
#Pagespeed Library
cd /opt/nginx/modules/
wget https://github.com/apache/incubator-pagespeed-ngx/archive/v1.13.35.2-stable.zip
unzip v1.13.35.2-stable.zip
rm -Rf v1.13.35.2-stable.zip
mv /opt/nginx/modules/incubator-pagespeed-ngx-1.13.35.2-stable /opt/nginx/modules/ngx_pagespeed-1.13.35.2-stable
cd /opt/nginx/modules/ngx_pagespeed-1.13.35.2-stable
wget https://dl.google.com/dl/page-speed/psol/1.13.35.2-x64.tar.gz
tar -xzvf 1.13.35.2-x64.tar.gz; rm -Rf 1.13.35.2-x64.tar.gz
#LuaJIT Library
cd /opt/nginx/modules/
git clone http://luajit.org/git/luajit-2.0.git
cd luajit-2.0/
make -j`nproc`
sudo make install
ldconfig
#Naxsi Mod
cd /opt/nginx/modules/
wget https://github.com/nbs-system/naxsi/archive/master.zip
unzip master.zip; rm -Rf master.zip
mv /opt/nginx/modules/naxsi-master /opt/nginx/modules/naxsi
mkdir -p /opt/nginx/modules/
cd /opt/nginx/modules/
rm -Rf nginx_redis/
git clone https://github.com/openresty/set-misc-nginx-module.git
git clone https://github.com/FRiCKLE/ngx_cache_purge.git
git clone https://github.com/kyprizel/testcookie-nginx-module.git
git clone https://github.com/openresty/headers-more-nginx-module.git
git clone https://github.com/openresty/echo-nginx-module.git
git clone https://github.com/leev/ngx_http_geoip2_module.git
git clone https://github.com/openresty/lua-nginx-module.git
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git
git clone https://github.com/openresty/encrypted-session-nginx-module.git
git clone https://github.com/flant/nginx-http-rdns.git
# Download Nginx
mkdir -p /opt/nginx/sources/
cd /opt/nginx/sources/
wget 'http://nginx.org/download/nginx-1.15.5.tar.gz'
tar -xzvf nginx-1.15.5.tar.gz; rm -Rf nginx-1.15.5.tar.gz
cd /opt/nginx/sources/nginx-1.15.5/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nbuild.sh
chmod +x nbuild.sh
./nbuild.sh
make -j`nproc`
make install
ldconfig
mkdir -p /nginx/live
mkdir -p /nginx/logs
mkdir -p /nginx/conf.d
touch /nginx/logs/access.log
touch /nginx/logs/error.log
useradd -r nginx
rm -Rf /etc/init.d/nginx
cd /etc/init.d/; wget https://raw.githubusercontent.com/systemroot/my-nginx/master/nginx-as-firewall/static/nginx
chmod +x /etc/init.d/nginx
cd /nginx/; mkdir conf.d; rm -Rf nginx.conf*; wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.conf
mkdir -p /nginx/live/
cd /nginx/live/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/vhost/default
mkdir -p /hostdata/default
mkdir -p /hostdata/default/public_html
mkdir -p /hostdata/default/logs
mkdir -p /hostdata/default/cache
mkdir -p /nginx/modsecurity/
cd /hostdata/default/public_html/
wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/html/index.html
sudo update-rc.d nginx defaults
cd /nginx/; mkdir db/; cd db/; wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/GeoLite2-Country.mmdb
cd /nginx/; rm -Rf *.default
cp /opt/nginx/modules/naxsi/naxsi_config/naxsi_core.rules /nginx/naxsi_core.rules
cp /opt/ModSecurity/modsecurity.conf-recommended /nginx/modsecurity/modsecurity.conf
cd /opt/; git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cp -a /opt/owasp-modsecurity-crs/rules/ /nginx/modsecurity/
cp -a /opt/owasp-modsecurity-crs/crs-setup.conf.example /nginx/modsecurity/crs-setup.conf
clear
cd /etc/systemd/system/; wget https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/UBUNTU16/nginx.service
sudo systemctl start nginx.service && sudo systemctl enable nginx.service
systemctl daemon-reload
clear
service nginx stop
service nginx start
clear
nginx -t
echo "Installation script on ubuntu 18 maybe can fail is not well tested if so please report any problem on github!"
;;
centos)
yum -y update; yum -y upgrade
yum install epel-release wget curl git zip unzip -y
yum remove httpd -y
yum remove apache2 -y
yum remove nginx -y
;; ;;
esac esac
iptables/filter.d/nginx-ban.conf
-5
View File
@@ -1,5 +0,0 @@
[Definition]
failregex = ^.*client: <HOST>.* 444.*$
ignoreregex =
iptables/filter.d/nginx-limits.conf
-8
View File
@@ -1,8 +0,0 @@
# fail2ban filter configuration for nginx limit connection for ip.
[Definition]
failregex = ^.*client: <HOST>.*$
ignoreregex =
iptables/install
-27
View File
@@ -1,27 +0,0 @@
#!/bin/bash
apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
sudo apt-get install iptables-persistent
sudo invoke-rc.d iptables-persistent save
clear
# ========================================================================
mkdir -p /firewall/iptables/bin
echo '#!/bin/bash' > /firewall/iptables/bin/fire.sh
echo 'sudo service fail2ban stop' >> /firewall/iptables/bin/fire.sh
echo 'nano /etc/iptables/rules.v4' >> /firewall/iptables/bin/fire.sh
echo 'iptables-restore < /etc/iptables/rules.v4' >> /firewall/iptables/bin/fire.sh
echo 'iptables-save > /etc/iptables/rules.v4' >> /firewall/iptables/bin/fire.sh
echo 'sudo service fail2ban start' >> /firewall/iptables/bin/fire.sh
ln -sf /firewall/iptables/bin/fire.sh /bin/fire
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/rules > /etc/iptables/rules.v4
chmod +x /bin/fire
# ========================================================================
sudo apt-get install fail2ban -y
sudo service fail2ban stop
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/iptables/jail.local > /etc/fail2ban/jail.local
touch /nginx/logs/error.log
sudo service fail2ban start
clear
iptables/jail.local
-471
View File
@@ -1,471 +0,0 @@
[DEFAULT]
ignoreip = 127.0.0.1/8
# "bantime" is the number of seconds that a host is banned.
bantime = 1200
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
maxretry = 3
# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
# If pyinotify is not installed, Fail2ban will use auto.
# gamin: requires Gamin (a file alteration monitor) to be installed.
# If Gamin is not installed, Fail2ban will use auto.
# polling: uses a polling algorithm which does not require external libraries.
# auto: will try to use the following backends, in order:
# pyinotify, gamin, polling.
backend = auto
# "usedns" specifies if jails should trust hostnames in logs,
# warn when reverse DNS lookups are performed, or ignore all hostnames in logs
#
# yes: if a hostname is encountered, a reverse DNS lookup will be performed.
# warn: if a hostname is encountered, a reverse DNS lookup will be performed,
# but it will be logged as a warning.
# no: if a hostname is encountered, will not be used for banning,
# but it will be logged as info.
usedns = warn
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = root@localhost
# Name of the sender for mta actions
sendername = Fail2Ban
# ACTIONS
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport
# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
mta = sendmail
# Default protocol
protocol = tcp
# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT
#
# Action shortcuts. To be used to define action parameter
# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s
#
# JAILS
#
# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
# was shipped in Debian. Enable any defined here jail by including
#
# [SECTION_NAME]
# enabled = true
#
# in /etc/fail2ban/jail.local.
#
# Optionally you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
[nginx-limits]
enabled = true
port = http,https
filter = nginx-limits
logpath = /hostdata/*/logs/error.log
maxretry = 6
[nginx-ban]
enabled = true
port = http,https
filter = nginx-ban
logpath = /hostdata/*/logs/access.log
maxretry = 1
[dropbear]
enabled = false
port = ssh
filter = dropbear
logpath = /var/log/auth.log
maxretry = 6
# Generic filter for pam. Has to be used with action which bans all ports
# such as iptables-allports, shorewall
[pam-generic]
enabled = false
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter = pam-generic
# port actually must be irrelevant but lets leave it all for some possible uses
port = all
banaction = iptables-allports
port = anyport
logpath = /var/log/auth.log
maxretry = 6
[xinetd-fail]
enabled = false
filter = xinetd-fail
port = all
banaction = iptables-multiport-log
logpath = /var/log/daemon.log
maxretry = 2
[ssh-ddos]
enabled = false
port = ssh
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 6
# Here we use blackhole routes for not requiring any additional kernel support
# to store large volumes of banned IPs
[ssh-route]
enabled = false
filter = sshd
action = route
logpath = /var/log/sshd.log
maxretry = 6
# Here we use a combination of Netfilter/Iptables and IPsets
# for storing large volumes of banned IPs
#
# IPset comes in two versions. See ipset -V for which one to use
# requires the ipset package and kernel support.
[ssh-iptables-ipset4]
enabled = false
port = ssh
filter = sshd
banaction = iptables-ipset-proto4
logpath = /var/log/sshd.log
maxretry = 6
[ssh-iptables-ipset6]
enabled = false
port = ssh
filter = sshd
banaction = iptables-ipset-proto6
logpath = /var/log/sshd.log
maxretry = 6
#
# HTTP servers
#
[apache]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6
# default action is now multiport, so apache-multiport jail was left
# for compatibility with previous (<0.7.6-2) releases
[apache-multiport]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6
[apache-noscript]
enabled = false
port = http,https
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6
[apache-overflows]
enabled = false
port = http,https
filter = apache-overflows
logpath = /var/log/apache*/*error.log
maxretry = 2
# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
# of usage in production environments.
[php-url-fopen]
enabled = false
port = http,https
filter = php-url-fopen
logpath = /var/www/*/logs/access_log
# A simple PHP-fastcgi jail which works with lighttpd.
# If you run a lighttpd server, then you probably will
# find these kinds of messages in your error_log:
# ALERT tried to register forbidden variable GLOBALS
# through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php')
[lighttpd-fastcgi]
enabled = false
port = http,https
filter = lighttpd-fastcgi
logpath = /var/log/lighttpd/error.log
# Same as above for mod_auth
# It catches wrong authentifications
[lighttpd-auth]
enabled = false
port = http,https
filter = suhosin
logpath = /var/log/lighttpd/error.log
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /var/log/nginx/error.log
# Monitor roundcube server
[roundcube-auth]
enabled = false
filter = roundcube-auth
port = http,https
logpath = /var/log/roundcube/userlogins
[sogo-auth]
enabled = false
filter = sogo-auth
port = http, https
# without proxy this would be:
# port = 20000
logpath = /var/log/sogo/sogo.log
# FTP servers
[vsftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = vsftpd
logpath = /var/log/vsftpd.log
# or overwrite it in jails.local to be
# logpath = /var/log/auth.log
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
maxretry = 6
[proftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
[pure-ftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 6
[wuftpd]
enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = wuftpd
logpath = /var/log/syslog
maxretry = 6
# Mail servers
[postfix]
enabled = false
port = smtp,ssmtp,submission
filter = postfix
logpath = /var/log/mail.log
[couriersmtp]
enabled = false
port = smtp,ssmtp,submission
filter = couriersmtp
logpath = /var/log/mail.log
#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#
[courierauth]
enabled = false
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = courierlogin
logpath = /var/log/mail.log
[sasl]
enabled = false
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = postfix-sasl
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath = /var/log/mail.log
[dovecot]
enabled = false
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = dovecot
logpath = /var/log/mail.log
# To log wrong MySQL access attempts add to /etc/my.cnf:
# log-error=/var/log/mysqld.log
# log-warning = 2
[mysqld-auth]
enabled = false
filter = mysqld-auth
port = 3306
logpath = /var/log/mysqld.log
# DNS Servers
# These jails block attacks against named (bind9). By default, logging is off
# with bind9 installation. You will need something like this:
#
# logging {
# channel security_file {
# file "/var/log/named/security.log" versions 3 size 30m;
# severity dynamic;
# print-time yes;
# };
# category security {
# security_file;
# };
# };
#
# in your named.conf to provide proper logging
# !!! WARNING !!!
# Since UDP is connection-less protocol, spoofing of IP and imitation
# of illegal actions is way too simple. Thus enabling of this filter
# might provide an easy way for implementing a DoS against a chosen
# victim. See
# http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
# Please DO NOT USE this jail unless you know what you are doing.
#[named-refused-udp]
#
#enabled = false
#port = domain,953
#protocol = udp
#filter = named-refused
#logpath = /var/log/named/security.log
[named-refused-tcp]
enabled = false
port = domain,953
protocol = tcp
filter = named-refused
logpath = /var/log/named/security.log
# Multiple jails, 1 per protocol, are necessary ATM:
# see https://github.com/fail2ban/fail2ban/issues/37
[asterisk-tcp]
enabled = false
filter = asterisk
port = 5060,5061
protocol = tcp
logpath = /var/log/asterisk/messages
[asterisk-udp]
enabled = false
filter = asterisk
port = 5060,5061
protocol = udp
logpath = /var/log/asterisk/messages
# Jail for more extended banning of persistent abusers
# !!! WARNING !!!
# Make sure that your loglevel specified in fail2ban.conf/.local
# is not at DEBUG level -- which might then cause fail2ban to fall into
# an infinite loop constantly feeding itself with non-informative lines
[recidive]
enabled = false
filter = recidive
logpath = /var/log/fail2ban.log
action = iptables-allports[name=recidive]
sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 5
iptables/rules
-29
View File
@@ -1,29 +0,0 @@
# Generated by iptables-save v1.4.21 on Fri Feb 23 11:18:23 2018
*nat
:PREROUTING ACCEPT [2:100]
:INPUT ACCEPT [1:40]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Feb 23 11:18:23 2018
# Generated by iptables-save v1.4.21 on Fri Feb 23 11:18:23 2018
*mangle
:PREROUTING ACCEPT [65:7186]
:INPUT ACCEPT [44:4420]
:FORWARD ACCEPT [22:2966]
:OUTPUT ACCEPT [36:8424]
:POSTROUTING ACCEPT [58:11390]
COMMIT
# Completed on Fri Feb 23 11:18:23 2018
# Generated by iptables-save v1.4.21 on Fri Feb 23 11:18:23 2018
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [36:8424]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
COMMIT
# Completed on Fri Feb 23 11:18:23 2018
nginx-reverse.yml
+35
View File
@@ -0,0 +1,35 @@
version: '3.7'
services:
nginx:
container_name: nginx
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
image: "theraw/the-world-is-yours:nginx"
shm_size: '512MB'
privileged: true
restart: unless-stopped
networks:
nginx_net:
ipv4_address: 172.69.0.70
dns:
- "1.1.1.1"
- "1.1.0.0"
ulimits:
nproc: 65535
cap_add:
- "CAP_SYS_RESOURCE"
- "CAP_SYS_TIME"
volumes:
- /nginx:/nginx
- /hostdata:/hostdata
networks:
nginx_net:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
ipam:
driver: default
config:
- subnet: 172.69.0.0/16
static/GeoLite2-Country.mmdb
BIN
View File
Binary file not shown.
static/conf.d/banlist.conf
-195
View File
@@ -1,195 +0,0 @@
# ========================================
# Proxies used for brute force.
deny 185.145.200.0/22;
deny 175.139.192.0/18;
deny 160.16.128.0/17;
deny 35.190.128.0/19;
deny 34.192.0.0/12;
deny 123.30.174.0/24;
deny 58.82.144.0/21;
deny 92.63.96.0/21;
deny 109.68.150.0/24;
deny 171.248.0.0/13;
deny 196.220.97.0/24;
deny 185.145.202.171/32;
deny 123.30.174.151/32;
deny 47.90.87.225/32;
deny 204.12.155.201/32;
deny 168.90.224.75/32;
deny 47.52.231.140/32;
deny 47.90.72.227/32;
deny 47.91.139.78/32;
deny 62.109.14.242/32;
deny 118.193.26.18/32;
deny 159.224.176.205/32;
deny 74.217.93.206/32;
deny 27.111.43.178/32;
deny 47.206.51.67/32;
deny 194.190.17.23/32;
deny 50.233.136.254/32;
deny 62.133.191.113/32;
deny 80.95.11.139/32;
deny 37.99.214.45/32;
deny 103.74.246.161/32;
deny 69.85.70.37/32;
deny 187.58.213.116/32;
deny 85.30.219.24/32;
deny 34.200.213.29/32;
deny 92.63.103.226/32;
deny 181.196.50.238/32;
deny 36.73.121.24/32;
deny 74.217.93.211/32;
deny 81.22.54.60/32;
deny 36.73.159.128/32;
deny 2.138.24.102/32;
deny 188.244.185.94/32;
deny 89.255.94.111/32;
deny 74.217.93.208/32;
deny 58.82.151.37/32;
deny 74.217.93.207/32;
deny 74.217.93.209/32;
deny 74.217.93.212/32;
deny 24.155.93.123/32;
deny 74.217.93.204/32;
deny 74.217.93.210/32;
deny 117.6.161.118/32;
deny 154.119.50.246/32;
deny 74.217.93.205/32;
deny 37.76.234.230/32;
deny 176.122.251.56/32;
deny 113.254.33.38/32;
deny 185.145.202.171/32;
deny 175.139.252.193/32;
deny 5.188.10.8/32;
deny 5.199.130.127/32;
deny 185.220.101.10/32;
deny 192.160.102.169/32;
deny 185.220.101.9/32;
deny 216.218.134.12/32;
deny 144.217.245.23/32;
deny 185.220.101.22/32;
deny 104.192.0.58/32;
deny 91.195.158.95/32;
deny 51.15.72.211/32;
deny 185.220.101.30/32;
deny 185.100.87.206/32;
deny 104.218.63.72/32;
deny 185.38.14.171/32;
deny 65.19.167.130/32;
deny 185.220.101.29/32;
deny 65.19.167.131/32;
deny 216.218.222.12/32;
deny 204.85.191.30/32;
deny 196.220.97.1/32;
deny 193.90.12.119/32;
deny 54.36.222.37/32;
deny 163.172.171.163/32;
deny 51.15.143.28/32;
deny 84.141.66.143/32;
deny 93.115.95.207/32;
deny 62.210.105.116/32;
deny 193.90.12.116/32;
deny 185.220.101.24/32;
deny 51.254.208.245/32;
deny 37.187.94.86/32;
deny 185.220.101.21/32;
deny 51.15.64.39/32;
deny 91.250.241.241/32;
deny 188.214.104.146/32;
deny 172.104.252.154/32;
deny 77.247.181.162/32;
deny 176.10.104.243/32;
deny 192.36.27.4/32;
deny 93.115.86.4/32;
deny 149.202.170.60/32;
deny 144.217.60.239/32;
deny 185.220.101.1/32;
deny 185.11.167.4/32;
deny 185.10.68.114/32;
deny 109.201.133.100/32;
deny 171.25.193.77/32;
deny 5.79.86.15/32;
deny 172.104.29.241/32;
deny 163.172.41.228/32;
deny 163.172.160.182/32;
deny 94.100.6.27/32;
deny 185.220.101.28/32;
deny 176.31.180.157/32;
deny 5.135.158.101/32;
deny 185.195.25.111/32;
deny 185.220.101.25/32;
deny 62.210.110.181/32;
deny 193.90.12.115/32;
deny 195.22.126.147/32;
deny 84.53.65.151/32;
deny 104.218.63.74/32;
deny 144.217.245.243/32;
deny 178.17.170.156/32;
deny 46.182.106.190/32;
deny 84.209.48.106/32;
deny 185.117.118.234/32;
deny 185.220.101.44/32;
deny 192.99.247.1/32;
deny 163.172.174.24/32;
deny 46.101.128.0/18;
deny 192.36.27.6/32;
deny 185.129.62.63/32;
deny 104.223.123.98/32;
deny 193.90.12.117/32;
deny 171.25.193.235/32;
deny 51.15.64.212/32;
deny 166.70.207.2/32;
deny 216.218.222.14/32;
deny 176.223.113.26/32;
deny 178.63.97.34/32;
deny 176.10.99.200/32;
deny 37.233.103.114/32;
deny 78.109.23.1/32;
deny 185.165.168.229/32;
deny 109.228.51.164/32;
deny 170.250.140.52/32;
deny 176.107.188.11/32;
deny 185.220.101.6/32;
deny 185.220.101.46/32;
deny 146.185.177.103/32;
deny 64.113.32.29/32;
deny 95.128.43.164/32;
deny 37.220.35.202/32;
deny 5.196.66.162/32;
deny 5.254.112.154/32;
deny 31.171.155.131/32;
deny 93.115.95.206/32;
deny 185.220.101.15/32;
deny 185.220.101.4/32;
deny 185.100.85.101/32;
deny 185.222.209.32/32;
deny 185.227.82.9/32;
deny 85.93.218.204/32;
deny 93.115.95.205/32;
deny 87.118.92.43/32;
deny 51.15.56.204/32;
deny 66.70.217.179/32;
deny 185.100.87.207/32;
deny 185.220.101.32/32;
deny 176.8.24.228/32;
deny 51.15.209.128/32;
deny 193.90.12.118/32;
deny 52.224.48.30/32;
deny 62.210.37.82/32;
deny 80.127.116.96/32;
deny 122.183.242.53/32;
deny 93.115.95.204/32;
deny 165.227.39.194/32;
deny 144.217.60.211/32;
deny 176.126.252.12/32;
deny 178.165.72.177/32;
deny 185.38.14.215/32;
deny 27.124.124.126/32;
deny 185.165.168.77/32;
deny 185.220.101.26/32;
deny 217.147.169.75/32;
deny 185.169.43.68/32;
deny 185.220.101.8/32;
deny 144.217.45.37/32;
deny 65.19.167.132/32;
# ==========================================
static/conf.d/country.conf
-23
View File
@@ -1,23 +0,0 @@
map $geoip2_data_country_code $allowed_country {
default yes;
BD no;
IT no;
PL no;
CM no;
CA no;
TH no;
ZA no;
EC no;
HK no;
CZ no;
ID no;
BR no;
SA no;
FK no;
FM no;
EH no;
CN no;
VN no;
RU no;
TR no;
}
static/html/index.html
-5
View File
@@ -1,5 +0,0 @@
<html>
<center><h1>NGINX-AS-WEB-FIREWALL Default Page!?</h1></center>
<center><h2>If you can see this that means your installation was successful!</h2></center>
<center><h2>Thank You For Using This Project, For Issues or suggestion Post them on <a href="https://github.com/theraw/The-World-Is-Yours" target="_blank">(Github)</a></h2></center>
</html>
static/nbuild.sh
-50
View File
@@ -1,50 +0,0 @@
./configure \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/nginx/logs/error.log \
--http-log-path=/nginx/logs/access.log \
--with-pcre \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-ld-opt="-Wl,-rpath,/usr/local/lib/" \
--add-module=/opt/nginx/modules/ngx_devel_kit \
--add-module=/opt/nginx/modules/ngx_pagespeed-1.13.35.2-stable \
--add-module=/opt/nginx/modules/testcookie-nginx-module \
--add-module=/opt/nginx/modules/set-misc-nginx-module \
--add-module=/opt/nginx/modules/headers-more-nginx-module \
--add-module=/opt/nginx/modules/echo-nginx-module \
--add-module=/opt/nginx/modules/ngx_cache_purge \
--add-module=/opt/nginx/modules/ngx_http_geoip2_module \
--add-module=/opt/nginx/modules/lua-nginx-module \
--add-module=/opt/nginx/modules/ModSecurity-nginx \
--add-module=/opt/nginx/modules/encrypted-session-nginx-module \
--add-module=/opt/nginx/modules/naxsi/naxsi_src/ \
--add-module=/opt/nginx/modules/nginx-http-rdns
static/nginx.conf
-121
View File
@@ -1,121 +0,0 @@
# Suggestions? => https://github.com/theraw/The-World-Is-Yours/issues
# Problems? => https://github.com/theraw/The-World-Is-Yours/issues
# Errors? => https://github.com/theraw/The-World-Is-Yours/issues
user nginx;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
use epoll;
worker_connections 65535;
}
http {
# ////////////////////////////////////////////////////// #
# =================== START L7 ========================= #
# turn this 'on' if you want to use L7 For every domain hosted in your server
testcookie off;
testcookie_name DOPEHOSTING;
testcookie_secret random;
testcookie_session $remote_addr;
#testcookie_arg GO;
testcookie_httponly_flag on;
testcookie_max_attempts 3;
testcookie_secure_flag on;
testcookie_get_only on;
testcookie_p3p 'CP="CUR ADM OUR NOR STA NID", policyref="/w3c/p3p.xml"';
testcookie_fallback /cookies.html?backurl=$scheme://$host$request_uri;
# Those are some ip's whitelisted by me. mostly are search engines. But not everything!
testcookie_whitelist {
8.8.8.8/32;
127.0.0.1/32;
# I don't suggest using alot of IPs here as this whitelist can fail!.
}
testcookie_redirect_via_refresh on;
testcookie_refresh_encrypt_cookie on;
testcookie_refresh_encrypt_cookie_key random;
testcookie_refresh_encrypt_cookie_iv random;
testcookie_refresh_template '<html><head><meta http-equiv="refresh" content="0; $testcookie_nexturl"><title>Just a moment please...</title></head><body> </script><script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script type=\"text/javascript\" src="//proxy2.dopehosting.net/aes.min.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("$testcookie_enc_key"),b=toNumbers("$testcookie_enc_iv"),c=toNumbers("$testcookie_enc_set");document.cookie="DOPEHOSTING="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";</script></body></html>';
# ===================== END L7 ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== LOGS =========================== #
log_format main '$remote_addr |==| $status |==| $request |==| $time_local';
# -------------------------------------------------------#
log_format agent '$remote_addr |==| $status |==| $request |==| $http_user_agent';
# -------------------------------------------------------#
log_format full '$remote_addr |==| $remote_user |==| $time_local |==| $request |==| $status |==| $body_bytes_sent |==| $http_referer |==| $http_user_agent |==| $http_x_forwarded_for';
# =================== END LOGS ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== GEIP =========================== #
geoip2 /nginx/db/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=US country iso_code;
$geoip2_data_country_name country names en;
}
# EX Ban China!
#map $geoip2_data_country_code $allowed_country {
# default yes;
# CN no;
#}
# =================== END GEIP ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== EXTRA ========================== #
# Don't Go with "Nginx Can Handle Everything" !
limit_conn_zone $server_name zone=max:1m;
limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;
# =================== END EXTRA ======================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== GENERAL ========================= #
client_body_buffer_size 1M;
client_header_buffer_size 1M;
client_body_timeout 90s;
client_header_timeout 90s;
client_max_body_size 2M;
keepalive_timeout 10s;
port_in_redirect off;
sendfile on;
server_names_hash_bucket_size 6969;
server_name_in_redirect off;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
types_hash_max_size 2048;
resolver 8.8.8.8 8.8.4.4;
default_type application/octet-stream;
include /nginx/mime.types;
# =================== END GENERAL ====================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# =================== LOAD CONFIGS ===================== #
include /nginx/live/*;
include /nginx/conf.d/*;
include /nginx/naxsi_core.rules;
# =================== END CONFIGS ====================== #
# ////////////////////////////////////////////////////// #
}
static/raws/template
-55
View File
@@ -1,55 +0,0 @@
server {
listen 80;
root /hostdata/raws.com/public_html;
index index.html index.php;
server_name raws.com www.raws.com;
location / {
SecRulesEnabled;
LearningMode;
DeniedUrl "/denied/";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
access_log /hostdata/raws.com/logs/access.log main;
error_log /hostdata/raws.com/logs/error.log;
try_files $uri $uri/ =404;
}
location /denied/ {
return 444;
}
# =========================================
# PHPMYADMIN.
# =========================================
location /phpmyadmin {
root /hostdata/default/;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /hostdata/default/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /nginx/fastcgi_params;
}
}
# =========================================
# END PHPMYADMIN.
# =========================================
# =========================================
# PHP.
# =========================================
location ~ \.php {
try_files $uri /index.php =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /nginx/fastcgi_params;
}
# =========================================
# END PHP.
# =========================================
}
static/sysctl.conf
-35
View File
@@ -1,35 +0,0 @@
vm.nr_hugepages = 128
net.ipv4.ip_forward = 0
net.ipv4.tcp_syncookies = 1
#net.ipv4.icmp_echo_ignore_broadcasts = 1
#net.ipv4.icmp_ignore_bogus_error_responses = 1
#net.ipv4.conf.all.log_martians = 1
#net.ipv4.conf.default.log_martians = 1
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv4.conf.default.accept_source_route = 0
#net.ipv4.conf.all.rp_filter = 1
#net.ipv4.conf.default.rp_filter = 1
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv4.conf.default.accept_redirects = 0
#net.ipv4.conf.all.secure_redirects = 0
#net.ipv4.conf.default.secure_redirects = 0
#net.ipv4.conf.all.send_redirects = 0
#net.ipv4.conf.default.send_redirects = 0
#kernel.randomize_va_space = 1
#net.ipv6.conf.default.router_solicitations = 0
#net.ipv6.conf.default.accept_ra_rtr_pref = 0
#net.ipv6.conf.default.accept_ra_pinfo = 0
#net.ipv6.conf.default.accept_ra_defrtr = 0
#net.ipv6.conf.default.autoconf = 0
#net.ipv6.conf.default.dad_transmits = 0
#net.ipv6.conf.default.max_addresses = 1
#fs.file-max = 65535
#kernel.pid_max = 65536
#net.ipv4.ip_local_port_range = 2000 65000
#net.ipv4.tcp_rmem = 4096 87380 8388608
#net.ipv4.tcp_wmem = 4096 87380 8388608
#net.core.rmem_max = 8388608
#net.core.wmem_max = 8388608
#net.core.netdev_max_backlog = 5000
#net.ipv4.tcp_window_scaling = 1
static/vhost/aes.min.js
Vendored
-790
View File
@@ -1,790 +0,0 @@
/*
* aes.js: implements AES - Advanced Encryption Standard
* from the SlowAES project, http://code.google.com/p/slowaes/
*
* Copyright (c) 2008 Josh Davis ( http://www.josh-davis.org ),
* Mark Percival ( http://mpercival.com ),
*
* Ported from C code written by Laurent Haan ( http://www.progressive-coding.com )
*
* Licensed under the Apache License, Version 2.0
* http://www.apache.org/licenses/
*/
var slowAES = {
/*
* START AES SECTION
*/
aes:{
// structure of valid key sizes
keySize:{
SIZE_128:16,
SIZE_192:24,
SIZE_256:32
},
// Rijndael S-box
sbox:[
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ],
// Rijndael Inverted S-box
rsbox:
[ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
, 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
, 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
, 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
, 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
, 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d ],
/* rotate the word eight bits to the left */
rotate:function(word)
{
var c = word[0];
for (var i = 0; i < 3; i++)
word[i] = word[i+1];
word[3] = c;
return word;
},
// Rijndael Rcon
Rcon:[
0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d,
0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab,
0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d,
0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25,
0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01,
0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d,
0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa,
0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a,
0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02,
0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f,
0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5,
0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33,
0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb ],
G2X: [
0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16,
0x18, 0x1a, 0x1c, 0x1e, 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e,
0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, 0x40, 0x42, 0x44, 0x46,
0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e,
0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76,
0x78, 0x7a, 0x7c, 0x7e, 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e,
0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, 0xa0, 0xa2, 0xa4, 0xa6,
0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe,
0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6,
0xd8, 0xda, 0xdc, 0xde, 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee,
0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, 0x1b, 0x19, 0x1f, 0x1d,
0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05,
0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d,
0x23, 0x21, 0x27, 0x25, 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55,
0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45, 0x7b, 0x79, 0x7f, 0x7d,
0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65,
0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d,
0x83, 0x81, 0x87, 0x85, 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5,
0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5, 0xdb, 0xd9, 0xdf, 0xdd,
0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5,
0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed,
0xe3, 0xe1, 0xe7, 0xe5
],
G3X: [
0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d,
0x14, 0x17, 0x12, 0x11, 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39,
0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, 0x60, 0x63, 0x66, 0x65,
0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71,
0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d,
0x44, 0x47, 0x42, 0x41, 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9,
0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, 0xf0, 0xf3, 0xf6, 0xf5,
0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1,
0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd,
0xb4, 0xb7, 0xb2, 0xb1, 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99,
0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, 0x9b, 0x98, 0x9d, 0x9e,
0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a,
0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6,
0xbf, 0xbc, 0xb9, 0xba, 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2,
0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea, 0xcb, 0xc8, 0xcd, 0xce,
0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda,
0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46,
0x4f, 0x4c, 0x49, 0x4a, 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62,
0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a, 0x3b, 0x38, 0x3d, 0x3e,
0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a,
0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16,
0x1f, 0x1c, 0x19, 0x1a
],
G9X: [
0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53,
0x6c, 0x65, 0x7e, 0x77, 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf,
0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, 0x3b, 0x32, 0x29, 0x20,
0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c,
0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8,
0xc7, 0xce, 0xd5, 0xdc, 0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49,
0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, 0xe6, 0xef, 0xf4, 0xfd,
0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91,
0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e,
0x21, 0x28, 0x33, 0x3a, 0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2,
0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, 0xec, 0xe5, 0xfe, 0xf7,
0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b,
0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f,
0x10, 0x19, 0x02, 0x0b, 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8,
0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, 0x47, 0x4e, 0x55, 0x5c,
0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30,
0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9,
0xf6, 0xff, 0xe4, 0xed, 0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35,
0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, 0xa1, 0xa8, 0xb3, 0xba,
0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6,
0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62,
0x5d, 0x54, 0x4f, 0x46
],
GBX: [
0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45,
0x74, 0x7f, 0x62, 0x69, 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81,
0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, 0x7b, 0x70, 0x6d, 0x66,
0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12,
0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e,
0xbf, 0xb4, 0xa9, 0xa2, 0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7,
0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, 0x46, 0x4d, 0x50, 0x5b,
0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f,
0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8,
0xf9, 0xf2, 0xef, 0xe4, 0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c,
0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, 0xf7, 0xfc, 0xe1, 0xea,
0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e,
0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02,
0x33, 0x38, 0x25, 0x2e, 0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd,
0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, 0x3c, 0x37, 0x2a, 0x21,
0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55,
0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44,
0x75, 0x7e, 0x63, 0x68, 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80,
0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, 0x7a, 0x71, 0x6c, 0x67,
0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13,
0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f,
0xbe, 0xb5, 0xa8, 0xa3
],
GDX: [
0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f,
0x5c, 0x51, 0x46, 0x4b, 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3,
0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, 0xbb, 0xb6, 0xa1, 0xac,
0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0,
0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14,
0x37, 0x3a, 0x2d, 0x20, 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e,
0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, 0xbd, 0xb0, 0xa7, 0xaa,
0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6,
0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9,
0x8a, 0x87, 0x90, 0x9d, 0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25,
0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, 0xda, 0xd7, 0xc0, 0xcd,
0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91,
0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75,
0x56, 0x5b, 0x4c, 0x41, 0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42,
0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, 0xb1, 0xbc, 0xab, 0xa6,
0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa,
0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8,
0xeb, 0xe6, 0xf1, 0xfc, 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44,
0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, 0x0c, 0x01, 0x16, 0x1b,
0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47,
0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3,
0x80, 0x8d, 0x9a, 0x97
],
GEX: [
0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62,
0x48, 0x46, 0x54, 0x5a, 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca,
0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, 0xdb, 0xd5, 0xc7, 0xc9,
0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81,
0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59,
0x73, 0x7d, 0x6f, 0x61, 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87,
0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, 0x4d, 0x43, 0x51, 0x5f,
0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17,
0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14,
0x3e, 0x30, 0x22, 0x2c, 0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc,
0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, 0x41, 0x4f, 0x5d, 0x53,
0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b,
0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3,
0xe9, 0xe7, 0xf5, 0xfb, 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0,
0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, 0x7a, 0x74, 0x66, 0x68,
0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20,
0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e,
0xa4, 0xaa, 0xb8, 0xb6, 0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26,
0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, 0x37, 0x39, 0x2b, 0x25,
0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d,
0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5,
0x9f, 0x91, 0x83, 0x8d
],
// Key Schedule Core
core:function(word,iteration)
{
/* rotate the 32-bit word 8 bits to the left */
word = this.rotate(word);
/* apply S-Box substitution on all 4 parts of the 32-bit word */
for (var i = 0; i < 4; ++i)
word[i] = this.sbox[word[i]];
/* XOR the output of the rcon operation with i to the first part (leftmost) only */
word[0] = word[0]^this.Rcon[iteration];
return word;
},
/* Rijndael's key expansion
* expands an 128,192,256 key into an 176,208,240 bytes key
*
* expandedKey is a pointer to an char array of large enough size
* key is a pointer to a non-expanded key
*/
expandKey:function(key,size)
{
var expandedKeySize = (16*(this.numberOfRounds(size)+1));
/* current expanded keySize, in bytes */
var currentSize = 0;
var rconIteration = 1;
var t = []; // temporary 4-byte variable
var expandedKey = [];
for(var i = 0;i < expandedKeySize;i++)
expandedKey[i] = 0;
/* set the 16,24,32 bytes of the expanded key to the input key */
for (var j = 0; j < size; j++)
expandedKey[j] = key[j];
currentSize += size;
while (currentSize < expandedKeySize)
{
/* assign the previous 4 bytes to the temporary value t */
for (var k = 0; k < 4; k++)
t[k] = expandedKey[(currentSize - 4) + k];
/* every 16,24,32 bytes we apply the core schedule to t
* and increment rconIteration afterwards
*/
if(currentSize % size == 0)
t = this.core(t, rconIteration++);
/* For 256-bit keys, we add an extra sbox to the calculation */
if(size == this.keySize.SIZE_256 && ((currentSize % size) == 16))
for(var l = 0; l < 4; l++)
t[l] = this.sbox[t[l]];
/* We XOR t with the four-byte block 16,24,32 bytes before the new expanded key.
* This becomes the next four bytes in the expanded key.
*/
for(var m = 0; m < 4; m++) {
expandedKey[currentSize] = expandedKey[currentSize - size] ^ t[m];
currentSize++;
}
}
return expandedKey;
},
// Adds (XORs) the round key to the state
addRoundKey:function(state,roundKey)
{
for (var i = 0; i < 16; i++)
state[i] ^= roundKey[i];
return state;
},
// Creates a round key from the given expanded key and the
// position within the expanded key.
createRoundKey:function(expandedKey,roundKeyPointer)
{
var roundKey = [];
for (var i = 0; i < 4; i++)
for (var j = 0; j < 4; j++)
roundKey[j*4+i] = expandedKey[roundKeyPointer + i*4 + j];
return roundKey;
},
/* substitute all the values from the state with the value in the SBox
* using the state value as index for the SBox
*/
subBytes:function(state,isInv)
{
for (var i = 0; i < 16; i++)
state[i] = isInv?this.rsbox[state[i]]:this.sbox[state[i]];
return state;
},
/* iterate over the 4 rows and call shiftRow() with that row */
shiftRows:function(state,isInv)
{
for (var i = 0; i < 4; i++)
state = this.shiftRow(state,i*4, i,isInv);
return state;
},
/* each iteration shifts the row to the left by 1 */
shiftRow:function(state,statePointer,nbr,isInv)
{
for (var i = 0; i < nbr; i++)
{
if(isInv)
{
var tmp = state[statePointer + 3];
for (var j = 3; j > 0; j--)
state[statePointer + j] = state[statePointer + j-1];
state[statePointer] = tmp;
}
else
{
var tmp = state[statePointer];
for (var j = 0; j < 3; j++)
state[statePointer + j] = state[statePointer + j+1];
state[statePointer + 3] = tmp;
}
}
return state;
},
// galois multiplication of 8 bit characters a and b
galois_multiplication:function(a,b)
{
var p = 0;
for(var counter = 0; counter < 8; counter++)
{
if((b & 1) == 1)
p ^= a;
if(p > 0x100) p ^= 0x100;
var hi_bit_set = (a & 0x80); //keep p 8 bit
a <<= 1;
if(a > 0x100) a ^= 0x100; //keep a 8 bit
if(hi_bit_set == 0x80)
a ^= 0x1b;
if(a > 0x100) a ^= 0x100; //keep a 8 bit
b >>= 1;
if(b > 0x100) b ^= 0x100; //keep b 8 bit
}
return p;
},
// galois multipication of the 4x4 matrix
mixColumns:function(state,isInv)
{
var column = [];
/* iterate over the 4 columns */
for (var i = 0; i < 4; i++)
{
/* construct one column by iterating over the 4 rows */
for (var j = 0; j < 4; j++)
column[j] = state[(j*4)+i];
/* apply the mixColumn on one column */
column = this.mixColumn(column,isInv);
/* put the values back into the state */
for (var k = 0; k < 4; k++)
state[(k*4)+i] = column[k];
}
return state;
},
// galois multipication of 1 column of the 4x4 matrix
mixColumn:function(column,isInv)
{
var mult = [];
if(isInv)
mult = [14,9,13,11];
else
mult = [2,1,1,3];
var cpy = [];
for(var i = 0; i < 4; i++)
cpy[i] = column[i];
column[0] = this.galois_multiplication(cpy[0],mult[0]) ^
this.galois_multiplication(cpy[3],mult[1]) ^
this.galois_multiplication(cpy[2],mult[2]) ^
this.galois_multiplication(cpy[1],mult[3]);
column[1] = this.galois_multiplication(cpy[1],mult[0]) ^
this.galois_multiplication(cpy[0],mult[1]) ^
this.galois_multiplication(cpy[3],mult[2]) ^
this.galois_multiplication(cpy[2],mult[3]);
column[2] = this.galois_multiplication(cpy[2],mult[0]) ^
this.galois_multiplication(cpy[1],mult[1]) ^
this.galois_multiplication(cpy[0],mult[2]) ^
this.galois_multiplication(cpy[3],mult[3]);
column[3] = this.galois_multiplication(cpy[3],mult[0]) ^
this.galois_multiplication(cpy[2],mult[1]) ^
this.galois_multiplication(cpy[1],mult[2]) ^
this.galois_multiplication(cpy[0],mult[3]);
return column;
},
// applies the 4 operations of the forward round in sequence
round:function(state, roundKey)
{
state = this.subBytes(state,false);
state = this.shiftRows(state,false);
state = this.mixColumns(state,false);
state = this.addRoundKey(state, roundKey);
return state;
},
// applies the 4 operations of the inverse round in sequence
invRound:function(state,roundKey)
{
state = this.shiftRows(state,true);
state = this.subBytes(state,true);
state = this.addRoundKey(state, roundKey);
state = this.mixColumns(state,true);
return state;
},
/*
* Perform the initial operations, the standard round, and the final operations
* of the forward aes, creating a round key for each round
*/
main:function(state,expandedKey,nbrRounds)
{
state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
for (var i = 1; i < nbrRounds; i++)
state = this.round(state, this.createRoundKey(expandedKey,16*i));
state = this.subBytes(state,false);
state = this.shiftRows(state,false);
state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
return state;
},
/*
* Perform the initial operations, the standard round, and the final operations
* of the inverse aes, creating a round key for each round
*/
invMain:function(state, expandedKey, nbrRounds)
{
state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
for (var i = nbrRounds-1; i > 0; i--)
state = this.invRound(state, this.createRoundKey(expandedKey,16*i));
state = this.shiftRows(state,true);
state = this.subBytes(state,true);
state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
return state;
},
numberOfRounds:function(size)
{
var nbrRounds;
switch (size) /* set the number of rounds */
{
case this.keySize.SIZE_128:
nbrRounds = 10;
break;
case this.keySize.SIZE_192:
nbrRounds = 12;
break;
case this.keySize.SIZE_256:
nbrRounds = 14;
break;
default:
return null;
break;
}
return nbrRounds;
},
// encrypts a 128 bit input block against the given key of size specified
encrypt:function(input,key,size)
{
var output = [];
var block = []; /* the 128 bit block to encode */
var nbrRounds = this.numberOfRounds(size);
/* Set the block values, for the block:
* a0,0 a0,1 a0,2 a0,3
* a1,0 a1,1 a1,2 a1,3
* a2,0 a2,1 a2,2 a2,3
* a3,0 a3,1 a3,2 a3,3
* the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
*/
for (var i = 0; i < 4; i++) /* iterate over the columns */
for (var j = 0; j < 4; j++) /* iterate over the rows */
block[(i+(j*4))] = input[(i*4)+j];
/* expand the key into an 176, 208, 240 bytes key */
var expandedKey = this.expandKey(key, size); /* the expanded key */
/* encrypt the block using the expandedKey */
block = this.main(block, expandedKey, nbrRounds);
for (var k = 0; k < 4; k++) /* unmap the block again into the output */
for (var l = 0; l < 4; l++) /* iterate over the rows */
output[(k*4)+l] = block[(k+(l*4))];
return output;
},
// decrypts a 128 bit input block against the given key of size specified
decrypt:function(input, key, size)
{
var output = [];
var block = []; /* the 128 bit block to decode */
var nbrRounds = this.numberOfRounds(size);
/* Set the block values, for the block:
* a0,0 a0,1 a0,2 a0,3
* a1,0 a1,1 a1,2 a1,3
* a2,0 a2,1 a2,2 a2,3
* a3,0 a3,1 a3,2 a3,3
* the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
*/
for (var i = 0; i < 4; i++) /* iterate over the columns */
for (var j = 0; j < 4; j++) /* iterate over the rows */
block[(i+(j*4))] = input[(i*4)+j];
/* expand the key into an 176, 208, 240 bytes key */
var expandedKey = this.expandKey(key, size);
/* decrypt the block using the expandedKey */
block = this.invMain(block, expandedKey, nbrRounds);
for (var k = 0; k < 4; k++)/* unmap the block again into the output */
for (var l = 0; l < 4; l++)/* iterate over the rows */
output[(k*4)+l] = block[(k+(l*4))];
return output;
}
},
/*
* END AES SECTION
*/
/*
* START MODE OF OPERATION SECTION
*/
//structure of supported modes of operation
modeOfOperation:{
OFB:0,
CFB:1,
CBC:2
},
// get a 16 byte block (aes operates on 128bits)
getBlock: function(bytesIn,start,end,mode)
{
if(end - start > 16)
end = start + 16;
return bytesIn.slice(start, end);
},
/*
* Mode of Operation Encryption
* bytesIn - Input String as array of bytes
* mode - mode of type modeOfOperation
* key - a number array of length 'size'
* size - the bit length of the key
* iv - the 128 bit number array Initialization Vector
*/
encrypt: function (bytesIn, mode, key, iv)
{
var size = key.length;
if(iv.length%16)
{
throw 'iv length must be 128 bits.';
}
// the AES input/output
var byteArray = [];
var input = [];
var output = [];
var ciphertext = [];
var cipherOut = [];
// char firstRound
var firstRound = true;
if (mode == this.modeOfOperation.CBC)
this.padBytesIn(bytesIn);
if (bytesIn !== null)
{
for (var j = 0;j < Math.ceil(bytesIn.length/16); j++)
{
var start = j*16;
var end = j*16+16;
if(j*16+16 > bytesIn.length)
end = bytesIn.length;
byteArray = this.getBlock(bytesIn,start,end,mode);
if (mode == this.modeOfOperation.CFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (var i = 0; i < 16; i++)
ciphertext[i] = byteArray[i] ^ output[i];
for(var k = 0;k < end-start;k++)
cipherOut.push(ciphertext[k]);
input = ciphertext;
}
else if (mode == this.modeOfOperation.OFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (var i = 0; i < 16; i++)
ciphertext[i] = byteArray[i] ^ output[i];
for(var k = 0;k < end-start;k++)
cipherOut.push(ciphertext[k]);
input = output;
}
else if (mode == this.modeOfOperation.CBC)
{
for (var i = 0; i < 16; i++)
input[i] = byteArray[i] ^ ((firstRound) ? iv[i] : ciphertext[i]);
firstRound = false;
ciphertext = this.aes.encrypt(input, key, size);
// always 16 bytes because of the padding for CBC
for(var k = 0;k < 16;k++)
cipherOut.push(ciphertext[k]);
}
}
}
return cipherOut;
},
/*
* Mode of Operation Decryption
* cipherIn - Encrypted String as array of bytes
* originalsize - The unencrypted string length - required for CBC
* mode - mode of type modeOfOperation
* key - a number array of length 'size'
* size - the bit length of the key
* iv - the 128 bit number array Initialization Vector
*/
decrypt:function(cipherIn,mode,key,iv)
{
var size = key.length;
if(iv.length%16)
{
throw 'iv length must be 128 bits.';
}
// the AES input/output
var ciphertext = [];
var input = [];
var output = [];
var byteArray = [];
var bytesOut = [];
// char firstRound
var firstRound = true;
if (cipherIn !== null)
{
for (var j = 0;j < Math.ceil(cipherIn.length/16); j++)
{
var start = j*16;
var end = j*16+16;
if(j*16+16 > cipherIn.length)
end = cipherIn.length;
ciphertext = this.getBlock(cipherIn,start,end,mode);
if (mode == this.modeOfOperation.CFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (i = 0; i < 16; i++)
byteArray[i] = output[i] ^ ciphertext[i];
for(var k = 0;k < end-start;k++)
bytesOut.push(byteArray[k]);
input = ciphertext;
}
else if (mode == this.modeOfOperation.OFB)
{
if (firstRound)
{
output = this.aes.encrypt(iv, key, size);
firstRound = false;
}
else
output = this.aes.encrypt(input, key, size);
for (i = 0; i < 16; i++)
byteArray[i] = output[i] ^ ciphertext[i];
for(var k = 0;k < end-start;k++)
bytesOut.push(byteArray[k]);
input = output;
}
else if(mode == this.modeOfOperation.CBC)
{
output = this.aes.decrypt(ciphertext, key, size);
for (i = 0; i < 16; i++)
byteArray[i] = ((firstRound) ? iv[i] : input[i]) ^ output[i];
firstRound = false;
for(var k = 0;k < end-start;k++)
bytesOut.push(byteArray[k]);
input = ciphertext;
}
}
if(mode == this.modeOfOperation.CBC)
this.unpadBytesOut(bytesOut);
}
return bytesOut;
},
padBytesIn: function(data) {
var len = data.length;
var padByte = 16 - (len % 16);
for (var i = 0; i < padByte; i++) {
data.push(padByte);
}
},
unpadBytesOut: function(data) {
var padCount = 0;
var padByte = -1;
var blockSize = 16;
if(data.length > 16) {
for (var i = data.length - 1; i >= data.length-1 - blockSize; i--) {
if (data[i] <= blockSize) {
if (padByte == -1)
padByte = data[i];
if (data[i] != padByte) {
padCount = 0;
break;
}
padCount++;
} else
break;
if (padCount == padByte) {
break;
}
}
if (padCount > 0) {
data.splice(data.length - padCount, padCount);
}
}
}
/*
* END MODE OF OPERATION SECTION
*/
};
static/vhost/default
-48
View File
@@ -1,48 +0,0 @@
server {
listen 80 default_server;
root /hostdata/default/public_html;
index index.html;
server_name localhost;
# ================================================
# LIMIT CONNECTION FOR IP / IPs WILL BE AUTO BANNED IF YOU HAVE INSTALL IPTABLES/FAIL2BAN
limit_conn max 800;
limit_req zone=one burst=300 nodelay;
# ================================================
# ================================================
# 1. Don't put log files into location / {..} it will not work as you think. Use like this.
# 2. If you change their name or location make sure you also change those https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L118
access_log /hostdata/default/logs/access.log main;
error_log /hostdata/default/logs/error.log;
# ================================================
# ================================================
location / {
SecRulesEnabled;
LearningMode;
DeniedUrl "/denied/";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
try_files $uri $uri/ =404;
}
# ================================================
location /denied/ {
return 444;
}
# ================================================
location ~ \.php {
try_files $uri /index.php =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# ================================================
}