Repo for the installation of NGINX with ModSecurity
sudo su
yum localinstall Development\ Tools/*
cd "Tools"
yum localinstall *
cd ModSecurity
sed -i '/AC_PROG_CC/a\AM_PROG_CC_C_O' configure.ac
sed -i '1 i\AUTOMAKE_OPTIONS = subdir-objects' Makefile.am
./autogen.sh
./configure --enable-standalone-module --disable-mlogc
make
groupadd -r nginx
useradd -r -g nginx -s /sbin/nologin -M nginx
./configure --user=nginx --group=nginx --add-module=/usr/src/ModSecurity/nginx/modsecurity --with-http_ssl_module
make
make install
sed -i "s/#user nobody;/user nginx nginx;/" /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
cat <<EOF>> /lib/systemd/system/nginx.service
[Service]
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
KillStop=/usr/local/nginx/sbin/nginx -s stop
KillMode=process
Restart=on-failure
RestartSec=42s
PrivateTmp=true
LimitNOFILE=200000
[Install]
WantedBy=multi-user.target
EOF
systemctl start nginx.service
systemctl stop nginx.service
systemctl restart nginx.service
vi /usr/local/nginx/conf/nginx.conf
location / {
root html;
index index.html index.htm;
}
ModSecurityEnabled on;
ModSecurityConfig modsec_includes.conf;
#proxy_pass http://localhost:8011;
#proxy_read_timeout 180s;
# The final result should be:
location / {
ModSecurityEnabled on;
ModSecurityConfig modsec_includes.conf;
#proxy_pass http://localhost:8011;
#proxy_read_timeout 180s;
root html;
index index.html index.htm;
}
:wq!
cat <<EOF>> /usr/local/nginx/conf/modsec_includes.conf
include modsecurity.conf
include owasp-modsecurity-crs/crs-setup.conf
include owasp-modsecurity-crs/rules/*.conf
EOF
cp /usr/src/ModSecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf
cp /usr/src/ModSecurity/unicode.mapping /usr/local/nginx/conf/
sed -i "s/SecRuleEngine DetectionOnly/SecRuleEngine On/" /usr/local/nginx/conf/modsecurity.conf
cp -r owasp/owasp-modsecurity-crs /usr/local/nginx/conf/
cd /usr/local/nginx/conf/owasp-modsecurity-crs/
mv crs-setup.conf.example crs-setup.conf
cd rules
mv REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
mv RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
systemctl start nginx.service
yum localinstall firewalld/*
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo systemctl status firewalld
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload
http://IP-ADDRESS/?param="><script>alert(1);</script>
grep error /usr/local/nginx/logs/error.log
https://www.tecmint.com/fix-firewall-cmd-command-not-found-error/