ModSecurity 3.x + Nginx 编译安装 |
您所在的位置:网站首页 › nginx离线安装需要root › ModSecurity 3.x + Nginx 编译安装 |
文章目录
编译并生成 nginx_modsecurity3 RPM 安装包安装依赖安装 nignx安装 libModSecurity关联 nginx生成 rpm 安装包
安装 nginx 和 nginx_modsecurity3配置 modsecurity下载配置文件配置 modsecurity配置 nginx测试
Platform: Linux 3.10.0-693.el7.x86_64
编译并生成 nginx_modsecurity3 RPM 安装包
安装依赖
yum -y install epel-release
yum install -y git rpm-build gperftools-devel openssl-devel pcre-devel zlib-devel GeoIP-devel gd-devel perl-devel libxslt-devel perl-ExtUtils-Embed.noarch gcc gcc-c++ autoconf automake libtool
yum -y install yum-utils yajl yajl-devel libcurl libcurl-devel lmdb lmdb-devel ssdeep ssdeep-devel lua lua-devel
安装 nignx
yum -y install nginx
cd /root/
yumdownloader --source nginx
rpm -i nginx-1.16.1-1.el7.src.rpm
当前结果
[root@localhost ~]# ls -l
-rw-r--r--. 1 root root 1070280 10月 4 2019 nginx-1.16.1-1.el7.src.rpm
drwxr-xr-x. 4 root root 34 5月 19 14:41 rpmbuild
安装 libModSecurity
下载 modsecurity
cd /root/
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
安装 modsecurity
cd ModSecurity
git submodule init
git submodule update
./build.sh
./configure --with-lmdb
ModSecurity - for Linux
Mandatory dependencies
+ libInjection ....v3.9.2-30-gbf234eb
+ SecLang tests ....c8cf2c5
Optional dependencies
+ GeoIP/MaxMind ....found
* (GeoIP) v1.5.0
-lGeoIP , -I/usr/include/
+ LibCURL ....found v7.29.0
-lcurl , -DWITH_CURL
+ YAJL ....found v2.0.4
-lyajl , -DWITH_YAJL
+ LMDB ....disabled
+ LibXML2 ....found v2.9.1
-lxml2 -lz -lm -ldl, -I/usr/include/libxml2 -DWITH_LIBXML2
+ SSDEEP ....found
-lfuzzy -L/usr/lib64/, -DWITH_SSDEEP -I/usr/include
+ LUA ....found v501
-llua-5.1 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_1 -I/usr/include
Other Options
+ Test Utilities ....enabled
+ SecDebugLog ....enabled
+ afl fuzzer ....disabled
+ library examples ....enabled
+ Building parser ....disabled
+ Treating pm operations as critical section ....disabled
make -j2
make install
当前结果 [root@localhost ~]# ls -l drwxr-xr-x. 14 root root 4096 5月 19 15:01 ModSecurity -rw-r--r--. 1 root root 1070280 10月 4 2019 nginx-1.16.1-1.el7.src.rpm drwxr-xr-x. 4 root root 34 5月 19 14:41 rpmbuild [root@localhost ~]# find . -name libmodsecurity.so* ./ModSecurity/src/.libs/libmodsecurity.so.3.0.4 ./ModSecurity/src/.libs/libmodsecurity.so.3 ./ModSecurity/src/.libs/libmodsecurity.so [root@localhost ~]# 关联 nginx 下载 ModSecurity-nginx cd /root/ git clone https://github.com/SpiderLabs/ModSecurity-nginx.git当前结果 [root@localhost ~]# ls -l drwxr-xr-x. 14 root root 4096 5月 19 15:01 ModSecurity drwxr-xr-x. 6 root root 192 5月 19 15:14 ModSecurity-nginx -rw-r--r--. 1 root root 1070280 10月 4 2019 nginx-1.16.1-1.el7.src.rpm drwxr-xr-x. 5 root root 47 5月 19 15:30 rpmbuild 解压缩 nginx 源文件 cd /root/ tar zxf ./rpmbuild/SOURCES/nginx-1.16.1.tar.gz当前结果 [root@localhost ~]# ls -l drwxr-xr-x. 14 root root 4096 5月 19 15:01 ModSecurity drwxr-xr-x. 6 root root 192 5月 19 15:14 ModSecurity-nginx drwxr-xr-x. 9 1001 1001 186 5月 19 15:18 nginx-1.16.1 -rw-r--r--. 1 root root 1070280 10月 4 2019 nginx-1.16.1-1.el7.src.rpm drwxr-xr-x. 5 root root 47 5月 19 15:30 rpmbuild 更新 nginx build string cd /root/nginx-1.16.1/ nginx -V 2>&1 | grep 'configure arguments' | sed "s#configure arguments:#./configure --add-dynamic-module=../ModSecurity-nginx #g" nginx -V 2>&1 | grep 'configure arguments' | sed "s#configure arguments:#./configure --add-dynamic-module=../ModSecurity-nginx #g" |bash make modules当前结果: [root@localhost nginx-1.16.1]# find . -name *modsecurity* ./objs/ngx_http_modsecurity_module_modules.c ./objs/addon/src/ngx_http_modsecurity_module.o ./objs/addon/src/ngx_http_modsecurity_pre_access.o ./objs/addon/src/ngx_http_modsecurity_header_filter.o ./objs/addon/src/ngx_http_modsecurity_body_filter.o ./objs/addon/src/ngx_http_modsecurity_log.o ./objs/addon/src/ngx_http_modsecurity_rewrite.o ./objs/ngx_http_modsecurity_module_modules.o ./objs/ngx_http_modsecurity_module.so [root@localhost nginx-1.16.1]# 将生成的 modsecurity 相关文件复制到 rpmbuild 中 cd /root/ mkdir -p ./rpmbuild/BUILD find . -type f -iname 'libmodsecurity.so.3.*' -exec cp {} ./rpmbuild/BUILD \; find . -type f -iname 'ngx_http_modsecurity_module.so' -exec cp {} ./rpmbuild/BUILD \;当前结果: [root@localhost ~]# ls rpmbuild/BUILD/ -l 总用量 43780 -rwxr-xr-x. 1 root root 44442616 5月 19 15:49 libmodsecurity.so.3.0.4 -rwxr-xr-x. 1 root root 384824 5月 19 15:49 ngx_http_modsecurity_module.so [root@localhost ~]# 生成 rpm 安装包 vi /root/rpmbuild/SPECS/nginx-modsecurity.spec Name: nginx-modsecurity3-centos7 Version: 3.0.4 Release: 1 Group: Applications/System BuildArch: x86_64 Summary: modsecurity for nginx License: GPL %description Brief description of software package. Provides: libmodsecurity.so.3 nginx-modsecurity %prep %build %install mkdir -p %{buildroot}/opt/modsecurity cp libmodsecurity.so.3.0.4 %buildroot/opt/modsecurity cp ngx_http_modsecurity_module.so %buildroot/opt/modsecurity %post echo 'load_module "/usr/lib64/nginx/modules/ngx_http_modsecurity_module.so";' > /usr/share/nginx/modules/mod-modsecurity.conf ln -sf /opt/modsecurity/ngx_http_modsecurity_module.so /usr/lib64/nginx/modules/ngx_http_modsecurity_module.so cat > /etc/ld.so.conf.d/modsecurity.conf |
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |