ModSecurity开源WAF部署
先安装nginx
epel
yum install -y epel-release
依赖
yum install -y gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre pcre-devel libxml2 libxml2-devel autoconf automake lmdb-devel ssdeep-devel ssdeep-libs libmaxminddb-devel git apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev ibpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev
编译ModSecurity库
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
cd ModSecurity
git submodule init
git submodule update
./build.sh
./configure
make -j 8
make install
nginx连接器:
cd /root/
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
nginx版本
[root@localhost ModSecurity-nginx]# nginx -v
nginx version: nginx/1.18.0
编译模块:
wget http://nginx.org/download/nginx-1.18.0.tar.gz
tar zxvf nginx-1.18.0.tar.gz
cd nginx-1.18.0
./configure --with-compat --add-dynamic-module=/root/ModSecurity-nginx
make modules
cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules/
将load_module指令添加到/etc/nginx/nginx.conf
的main域:
[root@localhost nginx-1.18.0]# head /etc/nginx/nginx.conf
load_module modules/ngx_http_modsecurity_module.so;
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
测试
[root@localhost nginx-1.18.0]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful