-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdateCoreRuleSet.sh
More file actions
executable file
·30 lines (20 loc) · 1.05 KB
/
updateCoreRuleSet.sh
File metadata and controls
executable file
·30 lines (20 loc) · 1.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/usr/bin/env sh
CORERULESET_VERSION=3.3.2
CORERULESET_CONF=/opt/nginx/conf/modsecurity.conf
rm -fR /opt/nginx/conf/coreruleset/
wget -O /tmp/coreruleset.zip https://github.com/coreruleset/coreruleset/archive/refs/tags/v$CORERULESET_VERSION.zip
unzip /tmp/coreruleset.zip -d /tmp/coreruleset
mv /tmp/coreruleset/coreruleset-$CORERULESET_VERSION /opt/nginx/conf/coreruleset
cp /opt/nginx/conf/coreruleset/crs-setup.conf.example /opt/nginx/conf/coreruleset/crs-setup.conf
if [ ! -f $CORERULESET_CONF ]; then
echo "SecRuleEngine On" >> $CORERULESET_CONF
echo "SecAuditEngine On" >> $CORERULESET_CONF
echo "SecAuditLog /opt/nginx/logs/audit.log" >> $CORERULESET_CONF
echo "SecAuditLogParts ABCFHZ" >> $CORERULESET_CONF
echo "SecAuditLogType concurrent" >> $CORERULESET_CONF
echo "SecAuditLogStorageDir /opt/nginx/logs" >> $CORERULESET_CONF
echo "Include /opt/nginx/conf/coreruleset/crs-setup.conf" >> $CORERULESET_CONF
echo "Include /opt/nginx/conf/coreruleset/rules/*.conf" >> $CORERULESET_CONF
fi
rm -f /tmp/coreruleset.zip
rm -fR /tmp/coreruleset