github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v4.5.5.0

Browse Source 
Changelog: https://haproxy-wi.org/changelog.py#4_5_5
pull/260/head
Pavel Loginov 4 years ago
parent 80902a2613
commit b1d8d8a50f
2 changed files with 47 additions and 38 deletions
Show Stats Download Patch File Download Diff File

39
app/scripts/install_haproxy_exporter.sh
Unescape View File

@ -1,44 +1,49 @@
#!/bin/bash
for ARGUMENT in "$@"
do
KEY=$(echo $ARGUMENT | cut -f1 -d=)
VALUE=$(echo $ARGUMENT | cut -f2 -d=)
KEY=$(echo "$ARGUMENT" | cut -f1 -d=)
VALUE=$(echo "$ARGUMENT" | cut -f2 -d=)
case "$KEY" in
PROXY) PROXY=${VALUE} ;;
HOST) HOST=${VALUE} ;;
USER) USER=${VALUE} ;;
PASS) PASS=${VALUE} ;;
KEY) KEY=${VALUE} ;;
PROXY) PROXY=${VALUE} ;;
HOST) HOST=${VALUE} ;;
USER) USER=${VALUE} ;;
PASS) PASS=${VALUE} ;;
KEY) KEY=${VALUE} ;;
STAT_PORT) STAT_PORT=${VALUE} ;;
STAT_PAGE) STAT_PAGE=${VALUE} ;;
STATS_USER) STATS_USER=${VALUE} ;;
STATS_PASS) STATS_PASS=${VALUE} ;;
SSH_PORT) SSH_PORT=${VALUE} ;;
*)
STATS_USER) STATS_USER=${VALUE} ;;
STATS_PASS) STATS_PASS=${VALUE} ;;
SSH_PORT) SSH_PORT=${VALUE} ;;
*)
esac
done
if [ ! -d "/var/www/haproxy-wi/app/scripts/ansible/roles/bdellegrazie.haproxy_exporter" ]; then
if [ ! -z $PROXY ];then
if [[ -n $PROXY ]];then
export https_proxy="$PROXY"
export http_proxy="$PROXY"
fi
ansible-galaxy install bdellegrazie.haproxy_exporter --roles-path /var/www/haproxy-wi/app/scripts/ansible/roles/
bash -c cat << EOF >> /var/www/haproxy-wi/app/scripts/ansible/roles/bdellegrazie.ansible-role-prometheus_exporter/vars/vars-family-redhat-8.yml
---
prometheus_exporter_ansible_packages:
- libselinux-python3
EOF
fi
export ANSIBLE_HOST_KEY_CHECKING=False
export ANSIBLE_DISPLAY_SKIPPED_HOSTS=False
export ACTION_WARNINGS=False
export ANSIBLE_DEPRECATION_WARNINGS=False
PWD=`pwd`
PWD=$(pwd)
PWD=$PWD/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
echo "$HOST ansible_port=$SSH_PORT" > "$PWD"/"$HOST"
if [[ $KEY == "" ]]; then
ansible-playbook $PWD/roles/haproxy_exporter.yml -e "ansible_user=$USER ansible_ssh_pass=$PASS variable_host=$HOST PROXY=$PROXY STAT_PAGE=$STAT_PAGE STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS SSH_PORT=$SSH_PORT" -i $PWD/$HOST
ansible-playbook "$PWD"/roles/haproxy_exporter.yml -e "ansible_user=$USER ansible_ssh_pass=$PASS variable_host=$HOST PROXY=$PROXY STAT_PAGE=$STAT_PAGE STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS SSH_PORT=$SSH_PORT" -i "$PWD"/"$HOST"
else
ansible-playbook $PWD/roles/haproxy_exporter.yml --key-file $KEY -e "ansible_user=$USER variable_host=$HOST PROXY=$PROXY STAT_PAGE=$STAT_PAGE STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS SSH_PORT=$SSH_PORT" -i $PWD/$HOST
ansible-playbook "$PWD"/roles/haproxy_exporter.yml --key-file "$KEY" -e "ansible_user=$USER variable_host=$HOST PROXY=$PROXY STAT_PAGE=$STAT_PAGE STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS SSH_PORT=$SSH_PORT" -i "$PWD"/"$HOST"
fi
if [ $? -gt 0 ]
@ -52,4 +57,4 @@ if ! sudo grep -Fxq " - $HOST:9101" /etc/prometheus/prometheus.yml; then
fi
sudo systemctl reload prometheus
rm -f $PWD/$HOST
rm -f "$PWD"/"$HOST"

46
app/scripts/waf.sh
Unescape View File

@ -2,8 +2,8 @@
for ARGUMENT in "$@"
do
KEY=$(echo $ARGUMENT | cut -f1 -d=)
VALUE=$(echo $ARGUMENT | cut -f2 -d=)
KEY=$(echo "$ARGUMENT" | cut -f1 -d=)
VALUE=$(echo "$ARGUMENT" | cut -f2 -d=)
case "$KEY" in
PROXY) PROXY=${VALUE} ;;
@ -13,10 +13,10 @@ do
esac
done
VERSION=$(echo 2.1.3| awk -F"-" '{print $1}')
VERSION_MAJ=$(echo $VERSION | awk -F"." '{print $1"."$2}')
VERSION_MAJ=$(echo "$VERSION" | awk -F"." '{print $1"."$2}')
if (( $(awk 'BEGIN {print ("'$VERSION_MAJ'" < "'1.8'")}') )); then
echo 'error: Need HAProxy version 1.8 or later <a title="Close" id="errorMess"><b>X</b></a>'
echo 'error: Need HAProxy version 1.8 or later'
exit 1
fi
@ -26,22 +26,26 @@ then
export https_proxy="$PROXY"
fi
if [ -f $HAPROXY_PATH/waf/modsecurity.conf ];then
echo -e 'Info: Haproxy WAF already installed. <br /><br />'
if [ -f "$HAPROXY_PATH"/waf/modsecurity.conf ];then
echo -e 'info: Haproxy WAF has already installed.'
exit 1
fi
if hash apt-get 2>/dev/null; then
sudo apt install libevent-dev apache2-dev libpcre3-dev libxml2-dev gcc pcre-devel wget -y
else
sudo yum install -y http://rpmfind.net/linux/centos/7/os/x86_64/Packages/yajl-devel-2.0.4-4.el7.x86_64.rpm >> /dev/null
sudo yum install -y http://mirror.centos.org/centos/7/os/x86_64/Packages/libevent-devel-2.0.21-4.el7.x86_64.rpm >> /dev/null
sudo yum install -y httpd-devel libxml2-devel gcc curl-devel pcre-devel wget -y >> /dev/null
if [[ $(cat /etc/*rele* |grep VERSION_ID |awk -F"\"" '{print $2}') -eq 7 ]]; then
sudo yum install -y http://rpmfind.net/linux/centos/7/os/x86_64/Packages/yajl-devel-2.0.4-4.el7.x86_64.rpm >> /dev/null
sudo yum install -y http://mirror.centos.org/centos/7/os/x86_64/Packages/libevent-devel-2.0.21-4.el7.x86_64.rpm >> /dev/null
else
sudo rpm -ivh ftp://ftp.ntua.gr/pub/linux/centos/8.2.2004/PowerTools/x86_64/kickstart/Packages/yajl-devel-2.1.0-10.el8.x86_64.rpm
fi
sudo yum install -y httpd-devel libxml2-devel gcc curl-devel pcre-devel wget libevent-devel -y >> /dev/null
fi
wget -O /tmp/modsecurity.tar.gz https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz >> /dev/null
if [ $? -eq 1 ]; then
echo -e "Can't download waf application. Check Internet connection"
echo -e "Can't download waf application. Check the Internet connection"
exit 1
fi
cd /tmp
@ -67,7 +71,7 @@ mv /tmp/modsecurity/INSTALL/include/standalone/* /tmp/modsecurity/INSTALL/includ
wget -O /tmp/haproxy-$VERSION.tar.gz http://www.haproxy.org/download/$VERSION_MAJ/src/haproxy-$VERSION.tar.gz
if [ $? -eq 1 ]; then
echo -e "error: Can't download Haproxy application. Check Internet connection"
echo -e "error: Can't download Haproxy application. Check the Internet connection"
exit 1
fi
cd /tmp
@ -131,17 +135,17 @@ Include $HAPROXY_PATH/waf/rules/modsecurity_crs_59_outbound_blocking.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_60_correlation.conf
EOF
sudo mv /tmp/modsecurity.conf $HAPROXY_PATH/waf/modsecurity.conf
sudo mv /tmp/modsecurity.conf "$HAPROXY_PATH"/waf/modsecurity.conf
wget -O /tmp/unicode.mapping https://github.com/SpiderLabs/ModSecurity/raw/v2/master/unicode.mapping
sudo mv /tmp/unicode.mapping $HAPROXY_PATH/waf/unicode.mapping
sudo mv /tmp/unicode.mapping "$HAPROXY_PATH"/waf/unicode.mapping
wget -O /tmp/owasp.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/2.2.9.tar.gz
cd /tmp/
sudo tar xf /tmp/owasp.tar.gz
sudo mv /tmp/owasp-modsecurity-crs-2.2.9/modsecurity_crs_10_setup.conf.example $HAPROXY_PATH/waf/rules/modsecurity_crs_10_setup.conf
sudo mv /tmp/owasp-modsecurity-crs-2.2.9/*rules/* $HAPROXY_PATH/waf/rules/
sudo sed -i 's/#SecAction/SecAction/' $HAPROXY_PATH/waf/rules/modsecurity_crs_10_setup.conf
sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' $HAPROXY_PATH/waf/modsecurity.conf
sudo sed -i 's/SecAuditLogParts ABIJDEFHZ/SecAuditLogParts ABIJDEH/' $HAPROXY_PATH/waf/modsecurity.conf
sudo mv /tmp/owasp-modsecurity-crs-2.2.9/*rules/* "$HAPROXY_PATH"/waf/rules/
sudo sed -i 's/#SecAction/SecAction/' "$HAPROXY_PATH"/waf/rules/modsecurity_crs_10_setup.conf
sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' "$HAPROXY_PATH"/waf/modsecurity.conf
sudo sed -i 's/SecAuditLogParts ABIJDEFHZ/SecAuditLogParts ABIJDEH/' "$HAPROXY_PATH"/waf/modsecurity.conf
sudo rm -f /tmp/owasp.tar.gz
sudo rm -f /tmp/owasp-modsecurity-crs-2.2.9
sudo rm -f /tmp/haproxy-$VERSION
@ -184,8 +188,8 @@ spoe-message check-request
event on-frontend-http-request
EOF
sudo mv /tmp/waf.conf $HAPROXY_PATH/waf.conf
if sudo grep -q "backend waf" $HAPROXY_PATH/haproxy.cfg; then
sudo mv /tmp/waf.conf "$HAPROXY_PATH"/waf.conf
if sudo grep -q "backend waf" "$HAPROXY_PATH"/haproxy.cfg; then
echo -e "Backend for WAF exists"
else
sudo bash -c 'cat << EOF >> /etc/haproxy/haproxy.cfg
@ -199,14 +203,14 @@ EOF'
fi
sudo rm -f /tmp/modsecurity.tar.gz
sudo rm -rf /tmp/haproxy-$VERSION.tar.gz
sudo rm -rf /tmp/haproxy-"$VERSION".tar.gz
sudo systemctl daemon-reload
sudo systemctl enable waf
sudo systemctl restart waf
if [ $? -eq 1 ]; then
echo "error: Can't start Haproxy WAF service <br /><br />"
echo "error: Can't start Haproxy WAF service"
exit 1
fi
echo "success"
Write Preview
Loading…
Cancel
Save