From ba7715dbb6937519299f5e16ce3640eb3600ecf0 Mon Sep 17 00:00:00 2001 From: Aidaho12 Date: Tue, 21 Aug 2018 16:07:05 +0600 Subject: [PATCH] v3.2 Bugs --- app/scripts/install_haproxy.sh | 12 +++--- app/scripts/waf.sh | 71 ++++++++++++++++++++-------------- app/sql.py | 13 +++++++ inc/users.js | 1 - inc/waf.js | 3 +- 5 files changed, 63 insertions(+), 37 deletions(-) diff --git a/app/scripts/install_haproxy.sh b/app/scripts/install_haproxy.sh index 2074f09f..22ce80ca 100644 --- a/app/scripts/install_haproxy.sh +++ b/app/scripts/install_haproxy.sh @@ -24,14 +24,13 @@ if [[ $PROXY != "" ]] then export http_proxy="$PROXY" export https_proxy="$PROXY" - echo "Exporting proxy" fi if [ -f /etc/haproxy/haproxy.cfg ];then echo -e 'error: Haproxy already installed. You can edit confighere

' exit 1 fi - +set +x if hash apt-get 2>/dev/null; then sudo apt-get install haproxy socat -y else @@ -54,8 +53,8 @@ then fi fi -sudo echo "" > /etc/haproxy/haproxy.cfg -sudo bash -c cat << EOF > /etc/haproxy/haproxy.cfg +bash -c 'echo "" > /tmp/haproxy.cfg' +bash -c cat << EOF > /tmp/haproxy.cfg global log 127.0.0.1 local2 chroot /var/lib/haproxy @@ -95,9 +94,10 @@ listen stats stats auth $STATS_USER:$STATS_PASS stats admin if TRUE EOF -sudo bash -c cat << EOF > /etc/rsyslog.d/haproxy.conf +sudo cp /tmp/haproxy.cfg /etc/haproxy/haproxy.cfg +sudo bash -c 'cat << EOF > /etc/rsyslog.d/haproxy.conf local2.* /var/log/haproxy.log -EOF +EOF' sudo sed -i 's/#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf sudo sed -i 's/#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf diff --git a/app/scripts/waf.sh b/app/scripts/waf.sh index 6ec0280b..db9b53b6 100644 --- a/app/scripts/waf.sh +++ b/app/scripts/waf.sh @@ -22,7 +22,6 @@ if [[ $PROXY != "" ]] then export http_proxy="$PROXY" export https_proxy="$PROXY" - echo "Exporting proxy" fi if [ -f $HAPROXY_PATH/waf/modsecurity.conf ];then @@ -32,11 +31,12 @@ fi if hash apt-get 2>/dev/null; then sudo apt-get install yajl-dev libevent-dev httpd-dev libxml2-dev gcc curl-dev -y else - wget -O /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm http://rpmfind.net/linux/centos/7.5.1804/os/x86_64/Packages/yajl-devel-2.0.4-4.el7.x86_64.rpm - wget -O /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/libevent-devel-2.0.21-4.el7.x86_64.rpm - wget -O /tmp/modsecurity-2.9.2.tar.gz https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz - sudo yum install /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm httpd-devel libxml2-devel gcc curl-devel -y -if + wget -O /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm http://rpmfind.net/linux/centos/7.5.1804/os/x86_64/Packages/yajl-devel-2.0.4-4.el7.x86_64.rpm >> /dev/null + wget -O /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/libevent-devel-2.0.21-4.el7.x86_64.rpm >> /dev/null + sudo yum install /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm httpd-devel libxml2-devel gcc curl-devel -y >> /dev/null +fi + +wget -O /tmp/modsecurity-2.9.2.tar.gz https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz >> /dev/null if [ $? -eq 1 ]; then echo -e "Can't download waf application. Check Internet connection" @@ -44,18 +44,22 @@ if [ $? -eq 1 ]; then fi cd /tmp sudo tar xf modsecurity-2.9.2.tar.gz -cd /tmp/modsecurity-2.9.2 -sudo ./configure --prefix=/tmp/modsecurity-2.9.2 --enable-standalone-module --disable-mlogc --enable-pcre-study --without-lua --enable-pcre-jit -sudo make -sudo make -C standalone install +sudo bash -c 'cd /tmp/modsecurity-2.9.2 && \ +sudo ./configure --prefix=/tmp/modsecurity-2.9.2 --enable-standalone-module --disable-mlogc --enable-pcre-study --without-lua --enable-pcre-jit >> /dev/null && \ +sudo make >> /dev/null && \ +sudo make -C standalone install >> /dev/null' if [ $? -eq 1 ]; then echo -e "Can't compile waf application" exit 1 fi sudo mkdir -p /tmp/modsecurity-2.9.2/INSTALL/include -sudo cp standalone/.libs/* /tmp/modsecurity-2.9.2/INSTALL/include -sudo cp standalone/* /tmp/modsecurity-2.9.2/INSTALL/include -sudo cp apache2/*.h /tmp/modsecurity-2.9.2/INSTALL/include +sudo cp -R /tmp/modsecurity-2.9.2/standalone/.libs/ /tmp/modsecurity-2.9.2/INSTALL/include +sudo cp -R /tmp/modsecurity-2.9.2/standalone/ /tmp/modsecurity-2.9.2/INSTALL/include +sudo cp -R /tmp/modsecurity-2.9.2/apache2/ /tmp/modsecurity-2.9.2/INSTALL/include +sudo chown -R $(whoami):$(whoami) /tmp/modsecurity-2.9.2/ +mv /tmp/modsecurity-2.9.2/INSTALL/include/.libs/* /tmp/modsecurity-2.9.2/INSTALL/include +mv /tmp/modsecurity-2.9.2/INSTALL/include/apache2/* /tmp/modsecurity-2.9.2/INSTALL/include +mv /tmp/modsecurity-2.9.2/INSTALL/include/standalone/* /tmp/modsecurity-2.9.2/INSTALL/include wget -O /tmp/haproxy-$VERSION.tar.gz http://www.haproxy.org/download/$VERSION_MAJ/src/haproxy-$VERSION.tar.gz @@ -70,18 +74,23 @@ sudo mkdir $HAPROXY_PATH/waf/bin sudo mkdir $HAPROXY_PATH/waf/rules cd /tmp/haproxy-$VERSION/contrib/modsecurity if hash apt-get 2>/dev/null; then - sudo make MODSEC_INC=/tmp/modsecurity-2.9.2/INSTALL/include MODSEC_LIB=/tmp/modsecurity-2.9.2/INSTALL/include APR_INC=/usr/include/apr-1 + sudo make MODSEC_INC=/tmp/modsecurity-2.9.2/INSTALL/include MODSEC_LIB=/tmp/modsecurity-2.9.2/INSTALL/include APR_INC=/usr/include/apr-1 >> /dev/null else - sudo make MODSEC_INC=/tmp/modsecurity-2.9.2/INSTALL/include MODSEC_LIB=/tmp/modsecurity-2.9.2/INSTALL/include APACHE2_INC=/usr/include/httpd/ APR_INC=/usr/include/apr-1 + sudo make MODSEC_INC=/tmp/modsecurity-2.9.2/INSTALL/include MODSEC_LIB=/tmp/modsecurity-2.9.2/INSTALL/include APACHE2_INC=/usr/include/httpd/ APR_INC=/usr/include/apr-1 >> /dev/null fi if [ $? -eq 1 ]; then echo -e "Can't compile waf application" exit 1 fi sudo mv /tmp/haproxy-$VERSION/contrib/modsecurity/modsecurity $HAPROXY_PATH/waf/bin -wget -O $HAPROXY_PATH/waf/modsecurity.conf https://github.com/SpiderLabs/ModSecurity/raw/v2/master/modsecurity.conf-recommended +if [ $? -eq 1 ]; then + echo -e "Can't compile waf application" + exit 1 +fi +wget -O /tmp/modsecurity.conf https://github.com/SpiderLabs/ModSecurity/raw/v2/master/modsecurity.conf-recommended -sudo bash -c cat << EOF >> $HAPROXY_PATH/waf/modsecurity.conf + +sudo bash -c cat << EOF >> /tmp/modsecurity.conf Include $HAPROXY_PATH/waf/rules/modsecurity_crs_10_ignore_static.conf Include $HAPROXY_PATH/waf/rules/modsecurity_crs_10_setup.conf Include $HAPROXY_PATH/waf/rules/modsecurity_crs_11_avs_traffic.conf @@ -120,7 +129,9 @@ Include $HAPROXY_PATH/waf/rules/modsecurity_crs_59_outbound_blocking.conf Include $HAPROXY_PATH/waf/rules/modsecurity_crs_60_correlation.conf EOF -wget -O $HAPROXY_PATH/waf/unicode.mapping https://github.com/SpiderLabs/ModSecurity/raw/v2/master/unicode.mapping +sudo mv /tmp/modsecurity.conf $HAPROXY_PATH/waf/modsecurity.conf +wget -O /tmp/unicode.mapping https://github.com/SpiderLabs/ModSecurity/raw/v2/master/unicode.mapping +sudo mv /tmp/unicode.mapping $HAPROXY_PATH/waf/unicode.mapping wget -O /tmp/owasp.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/2.2.9.tar.gz cd /tmp/ sudo tar xf /tmp/owasp.tar.gz @@ -131,9 +142,9 @@ sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' $HAPROXY_PATH/waf/ sudo sed -i 's/SecAuditLogParts ABIJDEFHZ/SecAuditLogParts ABIJDEH/' $HAPROXY_PATH/waf/modsecurity.conf sudo rm -f /tmp/owasp.tar.gz -sudo bash -c cat << EOF > /etc/systemd/system/multi-user.target.wants/waf.service +sudo bash -c cat << EOF > /tmp/waf.service [Unit] -Description=Defender WAF +Description=Haproxy WAF After=syslog.target network.target [Service] @@ -148,13 +159,13 @@ SyslogIdentifier=waf [Install] WantedBy=multi-user.target EOF - -sudo bash -c cat << EOF > /etc/rsyslog.d/waf.conf -if $programname startswith 'waf' then /var/log/waf.log +sudo mv /tmp/waf.service /etc/systemd/system/multi-user.target.wants/waf.service +sudo bash -c 'cat << EOF > /etc/rsyslog.d/waf.conf +if $programname startswith "waf" then /var/log/waf.log & stop -EOF +EOF' -sudo bash -c cat << EOF > $HAPROXY_PATH/waf.conf +sudo bash -c cat << EOF > /tmp/waf.conf [modsecurity] spoe-agent modsecurity-agent messages check-request @@ -168,17 +179,19 @@ spoe-message check-request args unique-id method path query req.ver req.hdrs_bin req.body_size req.body event on-frontend-http-request EOF + +sudo mv /tmp/waf.conf $HAPROXY_PATH/waf.conf if sudo grep -q "backend waf" $HAPROXY_PATH/haproxy.cfg; then echo -e "Backend for WAF exists" else - sudo bash -c cat << EOF >> $HAPROXY_PATH/haproxy.cfg + sudo bash -c 'cat << EOF >> /etc/haproxy/haproxy.cfg backend waf mode tcp timeout connect 5s timeout server 3m server waf 127.0.0.1:12345 check -EOF +EOF' fi sudo systemctl daemon-reload @@ -187,9 +200,9 @@ sudo systemctl restart waf sudo rm -f /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm sudo rm -f /tmp/modsecurity-2.9.2.tar.gz sudo rm -f /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm -sudo rm -rf /tmp/haproxy-$VERSION +#sudo rm -rf /tmp/haproxy-$VERSION sudo rm -rf /tmp/haproxy-$VERSION.tar.gz -sudo rm -rf /tmp/modsecurity-2.9.2 +#sudo rm -rf /tmp/modsecurity-2.9.2 if [ $? -eq 1 ]; then echo "error: Can't start Haproxy WAF service

" diff --git a/app/sql.py b/app/sql.py index f4cf0fbc..b9fe8b3b 100644 --- a/app/sql.py +++ b/app/sql.py @@ -741,6 +741,18 @@ def insert_waf_metrics_enable(serv, enable): cur.close() con.close() +def delete_waf_server(id): + con, cur = create_db.get_cur() + sql = """ delete from waf where server_id = '%s' """ % id + try: + cur.execute(sql) + con.commit() + except sqltool.Error as e: + print('An error occurred: ' + e.args[0] + ' X') + con.rollback() + cur.close() + con.close() + def insert_waf_mentrics(serv, conn): con, cur = create_db.get_cur() if mysql_enable == '1': @@ -1147,6 +1159,7 @@ if form.getvalue('newserver') is not None: if form.getvalue('serverdel') is not None: print('Content-type: text/html\n') if delete_server(form.getvalue('serverdel')): + delete_waf_server(form.getvalue('serverdel')) print("Ok") if form.getvalue('newgroup') is not None: diff --git a/inc/users.js b/inc/users.js index f298e4b4..33f292de 100644 --- a/inc/users.js +++ b/inc/users.js @@ -109,7 +109,6 @@ $( function() { data: { haproxyaddserv: $('#haproxyaddserv').val(), syn_flood: syn_flood, - waf: waf, token: $('#token').val() }, type: "GET", diff --git a/inc/waf.js b/inc/waf.js index 12846c9c..9a25c0d6 100644 --- a/inc/waf.js +++ b/inc/waf.js @@ -43,7 +43,8 @@ function installWaf(ip) { } else if (data.indexOf('success') != '-1' ){ $('.alert-danger').remove(); $('.alert-warning').remove(); - $("#ajax").html('
'+data+''); + $("#ajax").html('
'+data+''); + showOverviewWaf() } } } );