📄 Viewing: mojosecure
#!/bin/bash
#
# Mojo Security Deploy
# Script: mojosecure
#
# Description: Deploys maldet, clamd, fail2ban, modsecurity
#
#
# Author: Joseph laws
#
# Changelog:
# * 03/12/2013: Joseph Laws, Mojohost
# - initial write
release_Check ()
{
WHATOS=$(rpm -qa centos-release --qf %{version})
if [[ "${WHATOS}" -ge 6 ]]; then
echo;echo;echo "This is centos 6 or later, we'll use latest ModSec"
elif [ "${WHATOS}" -le "5" ]; then
echo;echo;echo "This is centos 5 or older, we'll use older ModSec."
else
echo;echo;echo "Doesn't seem to be Centos 3, 4, 5 or 6...exiting due to total fail..."
exit 1
fi
}
maldet_Check ()
{
if [[ ! -f ${MALDET} ]]; then
echo "Maldet ${RED}DOES NOT EXIST${COLOROFF}."
wget -q ${REPOURL}/maldet/maldet-install -O /tmp/maldet-install
chmod 700 /tmp/maldet-install
/tmp/maldet-install --initial
rm -f /tmp/maldet-install
echo "Maldet ${GREEN}installed${COLOROFF} at ${YELLOW}${MALDET}${COLOROFF}"
else
echo "Maldet ${GREEN}installed${COLOROFF} at ${YELLOW}${MALDET}${COLOROFF}"
fi
if [[ $(ls -al /usr/local/sbin/maldet | awk '{print $11}') != /usr/local/mojo/security/maldet/maldet ]];then
rm -f /usr/local/sbin/maldet
rm -f /usrl/ocal/sbin/lmd
ln -s /usr/local/mojo/security/maldet/maldet /usr/local/sbin/maldet
ln -s /usr/local/mojo/security/maldet/maldet /usr/local/sbin/lmd
echo "Symlinks now set properly."
echo "$(ls -al $(which lmd) | awk '{print $9,$10,$11}')"
echo "$(ls -al $(which maldet) | awk '{print $9,$10,$11}')"
else
echo "Symlinks already set properly."
echo "$(ls -al $(which lmd) | awk '{print $9,$10,$11}')"
echo "$(ls -al $(which maldet) | awk '{print $9,$10,$11}')"
fi
}
fail2ban_Check ()
{
if [[ ! -f ${FAIL2BAN} ]]; then
echo "Fail2ban ${RED}DOES NOT EXIST${COLOROFF}."
yum --disablerepo=* --enablerepo=epel install fail2ban -y
chkconfig fail2ban on
service fail2ban start
unset FAIL2BAN
FAIL2BAN=$(which fail2ban-server 2> /dev/null)
wget -qO - ${REPOURL}/fail2ban/failupdate | bash
POSTURL='http://seclog.mojohost.com/tools/register.php'
RESULT=$($CURL -s -L $POSTURL -d hostname=$HOSTNAME)
if [[ "$RESULT" == "GOOD" ]]
then
echo "Fail2ban registration ${GREEN}SUCCESSFULL${COLOROFF}!"
elif [[ "$RESULT" == "ALREADY REGISTERED" ]]; then
echo "Fail2ban registration ${YELLOW}ALREADY REGISTERED${COLOROFF}!"
else
echo "Fail2ban registration ${RED}FAILED${COLOROFF}!"
fi
echo "Fail2ban ${GREEN}installed${COLOROFF} at ${YELLOW}${FAIL2BAN}${COLOROFF}"
wget -qO - ${REPOURL}/fail2ban/failupdate | bash
echo "Fail2ban ${GREEN}updated${COLOROFF}"
else
echo "Fail2ban ${GREEN}installed${COLOROFF} at ${YELLOW}${FAIL2BAN}${COLOROFF}"
wget -qO - ${REPOURL}/fail2ban/failupdate | bash
echo "Fail2ban ${GREEN}updated${COLOROFF}"
fi
}
modsecurity_Check ()
{
if [[ ! -f ${MODSEC} ]]; then
echo "Mojo modsec ${RED}DOES NOT EXIST${COLOROFF}."
cd /usr/src
rm -fr modsec*
if [[ ${WHATOS} -ge 6 ]]; then
wget -q ${REPOURL}/modsec/modsecurity-2.9.1.tar.gz
tar xfz modsecurity-2.9.1.tar.gz
cd modsecurity-2.9.1
elif [ ${WHATOS} -le 5 ]; then
wget -q http://fs01.mojohost.com/files/modsec/modsecurity-apache_2.5.13.tar.gz
tar xfz modsecurity-apache_2.5.13.tar.gz
cd modsecurity-apache_2.5.13/apache2
fi
if [[ ! -f /usr/include/pcre.h ]]; then
if [[ ! -f /usr/include/pcre/pcre.h ]]; then
echo "${RED}MISSING /usr/include/pcre.h, WE NEED PCRE-DEVEL${COLOROFF}"
yum install pcre-devel -y
mv /usr/include/apache/pcre.h{,.OLD}
cp /usr/include/pcre.h /usr/include/apache
echo "${GREEN}PCRE-DEVEL INSTALLED${COLOROFF}"
else
mv /usr/include/apache/pcre.h{,.OLD}
cp /usr/include/pcre/pcre.h /usr/include/apache
fi
else
mv /usr/include/apache/pcre.h{,.OLD}
cp /usr/include/pcre.h /usr/include/apache
fi
./configure && make && make install
/usr/sbin/apxs -e -a -i apache2/mod_security2.la
if [[ $(grep -s 'LoadFile /usr/lib64/libxml2.so' /etc/httpd/conf/httpd.conf) == "" ]]; then
sed -i -e $(grep -n LoadModule /etc/httpd/conf/httpd.conf | tail -1 | cut -f1 -d:)aLoadFile\ /usr/lib64/libxml2.so /etc/httpd/conf/httpd.conf
fi
if [[ $(grep -s 'LoadModule security2_module lib/apache/mod_security2.so' /etc/httpd/conf/httpd.conf) == "" ]]; then
sed -i -e $(grep -n LoadModule /etc/httpd/conf/httpd.conf | tail -1 | cut -f1 -d:)aLoadModule\ security2_module\ lib/apache/mod_security2.so /etc/httpd/conf/httpd.conf
fi
if [[ $(awk -F: '{print $1}' /etc/passwd | grep -sw diradmin) != "" ]] && [[ $(ps auxf | grep -sv grep | grep -sw directadmin) != "" ]]; then
DIRECTADMIN=YES
echo "DirectAdmin ${GREEN}FOUND${COLOROFF}."
if [[ -f /etc/httpd/conf/extra/httpd-modsecurity.conf ]]; then
echo "extra/httpd-modsecurity.conf ${RED}EXISTS${COLOROFF}"
mv /etc/httpd/conf/extra/httpd-modsecurity.conf{,.OLD}
wget -q ${REPOURL}/modsec/00_modsecurity_da.conf -O /etc/httpd/conf/extra/httpd-modsecurity.conf
else
echo "extra/httpd-modsecurity.conf ${GREEN}DOES NOT EXIST${COLOROFF}"
wget -q ${REPOURL}/modsec/00_modsecurity_da.conf -O /etc/httpd/conf/extra/httpd-modsecurity.conf
fi
if [[ $(grep Include /etc/httpd/conf/httpd.conf | grep httpd-modsecurity.conf | grep -v '#') == "" ]];then
cp /etc/httpd/conf/httpd.conf{,.PRE_MODSEC}
echo "# Modsecurity" >> /etc/httpd/conf/httpd.conf
echo "Include conf/extra/httpd-modsecurity.conf" >> /etc/httpd/conf/httpd.conf
else
echo "ModSecurity seems to be referenced in httpd.conf already, if it is not loading you need to investigate."
fi
else
DIRECTADMIN=NO
fi
if [[ -f /etc/httpd/conf.d/modsecurity_config.conf ]] && [[ "${DIRECTADMIN}" == "NO" ]]; then
mv /etc/httpd/conf.d/modsecurity_config.conf{,.OLD}
wget -q ${REPOURL}/modsec/00_modsecurity.conf -O /etc/httpd/conf.d/00_modsecurity.conf
elif [[ -f /etc/httpd/conf.d/modsecurity_config.conf ]] && [[ "${DIRECTADMIN}" == "YES" ]]; then
mv /etc/httpd/conf/extra/httpd-modsecurity.conf{,.OLD}
wget -q ${REPOURL}/modsec/00_modsecurity_da.conf -O /etc/httpd/conf/extra/httpd-modsecurity.conf
else
wget -q ${REPOURL}/modsec/00_modsecurity.conf -O /etc/httpd/conf.d/00_modsecurity.conf
fi
mkdir -p /etc/httpd/modsecurity.d/active_rules
wget -q ${REPOURL}/modsec/00_modsecurity_mojo.conf -O /etc/httpd/modsecurity.d/00_modsecurity_mojo.conf
else
wget -q ${REPOURL}/modsec/00_modsecurity_mojo.conf -O /tmp/00_modsecurity_mojo.conf
if [[ $(md5sum /tmp/00_modsecurity_mojo.conf | awk '{print$1}') == $(md5sum /etc/httpd/modsecurity.d/00_modsecurity_mojo.conf | awk '{print$1}') ]]; then
echo "00_modsecurity_mojo.conf ${GREEN}EXISTS & IS IN-SYNC WITH REPO${COLOROFF}."
rm -f /tmp/00_modsecurity_mojo.conf
else
echo "00_modsecurity_mojo.conf is ${RED}OUT OF SYNC WITH REPO${COLOROFF}."
mv /etc/httpd/modsecurity.d/00_modsecurity_mojo.conf{,.prefail2ban}
mv /tmp/00_modsecurity_mojo.conf /etc/httpd/modsecurity.d
echo "00_modsecurity_mojo.conf ${GREEN}NOW IN-SYNC WITH REPO${COLOROFF}."
fi
fi
if [[ ! -d /etc/httpd/asl ]]; then
echo "/etc/httpd/asl ${RED}DOES NOT EXIST${COLOROFF}."
mkdir -p /etc/httpd/asl /etc/httpd/asl/tmp /etc/httpd/asl/updates /etc/httpd/asl/rules /etc/httpd/asl/rules/clamav /etc/httpd/asl/data
mkdir -p /etc/httpd/asl/data/msa /etc/httpd/asl/data/audit /etc/httpd/asl/data/suspicious
touch /etc/httpd/asl/whitelist
echo "/etc/httpd/asl ${GREEN}NOW EXISTS${COLOROFF}."
else
echo "/etc/httpd/asl ${GREEN}EXISTS${COLOROFF}."
fi
if [[ "${HTTPDUSER}" == "nobody" ]] || [[ "${HTTPDUSER}" == "apache" ]]; then
chown -R ${HTTPDUSER} /etc/httpd/asl/data
else
echo "${HTTPDUSER} was not nobody or apache, something special here. Determine web user and issue the following:"
echo " chown -R <WEBUSER> /etc/httpd/asl/data"
fi
chmod o-rx -R /etc/httpd/asl/data/*
chmod ug+rwx -R /etc/httpd/asl/data/*
if [[ ! -d /etc/httpd/modsecurity.d/active_rules ]]; then
mkdir -p /etc/httpd/modsecurity.d/active_rules
fi
}
modsec_Scan ()
{
if [[ $(grep -s public_scan /usr/local/mojo/security/maldet/conf.maldet | awk -F'=' '{print $2}') == "0" ]]; then
echo "Maldet public scans ${RED}NOT ENABLED${COLOROFF}."
sed -i 's/public_scan=0/public_scan=1/' /usr/local/maldetect/conf.maldet
maldet --mkpubpaths
echo "Maldet public scans now ${GREEN}ENABLED${COLOROFF}."
else
echo "Maldet public scans ${GREEN}ENABLED${COLOROFF}."
fi
if [[ ! -f /usr/local/sbin/modsec-clamav.pl ]]; then
echo "modsec-clamav.pl ${RED}DOES NOT EXIST${COLOROFF}."
wget -q ${REPOURL}/modsec/modsec-clamav.txt -O /usr/local/sbin/modsec-clamav.pl
chmod 755 /usr/local/sbin/modsec-clamav.pl
if [[ ! -f /usr/local/sbin/modsec-clamav.pl ]] || [[ $(stat -c %s /usr/local/sbin/modsec-clamav.pl) == "0" ]]; then
echo "modsec-clamav.pl ${RED}FAILED DOWNLOAD **MUST BE RESOLVED**${COLOROFF}"
else
echo "modsec-clamav.pl ${GREEN}NOW EXISTS AND IS IN-SYNC WITH REPO${COLOROFF}."
fi
else
wget -q ${REPOURL}/modsec/modsec-clamav.txt -O /tmp/modsec-clamav.pl
if [[ $(md5sum /usr/local/sbin/modsec-clamav.pl | awk '{print$1}') == $(md5sum /tmp/modsec-clamav.pl | awk '{print$1}') ]]; then
echo "modsec-clamav.pl ${GREEN}EXISTS AND IS IN-SYNC WITH REPO${COLOROFF}."
rm -f /tmp/modsec-clamav.pl
else
echo "modsec-clamav.pl is ${RED}NOT IN SYNC WITH REPO${COLOROFF}."
rm -f /usr/local/sbin/modsec-clamav.pl
mv /tmp/modsec-clamav.pl /usr/local/sbin/modsec-clamav.pl
chmod 755 /usr/local/sbin/modsec-clamav.pl
echo "modsec-clamav.pl is ${GREEN}NOW IN-SYNC WITH REPO${COLOROFF}."
fi
fi
if [[ -f /usr/local/sbin/hitcheck.sh ]]; then
echo "${RED}OLD hitcheck.sh FOUND${COLOROFF}"
rm -f /usr/local/sbin/hitcheck.sh
echo "${GREEN}OLD hitcheck.sh REMOVED${COLOROFF}"
fi
wget -q ${REPOURL}/modsec/modsecblockparse -O /tmp/modsecblockparse
if [[ -f /usr/local/sbin/modsecblockparse ]]; then
if [[ $(md5sum /tmp/modsecblockparse | awk '{print$1}') == $(md5sum /usr/local/sbin/modsecblockparse | awk '{print$1}') ]]; then
echo "modsecblockparse ${GREEN}EXISTS AND IS IN-SYNC WITH REPO${COLOROFF}"
rm -f /tmp/modsecblockparse
else
echo "modsecblockparse ${RED}EXISTS BUT IS NOT IN-SYNC WITH REPO${COLOROFF}"
rm -f /usr/local/sbin/modsecblockparse
mv /tmp/modsecblockparse /usr/local/sbin/modsecblockparse
chmod 755 /usr/local/sbin/modsecblockparse
echo "modsecblockparse ${GREEN}NOW IN-SYNC WITH REPO${COLOROFF}"
fi
else
echo "modsecblockparse ${RED}DOES NOT EXIST${COLOROFF}."
mv /tmp/modsecblockparse /usr/local/sbin/modsecblockparse
chmod 755 /usr/local/sbin/modsecblockparse
echo "modsecblockparse ${GREEN}NOW EXISTS AND IS IN-SYNC WITH REPO${COLOROFF}."
fi
}
install_Problemcheck ()
{
if [[ $(grep -sw Include /etc/httpd/conf/httpd.conf | grep conf.d | grep -v "#") == "" ]] && [[ "${DIRECTADMIN}" == "NO" ]]; then
echo "${RED}/etc/httpd/conf.d/*.conf is commented out. Uncomment this or modsecurity will not operate${COLOROFF}."
elif [[ $(grep -sw Include /etc/httpd/conf/httpd.conf | grep httpd-modsecurity.conf | grep -v "#") == "" ]] && [[ "${DIRECTADMIN}" == "YES" ]]; then
echo "${RED}/etc/httpd/extra/httpd-modsecurity.conf is commented out. Uncomment this or modsecurity will not operate${COLOROFF}."
fi
if [[ $(grep -sw LoadModule /etc/httpd/conf/httpd.conf | grep security2_module | grep -v "#") == "" ]] && [[ ${DIRECTADMIN} == "NO" ]]; then
echo "${RED}LoadModule security2_module lib/apache/mod_security2.so is commented out. Uncomment this or modsecurity will not operate.${COLOROFF}"
elif [[ $(grep -sw LoadModule /etc/httpd/conf/extra/httpd-modsecurity.conf | grep security2_module | grep -v "#") == "" ]] && [[ ${DIRECTADMIN} == "YES" ]]; then
echo "${RED}LoadModule security2_module lib/apache/mod_security2.so is commented out. Uncomment this or modsecurity will not operate.${COLOROFF}"
fi
if [[ -f /var/clamav/rfxn.hdb ]]; then
rm -f /var/clamav/rfxn.*
rm -f /var/clamav/phphacks.*
fi
screen -AdmS freshclam freshclam
service httpd configtest
if [ $? = 0 ]; then
echo "${GREEN}APACHE CONFIGTEST SUCCESSFULL!${COLOROFF}"
service httpd restart
else
echo "${RED}APACHE CONFIGTEST FAILURE!${COLOROFF}"
fi
if [[ -f /etc/rc.d/init.d/fail2ban ]]; then
FAIL2BANSTATUS="${GREEN}INSTALLED${COLOROFF}"
else
FAIL2BANSTATUS="${RED}NOT INSTALLED${COLOROFF}"
fi
if [[ -f /usr/local/mojo/security/maldet/maldet ]]; then
MALDETSTATUS="${GREEN}INSTALLED${COLOROFF}"
else
MALDETSTATUS="${RED}NOT INSTALLED${COLOROFF}"
fi
if [[ $(ps auxf | grep -v grep | grep -i clamd) != "" ]]; then
CLAMDSTATUS="${GREEN}RUNNING${COLOROFF}"
else
CLAMDSTATUS="${RED}NOT RUNNING${COLOROFF}"
fi
echo;echo;echo
echo "Maldet : $MALDETSTATUS"
echo "Fail2Ban: $FAIL2BANSTATUS"
echo "ClamD : $CLAMDSTATUS"
echo;echo;echo
echo "ModSecurity Content Blocking + Fail2ban + Maldet installed on $(hostname) from secrepo" | mail -s "ModSecurity/Fail2ban installed" secteam@mojohost.com
}
MALDET=/usr/local/mojo/security/maldet/maldet
CLAMD=$(which clamdscan 2> /dev/null)
FAIL2BAN=$(which fail2ban-server 2> /dev/null)
MODSEC=/etc/httpd/modsecurity.d/00_modsecurity_mojo.conf
HTTPDUSER=$(ps auxf | grep httpd | grep -v grep | awk '{print $1}' | grep -v root | uniq)
CURL=$(which curl 2> /dev/null)
RELEASE=$(awk '{print $3}' /etc/redhat-release | awk -F'.' '{print $1}')
ARCH=$(uname -m)
HOSTNAME=$(hostname)
REPOURL=http://secrepo.mojohost.com/release
GREEN=$(tput setaf 2)
RED=$(tput setaf 1)
YELLOW=$(tput setaf 3)
COLOROFF=$(tput sgr0)
release_Check
maldet_Check
fail2ban_Check
modsecurity_Check
modsec_Scan
install_Problemcheck
🌑 DarkStealth — WP Plugin Edition