digitaldemocratic/dd-waf/docker/modsecurity/Dockerfile

70 lines
2.6 KiB
Docker
Raw Normal View History

2022-11-10 00:28:20 +01:00
# Install Modsecurity in a Docker container
2022-10-25 13:48:10 +02:00
FROM ubuntu:20.04 as production
ARG DEBIAN_FRONTEND=noninteractive
2022-11-15 11:07:30 +01:00
# update/upgrade your system
2022-10-25 13:48:10 +02:00
# Install Required Dependencies
2022-11-15 11:07:30 +01:00
RUN apt-get update && apt-get install -y \
g++ flex bison curl apache2-dev \
2022-10-25 13:48:10 +02:00
doxygen libyajl-dev ssdeep liblua5.2-dev \
libgeoip-dev libtool dh-autoreconf \
libcurl4-gnutls-dev libxml2 libpcre++-dev \
2022-11-15 11:07:30 +01:00
libxml2-dev git wget tar apache2 \
&& rm -rf /var/lib/apt/lists/*
2022-10-25 13:48:10 +02:00
2022-11-15 11:07:30 +01:00
# Download LibModsecurity. Extract the Downloaded File. Compile and Install LibModsecurity
RUN wget https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecurity-v3.0.8.tar.gz \
&& tar xzf modsecurity-v3.0.8.tar.gz && rm -rf modsecurity-v3.0.8.tar.gz \
&& cd modsecurity-v3.0.8 && \
2022-10-25 13:48:10 +02:00
./build.sh && ./configure && \
make && make install
# Install ModSecurity-Apache Connector
2022-11-15 11:07:30 +01:00
RUN cd ~ && git clone https://github.com/SpiderLabs/ModSecurity-apache \
&& cd ~/ModSecurity-apache && \
2022-10-25 13:48:10 +02:00
./autogen.sh && \
./configure --with-libmodsecurity=/usr/local/modsecurity/ && \
make && \
make install
2022-11-10 00:28:20 +01:00
# logs should go to stdout / stderr
RUN set -ex \
&& ln -sfT /dev/stderr /var/log/apache2/error.log \
&& ln -sfT /dev/stdout /var/log/apache2/access.log \
&& ln -sfT /dev/stdout /var/log/apache2/other_vhosts_access.log
2022-10-25 13:48:10 +02:00
# Load the Apache ModSecurity Connector Module
RUN echo "LoadModule security3_module /usr/lib/apache2/modules/mod_security3.so" >> /etc/apache2/apache2.conf
# Configure ModSecurity
2022-11-10 00:28:20 +01:00
RUN mkdir -p /etc/apache2/modsecurity.d/dd-rules && \
2022-10-25 13:48:10 +02:00
cp modsecurity-v3.0.8/modsecurity.conf-recommended /etc/apache2/modsecurity.d/modsecurity.conf && \
cp modsecurity-v3.0.8/unicode.mapping /etc/apache2/modsecurity.d/ && \
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/apache2/modsecurity.d/modsecurity.conf
2022-11-15 11:07:30 +01:00
2022-10-25 13:48:10 +02:00
ADD modsec_rules.conf /etc/apache2/modsecurity.d/
# Install OWASP ModSecurity Core Rule Set (CRS) on Ubuntu
2022-11-15 11:07:30 +01:00
RUN git clone --depth=1 https://github.com/SpiderLabs/owasp-modsecurity-crs.git /etc/apache2/modsecurity.d/owasp-crs
2022-11-10 00:28:20 +01:00
ADD crs-setup.conf /etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf
2022-10-25 13:48:10 +02:00
# Activate ModSecurity
RUN mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.old
#ADD 000-default.conf /etc/apache2/sites-available/
#ADD rules_apps.conf /etc/apache2/modsecurity.d/owasp-crs/rules/000-dd-apps.conf
2022-10-25 13:48:10 +02:00
RUN a2enmod proxy_http
#EXPOSE 80
#USER www-data
#HEALTHCHECK --interval=5s --timeout=3s CMD curl --fail http://localhost || exit 1
2022-10-25 13:48:10 +02:00
CMD apachectl -D FOREGROUND
# Testing ModSecurity
2022-11-10 00:28:20 +01:00
#curl http://<SERVER-IP/DOMAIN>/index.php?exec=/bin/bash
# TODO
# Juntas capas y reducir peso
# user no root