Code Cleanup, Temp LEMP Install code removal

Jsitech · Jul 3, 2019 · d412341 · d412341
1 parent 0c83c59
commit d412341
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 497 deletions.
diff --git a/UbuntuServer_16.04LTS/jshielder.sh b/UbuntuServer_16.04LTS/jshielder.sh
@@ -346,111 +346,6 @@ install_apache(){
   say_done
 }
 
-##############################################################################################################
-
-# Install Nginx With ModSecurity
-install_nginx_modsecurity(){
-  clear
-  f_banner
-  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-  echo -e "\e[93m[+]\e[00m Downloading and Compiling Nginx with ModSecurity"
-  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-  echo ""
-  apt -y install git build-essential libpcre3 libpcre3-dev libssl-dev libtool autoconf apache2-prefork-dev libxml2-dev libcurl4-openssl-dev
-  mkdir src
-  cd src/
-  git clone https://github.com/SpiderLabs/ModSecurity
-  cd ModSecurity
-  ./autogen.sh
-  ./configure --enable-standalone-module
-  make
-  cd ..
-  wget http://nginx.org/download/nginx-1.9.7.tar.gz
-  tar xzvf nginx-1.9.7.tar.gz
-  cp ../templates/ngx_http_header_filter_module.c nginx-1.9.7/src/http/ngx_http_header_filter_module.c
-  cd nginx-1.9.7/
-  ./configure --user=www-data --group=www-data --with-pcre-jit --with-debug --with-http_ssl_module --add-module=/root/JShielder/UbuntuServer_14.04LTS/src/ModSecurity/nginx/modsecurity
-  make
-  make install
-  #Replacing Nginx conf with secure Configurations
-  cp ../../templates/nginx /usr/local/nginx/conf/nginx.conf
-  #Jason Giedymin Nginx Init Script
-  wget https://raw.github.com/JasonGiedymin/nginx-init-ubuntu/master/nginx -O /etc/init.d/nginx
-  chmod +x /etc/init.d/nginx
-  update-rc.d nginx defaults
-  mkdir /usr/local/nginx/conf/sites-available
-  mkdir /usr/local/nginx/conf/sites-enabled
-  say_done
-}
-  ##############################################################################################################
-
-  #Setting UP Virtual Host
-  set_nginx_vhost(){
-  clear
-  f_banner
-  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-  echo -e "\e[93m[+]\e[00m Setup Virtual Host for Nginx"
-  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-  echo " Configure a Virtual Host"
-  echo " Type a Name to Identify the Virtual Host"
-  echo -n " (For Example: myserver.com) "; read vhost
-  touch /usr/local/nginx/conf/sites-available/$vhost
-  cd ../..
-  cat templates/nginxvhost >> /usr/local/nginx/conf/sites-available/$vhost
-  sed -i s/server.com/$vhost/g /usr/local/nginx/conf/sites-available/$vhost
-  ln -s /usr/local/nginx/conf/sites-available/$vhost /usr/local/nginx/conf/sites-enabled/$vhost
-  say_done
-}
-
-
-##############################################################################################################
-
-#Setting UP Virtual Host
-set_nginx_vhost_nophp(){
-clear
-f_banner
-echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-echo -e "\e[93m[+]\e[00m Setup Virtual Host for Nginx"
-echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-echo " Configure a Virtual Host"
-echo " Type a Name to Identify the Virtual Host"
-echo -n " (For Example: myserver.com) "; read vhost
-touch /usr/local/nginx/conf/sites-available/$vhost
-cd ../..
-cat templates/nginxvhost_nophp >> /usr/local/nginx/conf/sites-available/$vhost
-sed -i s/server.com/$vhost/g /usr/local/nginx/conf/sites-available/$vhost
-ln -s /usr/local/nginx/conf/sites-available/$vhost /usr/local/nginx/conf/sites-enabled/$vhost
-say_done
-}
-
-
-##############################################################################################################
-
-#Set Nginx Modsecurity OWASP Rules
-set_nginx_modsec_OwaspRules(){
-  clear
-  f_banner
-  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-  echo -e "\e[93m[+]\e[00m Setting OWASP Rules for ModSecurity on Nginx"
-  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-  echo ""
-  cd src/
-  wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master -O owasp.tar.gz
-  tar -zxvf owasp.tar.gz
-  owaspdir=$(ls -la | grep SpiderLabs | cut -d ' ' -f18)
-  cp ModSecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf
-  cp ModSecurity/unicode.mapping /usr/local/nginx/conf/
-  cd $owaspdir/
-  cat modsecurity_crs_10_setup.conf.example >> /usr/local/nginx/conf/modsecurity.conf
-  cd base_rules/
-  cat *.conf >> /usr/local/nginx/conf/modsecurity.conf
-  cp *.data /usr/local/nginx/conf/
-  cd ../../..
-  service nginx restart
-  say_done
-}
-
-
 ##############################################################################################################
 
 # Install, Configure and Optimize PHP
@@ -472,27 +367,6 @@ install_secure_php(){
     say_done
 }
 
-##############################################################################################################
-# Install, Configure and Optimize PHP for Nginx
-install_php_nginx(){
-  clear
-  f_banner
-  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-  echo -e "\e[93m[+]\e[00m Installing, Configuring and Optimizing PHP/PHP-FPM"
-  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-  echo ""
-  apt install php-fpm php php-cli php-pear
-  apt install php-mysql python-mysqldb
-  echo ""
-  echo -n " Replacing php.ini..."
-  spinner
-  cp templates/php /etc/php/7.0/cli/php.ini; echo " OK"
-  cp templates/phpnginx /etc/php/7.0/fpm/php.ini; echo "OK"
-  service php-fpm restart
-  service nginx restart
-  say_done
-}
-
 ##############################################################################################################
 
 # Install ModSecurity
@@ -770,6 +644,30 @@ install_portsentry(){
 
 ##############################################################################################################
 
+# Install and Configure Artillery
+install_artillery (){
+    clear
+    f_banner
+    echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
+    echo -e "\e[93m[+]\e[00m Cloning Repo and Installing Artillery"
+    echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
+    echo ""
+    git clone https://github.com/BinaryDefense/artillery
+    cd artillery/
+    python setup.py
+    cd ..
+    echo ""
+    echo "Setting Iptable rules for artillery"
+    spinner
+    for port in 22 1433 8080 21 5900 53 110 1723 1337 10000 5800 44443 16993; do
+      echo "iptables -A INPUT -p tcp -m tcp --dport $port -j ACCEPT" >> /etc/init.d/iptables.sh
+    done
+    echo ""
+    echo "Artillery configuration file is /var/artillery/config"
+    say_done  
+}
+##############################################################################################################
+
 # Additional Hardening Steps
 additional_hardening(){
     clear
@@ -979,28 +877,6 @@ enable_proc_acct(){
 
 ##############################################################################################################
 
-#Install PHP Suhosin Extension
-#install_phpsuhosin(){
-#  clear
-#  f_banner
-#  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-#  echo -e "\e[93m[+]\e[00m Installing PHP Suhosin Extension"
-#  echo -e "\e[34m---------------------------------------------------------------------------------------------------------\e[00m"
-#  echo ""
-#  echo 'deb http://repo.suhosin.org/ ubuntu-trusty main' >> /etc/apt/sources.list
-#  #Suhosin Key
-#  wget https://sektioneins.de/files/repository.asc
-#  apt-key add repository.asc
-#  apt update
-#  apt install php-suhosin-extension
-# phpenmod suhosin
-#  service apache2 restart
-#  echo "OK"
-#  say_done
-#}
-
-##############################################################################################################
-
 #Install and enable auditd
 
 install_auditd(){
@@ -1207,12 +1083,10 @@ echo -e "\e[34m-----------------------------------------------------------------
 echo ""
 echo "1. LAMP Deployment"
 echo "2. Reverse Proxy Deployment With Apache"
-echo "3. LEMP Deployment (Under Development, Testing)"
-echo "4. Reverse Proxy Deployment with Nginx (ModSecurity)"
-echo "5. Running With SecureWPDeployer or JSDeployer Script"
-echo "6. Customized Run (Only run desired Options)"
-echo "7. CIS Benchmark Hardening"
-echo "8. Exit"
+echo "3. Running With SecureWPDeployer or JSDeployer Script"
+echo "4. Customized Run (Only run desired Options)"
+echo "5. CIS Benchmark Hardening"
+echo "6. Exit"
 echo
 
 read choice
@@ -1248,6 +1122,7 @@ install_rootkit_hunter
 tune_nano_vim_bashrc
 daily_update_cronjob
 install_portsentry
+install_artillery
 additional_hardening
 install_unhide
 install_tiger
@@ -1292,6 +1167,7 @@ install_rootkit_hunter
 tune_nano_vim_bashrc
 daily_update_cronjob
 install_portsentry
+install_artillery
 additional_hardening
 install_unhide
 install_tiger
@@ -1324,88 +1200,6 @@ secure_ssh
 set_iptables
 install_fail2ban
 install_secure_mysql
-install_nginx_modsecurity
-set_nginx_vhost
-set_nginx_modsec_OwaspRules
-install_php_nginx
-config_fail2ban
-additional_packages
-tune_secure_kernel
-install_rootkit_hunter
-tune_nano_vim_bashrc
-daily_update_cronjob
-install_portsentry
-additional_hardening
-install_unhide
-install_tiger
-install_psad
-disable_compilers
-secure_tmp
-unattended_upgrades
-enable_proc_acct
-install_auditd
-install_sysstat
-install_arpwatch
-set_grubpassword
-file_permissions
-reboot_server
-;;
-
-4)
-check_root
-config_host
-config_timezone
-update_system
-restrictive_umask
-unused_filesystems
-uncommon_netprotocols
-admin_user
-rsa_keygen
-rsa_keycopy
-secure_ssh
-set_iptables
-install_fail2ban
-install_nginx_modsecurity
-set_nginx_vhost_nophp
-set_nginx_modsec_OwaspRules
-config_fail2ban
-additional_packages
-tune_secure_kernel
-install_rootkit_hunter
-tune_nano_vim_bashrc
-daily_update_cronjob
-install_portsentry
-additional_hardening
-install_unhide
-install_tiger
-install_psad
-disable_compilers
-secure_tmp
-unattended_upgrades
-enable_proc_acct
-install_auditd
-install_sysstat
-install_arpwatch
-set_grubpassword
-file_permissions
-reboot_server
-;;
-
-5)
-check_root
-config_host
-config_timezone
-update_system
-restrictive_umask
-unused_filesystems
-uncommon_netprotocols
-admin_user
-rsa_keygen
-rsa_keycopy
-secure_ssh
-set_iptables
-install_fail2ban
-install_secure_mysql
 install_apache
 install_secure_php
 install_modsecurity
@@ -1420,6 +1214,7 @@ install_rootkit_hunter
 tune_nano_vim_bashrc
 daily_update_cronjob
 install_portsentry
+install_artillery
 additional_hardening
 install_unhide
 install_tiger
@@ -1436,7 +1231,7 @@ set_grubpassword
 file_permissions
 ;;
 
-6)
+4)
 
 menu=""
 until [ "$menu" = "34" ]; do
@@ -1639,12 +1434,12 @@ esac
 done
 ;;
 
-7)
+5)
 chmod +x jshielder-CIS.sh
 ./jshielder-CIS.sh
 ;;
 
-8)
+6)
 exit 0
 ;;