shukivaknin/jabali-panel
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Install ModSecurity in installer

Browse Source
This commit is contained in:
root
2026-01-28 19:35:34 +02:00
parent 257fa20685
commit 02c756d077
3 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -5,7 +5,7 @@
A modern web hosting control panel for WordPress and general PHP hosting. Built with Laravel 12, Filament v5, Livewire 4, and Tailwind CSS v4. A modern web hosting control panel for WordPress and general PHP hosting. Built with Laravel 12, Filament v5, Livewire 4, and Tailwind CSS v4.
Version: 0.9-rc19 (release candidate) Version: 0.9-rc20 (release candidate)
This is a release candidate. Expect rapid iteration and breaking changes until 1.0. This is a release candidate. Expect rapid iteration and breaking changes until 1.0.

2
VERSION
View File

@@ -1 +1 @@
VERSION=0.9-rc19 VERSION=0.9-rc20

47
install.sh
View File

@@ -12,7 +12,7 @@
set -e set -e
# Version - will be read from VERSION file after clone, this is fallback # Version - will be read from VERSION file after clone, this is fallback
JABALI_VERSION="0.9-rc19" JABALI_VERSION="0.9-rc20"
# Colors # Colors
RED='\033[0;31m' RED='\033[0;31m'
@@ -1959,6 +1959,51 @@ configure_firewall() {
configure_security() { configure_security() {
header "Configuring Security Tools" header "Configuring Security Tools"
# Install ModSecurity + CRS (optional)
if [[ "$INSTALL_SECURITY" == "true" ]]; then
info "Installing ModSecurity (optional WAF)..."
local module_pkg=""
if apt-cache show libnginx-mod-http-modsecurity2 &>/dev/null; then
module_pkg="libnginx-mod-http-modsecurity2"
elif apt-cache show libnginx-mod-http-modsecurity &>/dev/null; then
module_pkg="libnginx-mod-http-modsecurity"
elif apt-cache show nginx-extras &>/dev/null; then
module_pkg="nginx-extras"
else
warn "ModSecurity nginx module not available in apt repositories"
fi
local crs_pkg=""
if apt-cache show modsecurity-crs &>/dev/null; then
crs_pkg="modsecurity-crs"
fi
if [[ -n "$module_pkg" ]]; then
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq "$module_pkg" $crs_pkg 2>/dev/null || warn "ModSecurity install failed"
# Ensure ModSecurity base config
if [[ -f /etc/modsecurity/modsecurity.conf-recommended ]] && [[ ! -f /etc/modsecurity/modsecurity.conf ]]; then
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
fi
# Create main include file for nginx if missing
mkdir -p /etc/nginx/modsec
if [[ ! -f /etc/nginx/modsec/main.conf ]]; then
if [[ -f /usr/share/modsecurity-crs/crs-setup.conf ]]; then
cat > /etc/nginx/modsec/main.conf <<'EOF'
Include /etc/modsecurity/modsecurity.conf
Include /usr/share/modsecurity-crs/crs-setup.conf
Include /usr/share/modsecurity-crs/rules/*.conf
EOF
else
cat > /etc/nginx/modsec/main.conf <<'EOF'
Include /etc/modsecurity/modsecurity.conf
EOF
fi
fi
fi
fi
# Configure Fail2ban # Configure Fail2ban
info "Configuring Fail2ban..." info "Configuring Fail2ban..."
cat > /etc/fail2ban/jail.local << 'FAIL2BAN' cat > /etc/fail2ban/jail.local << 'FAIL2BAN'