install issues
ad...@unixbox.ws
Starting nginx: nginx: [emerg] unknown directive "MainRule" in /etc/nginx/naxsi_core.rules:17
I cannot find any help with this other than my nginx is not configured with Naxsi but I am 60% that I have ./configured it with Naxsi
./configure --conf-path=/etc/nginx/nginx.conf --add-module=../naxsi/naxsi_src/ --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-openssl=/usr/bin/openssl
Any thoughts?
mex
and please check if you placed your
includes accordingly:
/etc/nginx/naxsi_core.rules (or rules.conf) in html {} - context
SecRulesEnabled / CheckRule (or active/learning-mode.rules)
in location {} context
if you are not sure, please post your config
https://bitbucket.org/lazy_dogtown/doxi/src/ce7fc15bc07100c5ee2ce88702d18bd2c7ca326b/README.md?at=master
> You received this message because you are subscribed to the Google Groups
> "naxsi-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to naxsi-discus...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
James Ruffer
nginx version: nginx/1.6.0
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-pcre --with-debug --add-module=/builddir/build/BUILD/nginx-1.6.0/modsecurity-2.8.0/nginx/modsecurity --add-module=/builddir/build/BUILD/nginx-1.6.0/ngx_cache_purge-2.1 --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=-Wl,-E
You received this message because you are subscribed to a topic in the Google Groups "naxsi-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/naxsi-discuss/EjD7QLxttkI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to naxsi-discus...@googlegroups.com.
James Ruffer
[root@production-api-server nginx-1.7.3]# make install
make -f objs/Makefile install
make[1]: Entering directory `/tmp/nginx-1.7.3'
test -d '/usr/local/nginx' || mkdir -p '/usr/local/nginx'
test -d '/usr/local/nginx/sbin' || mkdir -p '/usr/local/nginx/sbin'
test ! -f '/usr/local/nginx/sbin/nginx' || mv '/usr/local/nginx/sbin/nginx' '/usr/local/nginx/sbin/nginx.old'
cp objs/nginx '/usr/local/nginx/sbin/nginx'
test -d '/etc/nginx' || mkdir -p '/etc/nginx'
cp conf/koi-win '/etc/nginx'
cp conf/koi-utf '/etc/nginx'
cp conf/win-utf '/etc/nginx'
test -f '/etc/nginx/mime.types' || cp conf/mime.types '/etc/nginx'
cp conf/mime.types '/etc/nginx/mime.types.default'
test -f '/etc/nginx/fastcgi_params' || cp conf/fastcgi_params '/etc/nginx'
cp conf/fastcgi_params '/etc/nginx/fastcgi_params.default'
test -f '/etc/nginx/fastcgi.conf' || cp conf/fastcgi.conf '/etc/nginx'
cp conf/fastcgi.conf '/etc/nginx/fastcgi.conf.default'
test -f '/etc/nginx/uwsgi_params' || cp conf/uwsgi_params '/etc/nginx'
cp conf/uwsgi_params '/etc/nginx/uwsgi_params.default'
test -f '/etc/nginx/scgi_params' || cp conf/scgi_params '/etc/nginx'
cp conf/scgi_params '/etc/nginx/scgi_params.default'
test -f '/etc/nginx/nginx.conf' || cp conf/nginx.conf '/etc/nginx/nginx.conf'
cp conf/nginx.conf '/etc/nginx/nginx.conf.default'
test -d '/usr/local/nginx/logs' || mkdir -p '/usr/local/nginx/logs'
test -d '/usr/local/nginx/logs' || mkdir -p '/usr/local/nginx/logs'
test -d '/usr/local/nginx/html' || cp -R html '/usr/local/nginx'
test -d '/usr/local/nginx/logs' || mkdir -p '/usr/local/nginx/logs'
make[1]: Leaving directory `/tmp/nginx-1.7.3'
mex
and only 2 --add-module - directives
--add-module=/builddir/build/BUILD/nginx-1.6.0/modsecurity-2.8.0/nginx/modsecurity
--add-module=/builddir/build/BUILD/nginx-1.6.0/ngx_cache_purge-2.1
beside this, the nginx -V - output is from a 1.6.0, while your
make-output is from a 1.7.3
maybe check objs/nginx in your most recent build-directory
James Ruffer
./configure --conf-path=/etc/nginx/nginx.conf --add-module=naxsi/naxsi_src/
checking for OS
+ Linux 2.6.32-431.20.3.el6.x86_64 x86_64
checking for C compiler ... found
+ using GNU C compiler
+ gcc version: 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
checking for gcc -pipe switch ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
checking for gcc variadic macros ... found
checking for unistd.h ... found
checking for inttypes.h ... found
checking for limits.h ... found
checking for sys/filio.h ... not found
checking for sys/param.h ... found
checking for sys/mount.h ... found
checking for sys/statvfs.h ... found
checking for crypt.h ... found
checking for Linux specific features
checking for epoll ... found
checking for EPOLLRDHUP ... found
checking for O_PATH ... not found
checking for sendfile() ... found
checking for sendfile64() ... found
checking for sys/prctl.h ... found
checking for prctl(PR_SET_DUMPABLE) ... found
checking for sched_setaffinity() ... found
checking for crypt_r() ... found
checking for sys/vfs.h ... found
checking for nobody group ... found
checking for poll() ... found
checking for /dev/poll ... not found
checking for kqueue ... not found
checking for crypt() ... not found
checking for crypt() in libcrypt ... found
checking for F_READAHEAD ... not found
checking for posix_fadvise() ... found
checking for O_DIRECT ... found
checking for F_NOCACHE ... not found
checking for directio() ... not found
checking for statfs() ... found
checking for statvfs() ... found
checking for dlopen() ... not found
checking for dlopen() in libdl ... found
checking for sched_yield() ... found
checking for SO_SETFIB ... not found
checking for SO_ACCEPTFILTER ... not found
checking for TCP_DEFER_ACCEPT ... found
checking for TCP_KEEPIDLE ... found
checking for TCP_FASTOPEN ... not found
checking for TCP_INFO ... found
checking for accept4() ... found
checking for int size ... 4 bytes
checking for long size ... 8 bytes
checking for long long size ... 8 bytes
checking for void * size ... 8 bytes
checking for uint64_t ... found
checking for sig_atomic_t ... found
checking for sig_atomic_t size ... 4 bytes
checking for socklen_t ... found
checking for in_addr_t ... found
checking for in_port_t ... found
checking for rlim_t ... found
checking for uintptr_t ... uintptr_t found
checking for system byte ordering ... little endian
checking for size_t size ... 8 bytes
checking for off_t size ... 8 bytes
checking for time_t size ... 8 bytes
checking for setproctitle() ... not found
checking for pread() ... found
checking for pwrite() ... found
checking for sys_nerr ... found
checking for localtime_r() ... found
checking for posix_memalign() ... found
checking for memalign() ... found
checking for mmap(MAP_ANON|MAP_SHARED) ... found
checking for mmap("/dev/zero", MAP_SHARED) ... found
checking for System V shared memory ... found
checking for POSIX semaphores ... not found
checking for POSIX semaphores in libpthread ... found
checking for struct msghdr.msg_control ... found
checking for ioctl(FIONBIO) ... found
checking for struct tm.tm_gmtoff ... found
checking for struct dirent.d_namlen ... not found
checking for struct dirent.d_type ... found
checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
configuring additional modules
adding module in naxsi/naxsi_src/
+ ngx_http_naxsi_module was configured
checking for PCRE library ... found
checking for PCRE JIT support ... not found
checking for md5 in system md library ... not found
checking for md5 in system md5 library ... not found
checking for md5 in system OpenSSL crypto library ... not found
checking for sha1 in system md library ... not found
checking for sha1 in system OpenSSL crypto library ... not found
checking for zlib library ... found
creating objs/Makefile
Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ using builtin md5 code
+ sha1 library is not found
+ using system zlib library
nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx configuration prefix: "/etc/nginx"
nginx configuration file: "/etc/nginx/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
Then Make...here is the tail end of it.
objs/addon/naxsi_src/naxsi_runtime.o \
objs/addon/naxsi_src/naxsi_config.o \
objs/addon/naxsi_src/naxsi_utils.o \
objs/addon/naxsi_src/naxsi_skeleton.o \
objs/addon/naxsi_src/naxsi_json.o \
objs/ngx_modules.o \
-lpthread -lcrypt -lpcre -lz
make[1]: Leaving directory `/tmp/nginx-1.7.3'
make -f objs/Makefile manpage
make[1]: Entering directory `/tmp/nginx-1.7.3'
sed -e "s|%%PREFIX%%|/usr/local/nginx|" \
-e "s|%%PID_PATH%%|/usr/local/nginx/logs/nginx.pid|" \
-e "s|%%CONF_PATH%%|/etc/nginx/nginx.conf|" \
-e "s|%%ERROR_LOG_PATH%%|/usr/local/nginx/logs/error.log|" \
< man/nginx.8 > objs/nginx.8
make[1]: Leaving directory `/tmp/nginx-1.7.3'
Then the make install...
Not sure what to do after this? Should I have uninstalled the older version?
ad...@unixbox.ws
James Ruffer
--
mex
> Found it...I was using a corrupt naxsi_src file.
Is there a RPM for nginx and naxsi for centos?
https://packages.debian.org/en/wheezy-backports/nginx-naxsi
usually, when doing a little more than just reverse-proxying
with nginx you'll end up with a custom version version anyway.
this is what we usually include
--add-module=$nmd/naxsi
--add-module=$nmd/nginx-openssl-version
--add-module=$nmd/lua-nginx-module
--add-module=$nmd/ngx_devel_kit
--add-module=$nmd/echo-nginx-module
--add-module=$nmd/nginx-accesskey
--add-module=$nmd/ngx_http_log_request_speed
--add-module=$nmd/set-misc-nginx-module
--add-module=$nmd/nginx-sticky-module-ng
--add-module=$nmd/ngx_cache_purge
--add-module=$nmd/memc-nginx-module
--add-module=$nmd/nginx-upstream-fair
--add-module=$nmd/headers-more-nginx-module
--add-module=$nmd/encrypted-session-nginx-module
> "naxsi-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an