Because nginx version of modsecurity3-nginx port is 1.22 and not always compilation successful, it is possible to compile modsecurity from source.
Compiled modsecurity can be safely included in nginx from ports.
Everything (nginx and modsecurity3-nginx) can be compiled by running compile-nginx.sh :
compile-modsecurity.sh :
#!/bin/sh
#libModSecurity
rm -rf ModSecurity
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
cd ModSecurity
git pull
git submodule init
git submodule update
./build.sh
./configure
gmake -j4
cd ..#nginx connector
rm -rf Modsecurity-nginx
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
cd Modsecurity-nginx
git pull
cd ..
compile-nginx.sh:
#!/bin/sh
ver="1.28.0"
if [ ! -f nginx-${ver}.tar.gz ]; then
wget http://nginx.org/download/nginx-${ver}.tar.gz
fi
rm -rf nginx-${ver}
if [ ! -d nginx-${ver} ]; then
tar xvf nginx-${ver}.tar.gz
fi
./compile-modsecurity.sh
cd nginx-${ver}
./configure \
--prefix=/usr/local/nginx \
--pid-path=/var/run/nginx.pid \
--with-cc-opt='-DNGX_HAVE_INET6=0 -I /usr/local/include' \
--with-ld-opt='-L /usr/local/lib' \
--user=www \
--group=www \
--with-file-aio \
--with-google_perftools_module \
--with-http_v2_module \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-pcre \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--without-mail_imap_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-threads \
--with-stream=dynamic \
--with-http_v3_module \
--add-dynamic-module=../ModSecurity-nginxmake -j4if [ $? -eq 0 ]
then echo "Complilation successful"
else
echo "Compilation failed"
exit 1
fi
make install
After creating user via web interface you can only get admin role but not superadmin role. Creating user via cli
# gvmd --create-user=gigauser -v --role="Super Admin"
may give no result:
Authentication failure for 'gigauser' from unix_socket
You can not change role via webinterface.
To assign user superadmin role directly in database:
# docker compose exec pg-gvm /bin/bash
# psql -U root gvmd
gvmd=# select * from roles;
remember required role
gvmd=# select * from users;
remember user id
gvmd=# select * from role_users;
remember required id
gvmd=# update role_users set role=6 where id=37;
Do not delete elasticsearch files with rm on filesystem, use es api instead.
curl -X GET "localhost:9200/_cluster/health" | jq
or
curl -X GET -u elastic:YourGigaPassword "localhost:9200/_cluster/health" | jq
"status": "red"
List indicies sorted by size:
curl -X GET "localhost:9200/_cat/indices?s=store.size:asc"
Delete index:
curl -X DELETE "localhost:9200/.ds-logs-kubernetes.container_logs-default-2024.11.12-000002"
After that setup index lifecycle management.
Links:
https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-delete.html
https://www.elastic.co/guide/en/elasticsearch/reference/8.13/indices-delete-index.html
https://stackoverflow.com/questions/61327189/how-to-sort-kibana-indices-by-descending-size
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/cat-indices.html
https://www.elastic.co/guide/en/elasticsearch/reference/8.13/cat-indices.html
Sometimes happens when arrow keys stop working as expected in ubuntu, up arrow which usually stand for search back in history become printscreen and other arrows stop working at all, you can't move cursor, etc.
Fix is easy:
$ sudo udevadm trigger --subsystem-match=input --action=change
Source: