Because nginx version of modsecurity3-nginx port is 1.22 and not always compilation successful, it is possible to compile modsecurity from source.
Compiled modsecurity can be safely included in nginx from ports.
Everything (nginx and modsecurity3-nginx) can be compiled by running compile-nginx.sh :
compile-modsecurity.sh :
#!/bin/sh
#libModSecurityrm -rf ModSecuritygit clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecuritycd ModSecuritygit pullgit submodule initgit submodule update./build.sh./configuregmake -j4cd ..#nginx connectorrm -rf Modsecurity-nginxgit clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.gitcd Modsecurity-nginxgit pullcd ..
compile-nginx.sh:
#!/bin/sh
ver="1.28.0"
if [ ! -f nginx-${ver}.tar.gz ]; thenwget http://nginx.org/download/nginx-${ver}.tar.gzfirm -rf nginx-${ver}if [ ! -d nginx-${ver} ]; thentar xvf nginx-${ver}.tar.gzfi./compile-modsecurity.shcd nginx-${ver}./configure \--prefix=/usr/local/nginx \--pid-path=/var/run/nginx.pid \--with-cc-opt='-DNGX_HAVE_INET6=0 -I /usr/local/include' \--with-ld-opt='-L /usr/local/lib' \--user=www \--group=www \--with-file-aio \--with-google_perftools_module \--with-http_v2_module \--with-http_addition_module \--with-http_auth_request_module \--with-http_dav_module \--with-http_flv_module \--with-http_gunzip_module \--with-http_gzip_static_module \--with-http_mp4_module \--with-http_random_index_module \--with-http_realip_module \--with-pcre \--with-http_secure_link_module \--with-http_slice_module \--with-http_ssl_module \--with-http_stub_status_module \--with-http_sub_module \--without-mail_imap_module \--without-mail_pop3_module \--without-mail_smtp_module \--with-stream_ssl_module \--with-stream_ssl_preread_module \--with-threads \--with-stream=dynamic \--with-http_v3_module \--add-dynamic-module=../ModSecurity-nginxmake -j4if [ $? -eq 0 ]then echo "Complilation successful"elseecho "Compilation failed"exit 1fi
make install
After creating user via web interface you can only get admin role but not superadmin role. Creating user via cli
# gvmd --create-user=gigauser -v --role="Super Admin"
may give no result:
Authentication failure for 'gigauser' from unix_socket
You can not change role via webinterface.
To assign user superadmin role directly in database:
# docker compose exec pg-gvm /bin/bash
# psql -U root gvmd
gvmd=# select * from roles;
remember required role
gvmd=# select * from users;
remember user id
gvmd=# select * from role_users;
remember required id
gvmd=# update role_users set role=6 where id=37;
Do not delete elasticsearch files with rm on filesystem, use es api instead.
curl -X GET "localhost:9200/_cluster/health" | jq
or
curl -X GET -u elastic:YourGigaPassword "localhost:9200/_cluster/health" | jq
"status": "red"
List indicies sorted by size:
curl -X GET "localhost:9200/_cat/indices?s=store.size:asc"
Delete index:
curl -X DELETE "localhost:9200/.ds-logs-kubernetes.container_logs-default-2024.11.12-000002"
After that setup index lifecycle management.
Links:
https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-delete.html
https://www.elastic.co/guide/en/elasticsearch/reference/8.13/indices-delete-index.html
https://stackoverflow.com/questions/61327189/how-to-sort-kibana-indices-by-descending-size
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/cat-indices.html
https://www.elastic.co/guide/en/elasticsearch/reference/8.13/cat-indices.html
Sometimes happens when arrow keys stop working as expected in ubuntu, up arrow which usually stand for search back in history become printscreen and other arrows stop working at all, you can't move cursor, etc.
Fix is easy:
$ sudo udevadm trigger --subsystem-match=input --action=change
Source: