Add apache-install-evasive.sh

2023-03-10 11:37:15 +01:00 · 2023-03-10 11:37:15 +01:00 · 0cb86fb0f4
commit 0cb86fb0f4
parent 1016a513e0
2 changed files with 67 additions and 0 deletions
--- a/BashScripts/install-apache/README.md
+++ b/BashScripts/install-apache/README.md
@ -0,0 +1,13 @@
+# Bash Scripts
+
+## Install Apache evasive module
+
+```bash
+sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-apache/apache-install-evasive.sh)"
+```
+
+## Install Logrotate for Apache
+
+```bash
+sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-apache/apache-install-logrotate.sh)"
+```
--- a/BashScripts/install-apache/apache-install-evasive.sh
+++ b/BashScripts/install-apache/apache-install-evasive.sh
@ -0,0 +1,54 @@
+#!/bin/bash
+# Make sure script is ran as root
+if [[ $EUID -ne 0 ]]; then
+	exec sudo /bin/bash "$0" "$@"
+fi
+
+# https://bobcares.com/blog/apache-prevent-ddos/
+
+if ! dpkg -l | grep -q "debconf-doc"; then
+	# https://askubuntu.com/questions/556385/how-can-i-install-apt-packages-non-interactively
+	echo "Installed debconf-doc..."
+	apt install debconf-doc -y
+fi
+
+if ! dpkg -l | grep -q "libapache2-mod-evasive"; then
+	echo "Installed libapache2-mod-evasive..."
+	DEBIAN_FRONTEND=noninteractive apt install libapache2-mod-evasive -y
+fi
+
+if grep -q "#DOSHashTableSize" "/etc/apache2/mods-enabled/evasive.conf" || [[ ! -f "/etc/apache2/mods-enabled/evasive.conf" ]] || [[ $1 = "updateconf" ]]; then
+	# https://phoenixnap.com/kb/apache-mod-evasive
+	echo "Adding libapache2-mod-evasive config..."
+	cat <<EOT > "/etc/apache2/mods-enabled/evasive.conf"
+<IfModule mod_evasive20.c>
+    #DOSHashTableSize         Default: 3097 Allocated memory for running the lookup operations. Increasing the size improves the speed at the cost of memory.
+    DOSHashTableSize    3097
+
+    #DOSPageCount             Default: 2 The number of requests for an individual page that triggers blacklisting. Increasing value will reduce false-positives.
+    DOSPageCount        5
+
+    #DOSSiteCount             Default: 50 The total number of requests for the same site by the same IP address. Increasing value will reduce false-positives.
+	DOSSiteCount        100
+
+    #DOSPageInterval          Default: 1 Number of seconds during which DOSPageCount number of requests will trigger blacklisting.
+    DOSPageInterval     1
+
+    #DOSSiteInterval          Default: 1 Number of seconds during which DOSSiteCount number of requests will trigger blacklisting.
+    DOSSiteInterval     1
+
+    #DOSBlockingPeriod        Default: 10 Number of seconds an IP address stays on the blacklist.
+    DOSBlockingPeriod   10
+
+    #DOSEmailNotify      you@yourdomain.com
+    #DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
+    #DOSLogDir           "/var/log/mod_evasive"
+    #DOSWhitelist 192.168.0.13
+    #DOSWhitelist 192.168.0.*
+</IfModule>
+EOT
+fi
+
+systemctl reload apache2
+
+echo 'Installation complete'