Add apache-install-evasive.sh

2023-03-10 11:37:15 +01:00 · 2023-03-10 11:37:15 +01:00 · 0cb86fb0f4
commit 0cb86fb0f4
parent 1016a513e0
2 changed files with 67 additions and 0 deletions
--- a/BashScripts/install-apache/README.md
+++ b/BashScripts/install-apache/README.md
@ -0,0 +1,13 @@
 # Bash Scripts
 ## Install Apache evasive module
 ```bash
 sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-apache/apache-install-evasive.sh)"
 ```
 ## Install Logrotate for Apache
 ```bash
 sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-apache/apache-install-logrotate.sh)"
 ```
--- a/BashScripts/install-apache/apache-install-evasive.sh
+++ b/BashScripts/install-apache/apache-install-evasive.sh
@ -0,0 +1,54 @@
 #!/bin/bash
 # Make sure script is ran as root
 if [[ $EUID -ne 0 ]]; then
 	exec sudo /bin/bash "$0" "$@"
 fi
 # https://bobcares.com/blog/apache-prevent-ddos/
 if ! dpkg -l | grep -q "debconf-doc"; then
 	# https://askubuntu.com/questions/556385/how-can-i-install-apt-packages-non-interactively
 	echo "Installed debconf-doc..."
 	apt install debconf-doc -y
 fi
 if ! dpkg -l | grep -q "libapache2-mod-evasive"; then
 	echo "Installed libapache2-mod-evasive..."
 	DEBIAN_FRONTEND=noninteractive apt install libapache2-mod-evasive -y
 fi
 if grep -q "#DOSHashTableSize" "/etc/apache2/mods-enabled/evasive.conf" || [[ ! -f "/etc/apache2/mods-enabled/evasive.conf" ]] || [[ $1 = "updateconf" ]]; then
 	# https://phoenixnap.com/kb/apache-mod-evasive
 	echo "Adding libapache2-mod-evasive config..."
 	cat <<EOT > "/etc/apache2/mods-enabled/evasive.conf"
 <IfModule mod_evasive20.c>
    #DOSHashTableSize         Default: 3097 Allocated memory for running the lookup operations. Increasing the size improves the speed at the cost of memory.
    DOSHashTableSize    3097
    #DOSPageCount             Default: 2 The number of requests for an individual page that triggers blacklisting. Increasing value will reduce false-positives.
    DOSPageCount        5
    #DOSSiteCount             Default: 50 The total number of requests for the same site by the same IP address. Increasing value will reduce false-positives.
 	DOSSiteCount        100
    #DOSPageInterval          Default: 1 Number of seconds during which DOSPageCount number of requests will trigger blacklisting.
    DOSPageInterval     1
    #DOSSiteInterval          Default: 1 Number of seconds during which DOSSiteCount number of requests will trigger blacklisting.
    DOSSiteInterval     1
    #DOSBlockingPeriod        Default: 10 Number of seconds an IP address stays on the blacklist.
    DOSBlockingPeriod   10
    #DOSEmailNotify      you@yourdomain.com
    #DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
    #DOSLogDir           "/var/log/mod_evasive"
    #DOSWhitelist 192.168.0.13
    #DOSWhitelist 192.168.0.*
 </IfModule>
 EOT
 fi
 systemctl reload apache2
 echo 'Installation complete'