diff --git a/.github/workflows/test_apache_docker.yml b/.github/workflows/test_apache_docker.yml new file mode 100644 index 0000000..e315fdf --- /dev/null +++ b/.github/workflows/test_apache_docker.yml @@ -0,0 +1,85 @@ +name: Validate WAF Patterns for Apache with Docker + +on: + push: + branches: + - main # Trigger on push to main branch + pull_request: + branches: + - main # Trigger on pull request to main branch + +jobs: + validate-waf-patterns: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Cache Docker setup + id: cache-docker + uses: actions/cache@v3 + with: + path: /var/lib/docker + key: docker-setup-${{ runner.os }} + + - name: Set up Docker + run: | + sudo apt-get update + # Remove conflicting containerd package + sudo apt-get remove -y containerd + # Install Docker dependencies + sudo apt-get install -y ca-certificates curl + # Add Docker's official GPG key + sudo install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + sudo chmod a+r /etc/apt/keyrings/docker.gpg + # Add Docker's repository + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + # Install Docker + sudo apt-get update + sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin + sudo docker --version + + - name: Pull Docker images + run: | + echo "Pulling ApacheDocker image..." + sudo docker pull httpd:latest + + - name: Validate Apache configuration + run: | + echo "Validating Apache configuration..." + for file in waf_patterns/apache/*.conf; do + echo "Validating $file..." + sudo docker run --rm -v $(pwd)/waf_patterns/apache:/usr/local/apache2/conf/extra:ro httpd httpd -t + if [ $? -ne 0 ]; then + echo "Error: Validation failed for $file" + exit 1 + fi + done + + - name: Start Apache container with WAF rules + run: | + echo "Starting Apache container..." + sudo docker run -d \ + --name apache-waf \ + -p ${{ env.APACHE_PORT }}:80 \ + -v $(pwd)/waf_patterns/apache:/usr/local/apache2/conf/extra \ + httpd:latest + echo "Apache is running on port ${{ env.APACHE_PORT }}." + + - name: Check Apache container logs + run: | + echo "Checking Apache container logs..." + sudo docker logs apache-waf + + - name: Clean up containers + if: always() + run: | + echo "Stopping and removing containers..." + sudo docker stop apache-waf || true + sudo docker rm apache-waf || true + echo "Containers stopped and removed." diff --git a/.github/workflows/test_docker.yml b/.github/workflows/test_docker.yml deleted file mode 100644 index 4f19a6a..0000000 --- a/.github/workflows/test_docker.yml +++ /dev/null @@ -1,164 +0,0 @@ -name: Validate WAF Patterns and Configurations with Docker - -on: - push: - branches: - - main # Trigger on push to main branch - pull_request: - branches: - - main # Trigger on pull request to main branch - -jobs: - validate-waf-patterns: - runs-on: ubuntu-latest - - env: - NGINX_PORT: 8080 - APACHE_PORT: 8081 - HAPROXY_PORT: 8082 - TRAEFIK_PORT: 8083 - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Cache Docker setup - id: cache-docker - uses: actions/cache@v3 - with: - path: /var/lib/docker - key: docker-setup-${{ runner.os }} - - - name: Set up Docker - run: | - sudo apt-get update - # Remove conflicting containerd package - sudo apt-get remove -y containerd - # Install Docker dependencies - sudo apt-get install -y ca-certificates curl - # Add Docker's official GPG key - sudo install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg - sudo chmod a+r /etc/apt/keyrings/docker.gpg - # Add Docker's repository - echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ - $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - # Install Docker - sudo apt-get update - sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - sudo docker --version - - - name: Pull Docker images - run: | - echo "Pulling Docker images..." - sudo docker pull nginx:latest - sudo docker pull httpd:latest - sudo docker pull haproxy:latest - sudo docker pull traefik:latest - -# - name: Validate Nginx configuration -# run: | -# echo "Validating Nginx configuration..." -# for file in waf_patterns/nginx/*.conf; do -# echo "Validating $file..." -# sudo docker run --rm -v $(pwd)/waf_patterns/nginx:/etc/nginx/conf.d:ro nginx nginx -t -# if [ $? -ne 0 ]; then -# echo "Error: Validation failed for $file" -# exit 1 -# fi -# done -# -# - name: Start Nginx container with WAF rules -# run: | -# echo "Starting Nginx container..." -# sudo docker run -d \ -# --name nginx-waf \ -# -p ${{ env.NGINX_PORT }}:80 \ -# -v $(pwd)/waf_patterns/nginx:/etc/nginx/conf.d \ -# nginx:latest -# echo "Nginx is running on port ${{ env.NGINX_PORT }}." - -# - name: Check Nginx container logs -# run: | -# echo "Checking Nginx container logs..." -# sudo docker logs nginx-waf - - - name: Validate Apache configuration - run: | - echo "Validating Apache configuration..." - for file in waf_patterns/apache/*.conf; do - echo "Validating $file..." - sudo docker run --rm -v $(pwd)/waf_patterns/apache:/usr/local/apache2/conf/extra:ro httpd httpd -t - if [ $? -ne 0 ]; then - echo "Error: Validation failed for $file" - exit 1 - fi - done - - - name: Start Apache container with WAF rules - run: | - echo "Starting Apache container..." - sudo docker run -d \ - --name apache-waf \ - -p ${{ env.APACHE_PORT }}:80 \ - -v $(pwd)/waf_patterns/apache:/usr/local/apache2/conf/extra \ - httpd:latest - echo "Apache is running on port ${{ env.APACHE_PORT }}." - - - name: Check Apache container logs - run: | - echo "Checking Apache container logs..." - sudo docker logs apache-waf - -# - name: Validate HAProxy configuration -# run: | -# echo "Validating HAProxy configuration..." -# for file in waf_patterns/haproxy/*.acl; do -# echo "Validating $file..." -# # Create a temporary haproxy.cfg file to include the ACL -# echo "global" > temp_haproxy.cfg -# echo " log stdout format raw local0" >> temp_haproxy.cfg -# echo "defaults" >> temp_haproxy.cfg -# echo " log global" >> temp_haproxy.cfg -# echo " timeout connect 10s" >> temp_haproxy.cfg -# echo " timeout client 30s" >> temp_haproxy.cfg -# echo " timeout server 30s" >> temp_haproxy.cfg -# echo "frontend test" >> temp_haproxy.cfg -# echo " bind *:${{ env.HAPROXY_PORT }}" >> temp_haproxy.cfg -# echo " default_backend test_backend" >> temp_haproxy.cfg -# echo " $(cat "$file")" >> temp_haproxy.cfg -# echo "backend test_backend" >> temp_haproxy.cfg -# echo " server s1 127.0.0.1:${{ env.NGINX_PORT }}" >> temp_haproxy.cfg -# -# # Validate the file using haproxy -c -# sudo docker run --rm -v $(pwd)/temp_haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg -# if [ $? -ne 0 ]; then -# echo "Error: Validation failed for $file" -# exit 1 -# fi -# done - -# - name: Start HAProxy container with WAF rules -# run: | -# echo "Starting HAProxy container..." -# sudo docker run -d \ -# --name haproxy-waf \ -# -p ${{ env.HAPROXY_PORT }}:80 \ -# -v $(pwd)/waf_patterns/haproxy:/usr/local/etc/haproxy \ -# haproxy:latest -# echo "HAProxy is running on port ${{ env.HAPROXY_PORT }}." -# -# - name: Check HAProxy container logs -# run: | -# echo "Checking HAProxy container logs..." -# sudo docker logs haproxy-waf - - - name: Clean up containers - if: always() - run: | - echo "Stopping and removing containers..." - sudo docker stop nginx-waf apache-waf haproxy-waf traefik-waf || true - sudo docker rm nginx-waf apache-waf haproxy-waf traefik-waf || true - echo "Containers stopped and removed."