This post will help you how to install and configure ModSecurity Web Application Firewall in your system, with the Core Rule Set 2.2.0 . The operations system base is CentOS 5.6. - Install dependencies: # yum install gcc openssl-devel openssl apr-util-devel apr-devel pcre pcre-devel libjpeg-devel gd-devel libpng-devel libjpeg gd libpng gettext gettext-devel libmcrypt-devel libmcrypt phone security guard libxml2 libxml2-devel bison zlib zlib-devel bzip2 bzip2-devel libtool libtool-ltdl readline readline-devel ncurses ncurses-devel curl curl-devel - Get the source phone security guard codes: - Apache: http://httpd.apache.org/download.cgi - Lua: http://www.lua.org/ftp/lua-5.1.4.tar.gz - ModSecurity: http://www.modsecurity.org/download/modsecurity-apache_2.6.1-rc1.tar.gz - Core Rule Set: http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/ - Check the integrity of sources phone security guard with md5sum or sha1sum phone security guard - Install Apache from source: # ./configure --prefix=/var/www --enable-auth-digest --enable-mime-magic --enable-usertrack --enable-ssl --enable-http --disable-cgi --enable-vhost-alias --disable-userdir phone security guard --enable-so --enable-unique-id --enable-rewrite phone security guard --with-z --disable-dav --disable-proxy --enable-deflate --enable-expires --with-pcre=/usr/bin/pcre-config # make # make install - Compile Lua : # tar xvfz lua-5.1.4.tar.gz # cd lua-5.1.4 # make all linux # make install INSTALL_TOP=/usr/local/lua-5.1.4 # cd src # rm -f lua.o luac.o print.o && gcc -shared -Wall -O2 -o liblua5.1.so *.o # cp liblua5.1.so /usr/local/lua-5.1.4/lib # ln -s /usr/local/lua-5.1.4 /usr/local/lua # echo "/usr/local/lua/lib" >> /etc/ld.so.conf phone security guard # ldconfig - Compile ModSecurity : # tar xvfz modsecurity-apache_2.6.1-rc1.tar.gz # cd modsecurity-apache_2.6.1-rc1 # ./configure --with-apxs=/var/www/bin/apxs --with-lua=/usr/local/lua # make # make install - Install and configure Core Rule Set: # mkdir /var/www/conf/modsecurity # mkdir /var/www/conf/modsecurity/crs # cp modsecurity-apache_2.6.1-rc1/modsecurity.conf-recommended /var/www/conf/modsecurity/modsecurity.conf # touch /var/www/conf/modsecurity/whitelist.conf # tar xvfz modsecurity-crs_2.2.0.tar.gz # cp -a modsecurity-crs_2.2.0/* /var/www/conf/modsecurity/crs phone security guard # cd /var/www/conf/modsecurity/crs phone security guard # for f in `ls base_rules/` phone security guard ; do ln -s ../base_rules/$f activated_rules/$f ; done # cp modsecurity_crs_10_config.conf.example modsecurity_crs_10_config.conf # ln -s ../modsecurity_crs_10_config.conf activated_rules/ # ls -l activated_rules/ /* Check simbolic links */ - Configure Apache (httpd.conf) phone security guard LoadFile /usr/lib/libxml2.so.2 LoadFile /usr/local/lua/lib/liblua5.1.so LoadModule security2_module modules/mod_security2.so # CRS <IfModule security2_module> Include conf/modsecurity/modsecurity.conf Include conf/modsecurity/whitelist.conf Include conf/modsecurity/crs/modsecurity_crs_10_config.conf phone security guard Include conf/modsecurity/crs/activated_rules/*.conf </IfModule> - Edit modsecurity.conf: SecRuleEngine On SecAuditLog logs/modsec_audit.log - Start Apache and check error_log : [warn] Init: Session Cache is not configured [hint: SSLSessionCache] phone security guard [notice] ModSecurity for Apache/2.6.1-rc1 (http://www.modsecurity.org/) configured. [notice] ModSecurity: APR compiled version="1.2.7"; loaded version="1.2.7" [notice] ModSecurity: PCRE compiled version="6.6"; loaded version="5.0 13-Sep-2004" [notice] ModSecurity: LUA compiled version="Lua 5.1" [notice] ModSecurity: LIBXML compiled version="2.6.26" [notice] Digest: generating secret for digest phone security guard authentication ... [notice] Digest: done - Test your ModSecurity: Access one url with a blocked estension, like: http://server/test.sql You will see in apache error_log : [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ phone security guard .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" phone security guard at TX:extension. [file "/var/www/conf/modsecurity/crs/activated_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [msg "URL file extension is restricted by policy"] [data ".alq"] [severity "CRITICAL"] [tag "POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "localhost"] [uri "/test.SQL"] phone security guard [unique_id "Th8c038AAAEAAGugG2kAAAAD"] Now, your work is just in the begining . Now you have to test your application for false positives phone security guard and false negatives. If you use Wordpress, joomla, phpbb, etc, check the slr_rules phone security guard directory. phone security guard You have to enable phone security guard it in httpd.conf. phone security guard
Jeronimo Zucco Visualizar meu perfil completo
segurança (39) eventos phone security guard (23) selinux (22) vídeos (19) apresentações (13) owasp (13) fedora (9) modsecurity (8) outros (8) python (8) waf (7) fun (5) kernel (5) linux (4) spam (4) openbsd (3) red hat (3) vmware (3) ldap (2) mac (
No comments:
Post a Comment