page counter next up previous contents
Next: About this document ... Up: DVWA 及 modsecurity Previous: 設定 SELinux   Contents   DYWANG_HOME

modsecurity

  1. mod_security 是 Apache 的一個模組,可以提供入侵偵測及防禦,如同 web 應用程式的防火牆,用來抵擋如 SQL injection attacks, cross-site scripting, path traversal attacks。
  2. 安裝 mod_security 模組。 
    [root@kvm3 src]# yum install mod_security
Complete!
  3. 查看 mod_security 模組訊息,版本是 2.9.2。 
    [root@kvm3 src]# yum info mod_security
Repository AppStream is listed more than once in the configuration
Repository BaseOS is listed more than once in the configuration
Last metadata expiration check: 0:08:40 ago on Tue 28 Apr 2020 03:14:41 PM CST.
Installed Packages
Name         : mod_security
Version      : 2.9.2
Release      : 8.el8
Arch         : x86_64
Size         : 1.0 M
Source       : mod_security-2.9.2-8.el8.src.rpm
Repo         : @System
From repo    : AppStream
Summary      : Security module for the Apache HTTP Server
URL          : http://www.modsecurity.org/
License      : ASL 2.0
Description  : ModSecurity is an open source intrusion detection and prevention
             : engine for web applications. It operates embedded into the web
             : server, acting as a powerful umbrella - shielding web
             : applications from attacks.
  4. 查看 mod_security 模組,rpm 安裝的檔案。 
    [root@kvm3 src]# rpm -ql mod_security
/etc/httpd/conf.d/mod_security.conf
/etc/httpd/conf.modules.d/10-mod_security.conf
/etc/httpd/modsecurity.d
/etc/httpd/modsecurity.d/activated_rules
/etc/httpd/modsecurity.d/local_rules
/etc/httpd/modsecurity.d/local_rules/modsecurity_localrules.conf
/usr/lib/.build-id
/usr/lib/.build-id/c1
/usr/lib/.build-id/c1/678c921f1523a225ddb40d90c86efeb1106371
/usr/lib64/httpd/modules/mod_security2.so
/usr/share/doc/mod_security
/usr/share/doc/mod_security/CHANGES
/usr/share/doc/mod_security/LICENSE
/usr/share/doc/mod_security/NOTICE
/usr/share/doc/mod_security/README.TXT
/var/lib/mod_security
  5. 安裝 git。 
    [root@kvm3 src]# yum install git
  6. 使用 git 下載 owasp modsecurity core rule 集合。 
    [root@kvm3 src]# git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Cloning into 'owasp-modsecurity-crs'...
remote: Enumerating objects: 10292, done.
remote: Total 10292 (delta 0), reused 0 (delta 0), pack-reused 10292
Receiving objects: 100% (10292/10292), 3.29 MiB | 1.17 MiB/s, done.
Resolving deltas: 100% (7547/7547), done.
  7. 複製 crs-setup.conf.example 到 /etc/httpd/conf.d/crs-setup.conf。 
    [root@kvm3 src]# cd owasp-modsecurity-crs/
[root@kvm3 owasp-modsecurity-crs]# cp crs-setup.conf.example \
/etc/httpd/conf.d/crs-setup.conf
  8. 複製包含所有規則的目錄 rules 到 /etc/httpd/modsecurity.d/ 
    [root@kvm3 owasp-modsecurity-crs]# cp -a rules /etc/httpd/modsecurity.d/
  9. 編輯 /etc/httpd/conf.d/mod_security.conf,將規則目錄 modsecurity.d/rules/ 中的所 *.conf 規則檔加入模組。 
    [root@kvm3 owasp-modsecurity-crs]# vim /etc/httpd/conf.d/mod_security.conf
[root@kvm3 owasp-modsecurity-crs]# vim /etc/httpd/conf.d/mod_security.conf
[root@kvm3 owasp-modsecurity-crs]# grep rules -A3 /etc/httpd/conf.d/mod_security.conf
	IncludeOptional modsecurity.d/activated_rules/*.conf
	IncludeOptional modsecurity.d/local_rules/*.conf
	IncludeOptional modsecurity.d/rules/*.conf
    
</IfModule>
  10. 因為 rules 是由下載目錄複製到 /etc/httpd 目錄,所以必須恢得其 selinux file context。 
    [root@kvm3 owasp-modsecurity-crs]# restorecon -Rv /etc/httpd/mod_security.conf
  11. 重啟 httpd 服務。 
    [root@kvm3 owasp-modsecurity-crs]# systemctl restart httpd.service


De-Yu Wang 2020-05-19