Difference between revisions of "ModSecurity: OWASP CRS3 menambahkan"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 77: | Line 77: | ||
lrwxrwxrwx 1 root root 49 Jun 26 14:07 modsecurity_crs_60_correlation.conf -> ../base_rules/modsecurity_crs_60_correlation.conf | lrwxrwxrwx 1 root root 49 Jun 26 14:07 modsecurity_crs_60_correlation.conf -> ../base_rules/modsecurity_crs_60_correlation.conf | ||
-rw-r--r-- 1 root root 5720 Jul 12 2013 README | -rw-r--r-- 1 root root 5720 Jul 12 2013 README | ||
− | |||
==Konfigurasi== | ==Konfigurasi== |
Revision as of 08:35, 4 June 2017
sumber: https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/
Install Apache
sudo add-apt-repository ppa:ondrej/php sudo apt-get update
apt-get install apache2 php7.0 php7.0-xmlrpc php7.0-mysql php7.0-gd php7.0-cli \ php7.0-curl mysql-client mysql-server dovecot-common dovecot-imapd \ dovecot-pop3d postfix squirrelmail squirrelmail-decode php7.0 php5.6 \ php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \ php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0
sudo apt-get install libxml2 libxml2-dev libxml2-utils \ libaprutil1 libaprutil1-dev
Install ModSecurity
apt-get install libapache2-modsecurity
cek
apachectl -M | grep --color security
Install ModSecurity Core Rule Set (CRS)
Instalasi dari Github
rm -rf /usr/share/modsecurity-crs apt-get install -y git git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
rename .conf extension.
cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
Setup ModSecurity CRS
cd /usr/share/modsecurity-crs
Activate rules
$ sudo ln -s ../modsecurity_crs_10_setup.conf activated_rules/modsecurity_crs_10_setup.conf
masukan base_rules,
$ for f in `ls base_rules`; do sudo ln -s ../base_rules/$f activated_rules/$f; done
Now you're activated_rules directory should look something like this:
$ ll activated_rules/ total 20 drwxr-xr-x 2 root root 4096 Jun 26 14:15 ./ drwxr-xr-x 9 root root 4096 Jun 26 13:56 ../ lrwxrwxrwx 1 root root 44 Jun 26 14:07 modsecurity_35_bad_robots.data -> ../base_rules/modsecurity_35_bad_robots.data lrwxrwxrwx 1 root root 42 Jun 26 14:07 modsecurity_35_scanners.data -> ../base_rules/modsecurity_35_scanners.data lrwxrwxrwx 1 root root 49 Jun 26 14:07 modsecurity_40_generic_attacks.data -> ../base_rules/modsecurity_40_generic_attacks.data lrwxrwxrwx 1 root root 42 Jun 26 14:07 modsecurity_50_outbound.data -> ../base_rules/modsecurity_50_outbound.data lrwxrwxrwx 1 root root 50 Jun 26 14:07 modsecurity_50_outbound_malware.data -> ../base_rules/modsecurity_50_outbound_malware.data lrwxrwxrwx 1 root root 32 Jun 26 14:15 modsecurity_crs_10_setup.conf -> ../modsecurity_crs_10_setup.conf lrwxrwxrwx 1 root root 57 Jun 26 14:07 modsecurity_crs_20_protocol_violations.conf -> ../base_rules/modsecurity_crs_20_protocol_violations.conf lrwxrwxrwx 1 root root 56 Jun 26 14:07 modsecurity_crs_21_protocol_anomalies.conf -> ../base_rules/modsecurity_crs_21_protocol_anomalies.conf lrwxrwxrwx 1 root root 52 Jun 26 14:07 modsecurity_crs_23_request_limits.conf -> ../base_rules/modsecurity_crs_23_request_limits.conf lrwxrwxrwx 1 root root 49 Jun 26 14:07 modsecurity_crs_30_http_policy.conf -> ../base_rules/modsecurity_crs_30_http_policy.conf lrwxrwxrwx 1 root root 48 Jun 26 14:07 modsecurity_crs_35_bad_robots.conf -> ../base_rules/modsecurity_crs_35_bad_robots.conf lrwxrwxrwx 1 root root 53 Jun 26 14:07 modsecurity_crs_40_generic_attacks.conf -> ../base_rules /modsecurity_crs_40_generic_attacks.conf lrwxrwxrwx 1 root root 59 Jun 26 14:07 modsecurity_crs_41_sql_injection_attacks.conf -> ../base_rules/modsecurity_crs_41_sql_injection_attacks.conf lrwxrwxrwx 1 root root 49 Jun 26 14:07 modsecurity_crs_41_xss_attacks.conf -> ../base_rules/modsecurity_crs_41_xss_attacks.conf lrwxrwxrwx 1 root root 52 Jun 26 14:07 modsecurity_crs_42_tight_security.conf -> ../base_rules/modsecurity_crs_42_tight_security.conf lrwxrwxrwx 1 root root 45 Jun 26 14:07 modsecurity_crs_45_trojans.conf -> ../base_rules/modsecurity_crs_45_trojans.conf lrwxrwxrwx 1 root root 55 Jun 26 14:07 modsecurity_crs_47_common_exceptions.conf -> ../base_rules/modsecurity_crs_47_common_exceptions.conf lrwxrwxrwx 1 root root 62 Jun 26 14:07 modsecurity_crs_48_local_exceptions.conf.example -> ../base_rules/modsecurity_crs_48_local_exceptions.conf.example lrwxrwxrwx 1 root root 54 Jun 26 14:07 modsecurity_crs_49_inbound_blocking.conf -> ../base_rules/modsecurity_crs_49_inbound_blocking.conf lrwxrwxrwx 1 root root 46 Jun 26 14:07 modsecurity_crs_50_outbound.conf -> ../base_rules/modsecurity_crs_50_outbound.conf lrwxrwxrwx 1 root root 55 Jun 26 14:07 modsecurity_crs_59_outbound_blocking.conf -> ../base_rules/modsecurity_crs_59_outbound_blocking.conf lrwxrwxrwx 1 root root 49 Jun 26 14:07 modsecurity_crs_60_correlation.conf -> ../base_rules/modsecurity_crs_60_correlation.conf -rw-r--r-- 1 root root 5720 Jul 12 2013 README
Konfigurasi
cd /etc/modsecurity cp modsecurity.conf-recommended modsecurity.conf
Edit modsecurity.conf agar
SecRuleEngine DetectionOnly
menjadi
SecRuleEngine On
Edit /etc/apache2/mods-available/security2.conf . Tambahkan IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf
<IfModule security2_module> # Default Debian dir for modsecurity's persistent data SecDataDir /var/cache/modsecurity # Include all the *.conf files in /etc/modsecurity. # Keeping your local configuration in that directory # will allow for an easy upgrade of THIS file and # make your life easier IncludeOptional /etc/modsecurity/*.conf IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf </IfModule>
Reload apache
$ sudo service apache2 reload
Test
## XSS $ curl 'http://localhost/?q="><script>alert(1)</script>'
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body>
Forbidden
You don't have permission to access / on this server.
<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address> </body></html>
## SQLi $ curl "http://localhost/?q='1 OR 1=1"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body>
Forbidden
You don't have permission to access / on this server.
<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address> </body></html>
Bisa juga di cek di
/var/log/apache2/modsec_audit.log