Difference between revisions of "ModSecurity: OWASP CRS3 menambahkan"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) (→Test) |
||
Line 85: | Line 85: | ||
==Test== | ==Test== | ||
− | + | ===XSS=== | |
+ | |||
+ | curl 'http://localhost/?q="><script>alert(1)</script>' | ||
+ | |||
+ | ===SQLi=== | ||
+ | |||
+ | curl "http://localhost/?q='1 OR 1=1" | ||
+ | |||
+ | ===Responds=== | ||
+ | |||
<code> | <code> | ||
− | |||
− | |||
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> | ||
Line 101: | Line 108: | ||
</body></html> | </body></html> | ||
− | + | </code> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Bisa juga di cek di | Bisa juga di cek di | ||
tail -f /var/log/apache2/modsec_audit.log | tail -f /var/log/apache2/modsec_audit.log | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==Referensi== | ==Referensi== | ||
* https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/ | * https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/ |
Revision as of 08:55, 4 June 2017
sumber: https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/
Install Apache
sudo add-apt-repository ppa:ondrej/php sudo apt-get update
apt-get install apache2 php7.0 php7.0-xmlrpc php7.0-mysql php7.0-gd php7.0-cli \ php7.0-curl mysql-client mysql-server dovecot-common dovecot-imapd \ dovecot-pop3d postfix squirrelmail squirrelmail-decode php7.0 php5.6 \ php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \ php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0
sudo apt-get install libxml2 libxml2-dev libxml2-utils \ libaprutil1 libaprutil1-dev
Install ModSecurity
apt-get install libapache2-modsecurity
cek
apachectl -M | grep --color security
Install ModSecurity Core Rule Set (CRS)
Instalasi dari Github
rm -rf /usr/share/modsecurity-crs apt-get install -y git git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
rename .conf extension.
cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
Setup ModSecurity CRS
mkdir -p /usr/share/modsecurity-crs/activated_rules/ cd /usr/share/modsecurity-crs for f in `ls rules`; do sudo ln -s ../rules/$f activated_rules/$f; done
Konfigurasi
Edit modsecurity.conf agar
vi /etc/modsecurity/modsecurity.conf
Ubah
SecRuleEngine DetectionOnly
menjadi
SecRuleEngine On
Edit security2.conf
vi /etc/apache2/mods-available/security2.conf
Tambahkan IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf
<IfModule security2_module> # Default Debian dir for modsecurity's persistent data SecDataDir /var/cache/modsecurity # Include all the *.conf files in /etc/modsecurity. # Keeping your local configuration in that directory # will allow for an easy upgrade of THIS file and # make your life easier IncludeOptional /etc/modsecurity/*.conf Include "/usr/share/modsecurity-crs/*.conf" Include "/usr/share/modsecurity-crs/activated_rules/*.conf" </IfModule>
Reload Apache
a2enmod headers a2enmod mod-security service apache2 reload
Test
XSS
curl 'http://localhost/?q="><script>alert(1)</script>'
SQLi
curl "http://localhost/?q='1 OR 1=1"
Responds
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
Forbidden
You don't have permission to access /
on this server.
<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address>
</body></html>
Bisa juga di cek di
tail -f /var/log/apache2/modsec_audit.log