Difference between revisions of "ModSecurity: OWASP CRS3 menambahkan"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(18 intermediate revisions by the same user not shown) | |||
Line 18: | Line 18: | ||
==Install ModSecurity== | ==Install ModSecurity== | ||
− | apt- | + | sudo su |
+ | apt update | ||
+ | apt -y install libapache2-modsecurity | ||
+ | |||
+ | Ubuntu 20.04 | ||
+ | |||
+ | apt -y install libapache2-mod-security2 | ||
+ | |||
cek | cek | ||
apachectl -M | grep --color security | apachectl -M | grep --color security | ||
− | |||
==Install ModSecurity Core Rule Set (CRS)== | ==Install ModSecurity Core Rule Set (CRS)== | ||
Instalasi dari Github | Instalasi dari Github | ||
+ | |||
+ | Ubuntui 20.04 | ||
+ | |||
+ | cd ~ | ||
+ | git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git | ||
+ | |||
+ | cd ~/owasp-modsecurity-crs | ||
+ | sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf | ||
+ | sudo mv rules/ /etc/modsecurity/ | ||
+ | |||
+ | Versi lama | ||
rm -rf /usr/share/modsecurity-crs | rm -rf /usr/share/modsecurity-crs | ||
apt-get install -y git | apt-get install -y git | ||
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs | git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs | ||
+ | cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf | ||
− | |||
− | + | Silahkan baca2 file crs-setup.conf kalau mau mengerti cara / proses deteksi. Ada bagian PARANOID :) .. | |
==Setup ModSecurity CRS== | ==Setup ModSecurity CRS== | ||
+ | |||
+ | mkdir -p /usr/share/modsecurity-crs/activated_rules/ | ||
cd /usr/share/modsecurity-crs | cd /usr/share/modsecurity-crs | ||
+ | for f in `ls rules`; do sudo ln -s ../rules/$f activated_rules/$f; done | ||
− | + | ==Konfigurasi== | |
− | + | Edit modsecurity.conf agar | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf | |
− | + | vi /etc/modsecurity/modsecurity.conf | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Ubah | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
SecRuleEngine DetectionOnly | SecRuleEngine DetectionOnly | ||
Line 93: | Line 76: | ||
− | Edit /etc/apache2/mods-available/security2.conf | + | Edit security2.conf |
+ | |||
+ | vi /etc/apache2/mods-available/security2.conf | ||
+ | |||
+ | Tambahkan IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf | ||
<IfModule security2_module> | <IfModule security2_module> | ||
Line 103: | Line 90: | ||
# will allow for an easy upgrade of THIS file and | # will allow for an easy upgrade of THIS file and | ||
# make your life easier | # make your life easier | ||
− | IncludeOptional /etc/modsecurity/*.conf | + | '''IncludeOptional /etc/modsecurity/*.conf''' |
− | + | '''Include "/usr/share/modsecurity-crs/*.conf"''' | |
+ | '''Include "/usr/share/modsecurity-crs/activated_rules/*.conf"''' | ||
</IfModule> | </IfModule> | ||
− | Reload | + | ==Reload Apache== |
+ | |||
+ | Enable module | ||
− | + | a2enmod headers | |
+ | a2enmod security2 | ||
+ | service apache2 reload | ||
− | + | Cara Disable module | |
− | + | a2dismod headers | |
− | + | a2dismod security2 | |
+ | service apache2 reload | ||
− | + | ==Test== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Jika anda menginstalasi [[DVWA]], bisa di lakukan test ke [[DVWA]] dengan kondisi module di enable / disable. | |
− | |||
− | + | ===XSS=== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | curl 'http://localhost/?q="><script>alert(1)</script>' | |
− | + | ===SQLi=== | |
+ | curl "http://localhost/?q='1 OR 1=1" | ||
+ | ===Responds=== | ||
+ | Harusnya akan dapat kode kira-kira | ||
+ | 403 Forbidden | ||
+ | ===Cek Log=== | ||
+ | watch -n 2 "tail /var/log/apache2/modsec_audit.log" | ||
+ | atau | ||
+ | tail -f /var/log/apache2/modsec_audit.log | ||
==Referensi== | ==Referensi== | ||
* https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/ | * https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/ |
Latest revision as of 20:46, 15 January 2021
sumber: https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/
Install Apache
sudo add-apt-repository ppa:ondrej/php sudo apt-get update
apt-get install apache2 php7.0 php7.0-xmlrpc php7.0-mysql php7.0-gd php7.0-cli \ php7.0-curl mysql-client mysql-server dovecot-common dovecot-imapd \ dovecot-pop3d postfix squirrelmail squirrelmail-decode php7.0 php5.6 \ php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \ php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0
sudo apt-get install libxml2 libxml2-dev libxml2-utils \ libaprutil1 libaprutil1-dev
Install ModSecurity
sudo su apt update apt -y install libapache2-modsecurity
Ubuntu 20.04
apt -y install libapache2-mod-security2
cek
apachectl -M | grep --color security
Install ModSecurity Core Rule Set (CRS)
Instalasi dari Github
Ubuntui 20.04
cd ~ git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cd ~/owasp-modsecurity-crs sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf sudo mv rules/ /etc/modsecurity/
Versi lama
rm -rf /usr/share/modsecurity-crs apt-get install -y git git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
Silahkan baca2 file crs-setup.conf kalau mau mengerti cara / proses deteksi. Ada bagian PARANOID :) ..
Setup ModSecurity CRS
mkdir -p /usr/share/modsecurity-crs/activated_rules/ cd /usr/share/modsecurity-crs for f in `ls rules`; do sudo ln -s ../rules/$f activated_rules/$f; done
Konfigurasi
Edit modsecurity.conf agar
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf vi /etc/modsecurity/modsecurity.conf
Ubah
SecRuleEngine DetectionOnly
menjadi
SecRuleEngine On
Edit security2.conf
vi /etc/apache2/mods-available/security2.conf
Tambahkan IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf
<IfModule security2_module> # Default Debian dir for modsecurity's persistent data SecDataDir /var/cache/modsecurity # Include all the *.conf files in /etc/modsecurity. # Keeping your local configuration in that directory # will allow for an easy upgrade of THIS file and # make your life easier IncludeOptional /etc/modsecurity/*.conf Include "/usr/share/modsecurity-crs/*.conf" Include "/usr/share/modsecurity-crs/activated_rules/*.conf" </IfModule>
Reload Apache
Enable module
a2enmod headers a2enmod security2 service apache2 reload
Cara Disable module
a2dismod headers a2dismod security2 service apache2 reload
Test
Jika anda menginstalasi DVWA, bisa di lakukan test ke DVWA dengan kondisi module di enable / disable.
XSS
curl 'http://localhost/?q="><script>alert(1)</script>'
SQLi
curl "http://localhost/?q='1 OR 1=1"
Responds
Harusnya akan dapat kode kira-kira
403 Forbidden
Cek Log
watch -n 2 "tail /var/log/apache2/modsec_audit.log"
atau
tail -f /var/log/apache2/modsec_audit.log