Difference between revisions of "ModSecurity: Instalasi ModSecurity dan ModEvasive"

From OnnoWiki
Jump to navigation Jump to search
(New page: How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server Submitted by The Fan Club on Sun, 2012-04-29 23:33 Last Update : August 2013 This guide is based on various...)
 
Line 1: Line 1:
How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server
+
* Install and configure Apache2 ModSecurity and mod_evasive modules on Ubuntu 12.04 LTS server.
Submitted by The Fan Club on Sun, 2012-04-29 23:33
+
* Things have become much easier than before installing both these two excellent security modules for Apache2 in Ubuntu 12.04 LTS, as both modules are available in the standard Ubuntu 12.04 repositories.
 +
* This is only a starting point for getting mod_security and mod_evasive working. Refer to both projects documentation for the various configuration option  available and configure your security settings as required.
  
Last Update : August 2013
+
==Kebutuhan==
  
This guide is based on various community forum posts, and hours of frustration.
+
* Ubuntu 12.04 LTS server, or later installed on your machine.  
 
+
* Apache2 webserver setup and configured.
This guide is intended as a relatively easy step by step guide to:
 
 
 
    Install and configure Apache2 ModSecurity and mod_evasive modules on Ubuntu 12.04 LTS server.
 
    Things have become much easier than before installing both these two excellent security modules for Apache2 in Ubuntu 12.04 LTS, as both modules are available in the standard Ubuntu 12.04 repositories.
 
    This is only a starting point for getting mod_security and mod_evasive working. Refer to both projects documentation for the various configuration option  available and configure your security settings as required.
 
 
 
Requirements:
 
 
 
    Ubuntu 12.04 LTS server, or later installed on your machine.  
 
    Apache2 webserver setup and configured.
 
  
 
1. Install ModSecurity on your server.
 
1. Install ModSecurity on your server.
Line 21: Line 12:
 
     Install the dependencies. Open the Terminal Window and enter :
 
     Install the dependencies. Open the Terminal Window and enter :
  
sudo apt-get install libxml2 libxml2-dev libxml2-utils
+
sudo apt-get install libxml2 libxml2-dev libxml2-utils
 
+
sudo apt-get install libaprutil1 libaprutil1-dev
sudo apt-get install libaprutil1 libaprutil1-dev
 
  
 
     64bit users please note - Because of this bug you need to create a symbolic link to libxml2.so.2 or the installation will report the file missing and fail.
 
     64bit users please note - Because of this bug you need to create a symbolic link to libxml2.so.2 or the installation will report the file missing and fail.
  
ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2
+
ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2
  
    Now install ModSecurity
+
Now install ModSecurity
  
sudo apt-get install libapache-mod-security
+
sudo apt-get install libapache-mod-security
  
 
2. Configure ModSecurity rules.
 
2. Configure ModSecurity rules.
Line 37: Line 27:
 
     Activate the recommended default rules to get things going. Configure as needed. For complete information refer to the ModSecurity Reference Manual - click here.
 
     Activate the recommended default rules to get things going. Configure as needed. For complete information refer to the ModSecurity Reference Manual - click here.
  
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
+
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
  
 
     The default folder for ModSecurity rules is /etc/modsecurity/ . All .conf files will be included and need to be configured as required.
 
     The default folder for ModSecurity rules is /etc/modsecurity/ . All .conf files will be included and need to be configured as required.
Line 46: Line 36:
 
     Open the Terminal Window and enter :
 
     Open the Terminal Window and enter :
  
sudo vi /etc/modsecurity/modsecurity.conf
+
sudo vi /etc/modsecurity/modsecurity.conf
  
 
     First activate the rules by editing the SecRuleEngine option and set to On.
 
     First activate the rules by editing the SecRuleEngine option and set to On.
  
SecRuleEngine On
+
SecRuleEngine On
  
 
     Edit the following to option to increase the request limit to 16 MB and save the file :
 
     Edit the following to option to increase the request limit to 16 MB and save the file :
  
SecRequestBodyLimit 16384000
+
SecRequestBodyLimit 16384000
SecRequestBodyInMemoryLimit 16384000
+
SecRequestBodyInMemoryLimit 16384000
  
 
3. Download and install the latest OWASP Core Rule Set.
 
3. Download and install the latest OWASP Core Rule Set.
Line 64: Line 54:
 
     Open the Terminal Window and enter :
 
     Open the Terminal Window and enter :
  
cd /tmp
+
cd /tmp
 +
sudo wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
 +
sudo tar -zxvf SpiderLabs-owasp-modsecurity-crs.tar.gz
 +
sudo cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/
  
sudo wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
+
sudo rm SpiderLabs-owasp-modsecurity-crs.tar.gz
 
+
sudo rm -R SpiderLabs-owasp-modsecurity-crs-*
sudo tar -zxvf SpiderLabs-owasp-modsecurity-crs.tar.gz
+
sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
 
 
sudo cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/
 
 
 
sudo rm SpiderLabs-owasp-modsecurity-crs.tar.gz
 
 
 
sudo rm -R SpiderLabs-owasp-modsecurity-crs-*
 
 
 
sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
 
  
 
     Now we create symbolic links to all activated base rules. Open a terminal window and enter :
 
     Now we create symbolic links to all activated base rules. Open a terminal window and enter :
  
cd /etc/modsecurity/base_rules
+
cd /etc/modsecurity/base_rules
for f in * ; do sudo ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done
+
for f in * ; do sudo ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done
cd /etc/modsecurity/optional_rules
+
cd /etc/modsecurity/optional_rules
for f in * ; do sudo ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done  
+
for f in * ; do sudo ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done  
  
 
     Now add these rules to Apache2. Open a terminal window and enter:
 
     Now add these rules to Apache2. Open a terminal window and enter:
  
sudo vi /etc/apache2/mods-available/mod-security.conf
+
sudo vi /etc/apache2/mods-available/mod-security.conf
  
 
     Add the following to towards the end of the file with other includes  and save the file :
 
     Add the following to towards the end of the file with other includes  and save the file :
  
Include "/etc/modsecurity/activated_rules/*.conf"
+
Include "/etc/modsecurity/activated_rules/*.conf"
  
 
4. Check if ModSecurity is enabled and restart Apache.
 
4. Check if ModSecurity is enabled and restart Apache.
Line 98: Line 83:
 
     Open the Terminal Window and enter :
 
     Open the Terminal Window and enter :
  
sudo a2enmod headers
+
sudo a2enmod headers
sudo a2enmod mod-security
+
sudo a2enmod mod-security
  
    Then restart the Apache2 webserver :
+
Restart Apache2 webserver
  
sudo /etc/init.d apache2 restart
+
sudo /etc/init.d apache2 restart
  
    OR
+
atau
  
 
service apache2 restart
 
service apache2 restart
Line 113: Line 98:
 
     Open the Terminal Window and enter :
 
     Open the Terminal Window and enter :
  
sudo apt-get install libapache2-mod-evasive
+
sudo apt-get install libapache2-mod-evasive
  
 
6. Create log file directory for mod_evasive.
 
6. Create log file directory for mod_evasive.
Line 119: Line 104:
 
     Open the Terminal Window and enter :
 
     Open the Terminal Window and enter :
  
sudo mkdir /var/log/mod_evasive
+
sudo mkdir /var/log/mod_evasive
  
 
     Change the log folder permissions :
 
     Change the log folder permissions :
  
sudo chown www-data:www-data /var/log/mod_evasive/
+
sudo chown www-data:www-data /var/log/mod_evasive/
  
 
7. Create mod-evasive.conf file and configure ModEvasive.
 
7. Create mod-evasive.conf file and configure ModEvasive.
Line 129: Line 114:
 
     Open the Terminal Window and enter :
 
     Open the Terminal Window and enter :
  
sudo vi /etc/apache2/mods-available/mod-evasive.conf
+
sudo vi /etc/apache2/mods-available/mod-evasive.conf
  
 
     and add the following, changing the email value, and other options below as required :
 
     and add the following, changing the email value, and other options below as required :
  
<ifmodule mod_evasive20.c>
+
<ifmodule mod_evasive20.c>
  DOSHashTableSize 3097
+
    DOSHashTableSize 3097
  DOSPageCount  2
+
    DOSPageCount  2
  DOSSiteCount  50
+
    DOSSiteCount  50
  DOSPageInterval 1
+
    DOSPageInterval 1
  DOSSiteInterval  1
+
    DOSSiteInterval  1
  DOSBlockingPeriod  10
+
    DOSBlockingPeriod  10
  DOSLogDir  /var/log/mod_evasive
+
    DOSLogDir  /var/log/mod_evasive
  DOSEmailNotify  EMAIL@DOMAIN.com
+
    DOSEmailNotify  EMAIL@DOMAIN.com
  DOSWhitelist  127.0.0.1
+
    DOSWhitelist  127.0.0.1
</ifmodule>
+
</ifmodule>
  
 
8. Fix mod-evasive email bug
 
8. Fix mod-evasive email bug
Line 151: Line 136:
 
     Open the Terminal Window and enter :
 
     Open the Terminal Window and enter :
  
sudo ln -s /etc/alternatives/mail /bin/mail/
+
sudo ln -s /etc/alternatives/mail /bin/mail/
  
 
9. Check if ModEvasive is enabled and restart Apache.
 
9. Check if ModEvasive is enabled and restart Apache.
Line 158: Line 143:
 
     Open the Terminal Window and enter :
 
     Open the Terminal Window and enter :
  
sudo a2enmod mod-evasive
+
sudo a2enmod mod-evasive
  
    Then restart the Apache2 webserver :
+
Restart Apache2 webserver
  
sudo /etc/init.d/apache2 restart
+
sudo /etc/init.d/apache2 restart
  
    OR
+
atau
  
service apache2 restart
+
service apache2 restart
  
  

Revision as of 11:40, 30 March 2015

  • Install and configure Apache2 ModSecurity and mod_evasive modules on Ubuntu 12.04 LTS server.
  • Things have become much easier than before installing both these two excellent security modules for Apache2 in Ubuntu 12.04 LTS, as both modules are available in the standard Ubuntu 12.04 repositories.
  • This is only a starting point for getting mod_security and mod_evasive working. Refer to both projects documentation for the various configuration option available and configure your security settings as required.

Kebutuhan

  • Ubuntu 12.04 LTS server, or later installed on your machine.
  • Apache2 webserver setup and configured.

1. Install ModSecurity on your server.

   Install the dependencies. Open the Terminal Window and enter :
sudo apt-get install libxml2 libxml2-dev libxml2-utils
sudo apt-get install libaprutil1 libaprutil1-dev
   64bit users please note - Because of this bug you need to create a symbolic link to libxml2.so.2 or the installation will report the file missing and fail.
ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2

Now install ModSecurity

sudo apt-get install libapache-mod-security

2. Configure ModSecurity rules.

   Activate the recommended default rules to get things going. Configure as needed. For complete information refer to the ModSecurity Reference Manual - click here.
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
   The default folder for ModSecurity rules is /etc/modsecurity/ . All .conf files will be included and need to be configured as required.
   We need to activate all the base rules and make sure they also get loaded. 
   You might want to edit the SecRequestBodyLimit option in the modsecurity.conf file.
   SecRequestBodyLimit limits the page request size and limits file uploads to 128 KB by default. Change this to the size of files you would accept uploaded to the server.
   This settings is very important as it limits the size of all files that can be uploaded to the server. For CMS sites using Drupal or Wordpress this setting is the source of much pain. 
   Open the Terminal Window and enter :
sudo vi /etc/modsecurity/modsecurity.conf
   First activate the rules by editing the SecRuleEngine option and set to On.
SecRuleEngine On
   Edit the following to option to increase the request limit to 16 MB and save the file :
SecRequestBodyLimit 16384000
SecRequestBodyInMemoryLimit 16384000

3. Download and install the latest OWASP Core Rule Set.

   We need to download and install the latest OWASP ModSecurity Core Rule Set from the project website. Click here for more information.
   We will also activate the default CRS config file modsecurity_crs_10_setup.conf.example
   If you prefer not to use the latest rules, replace master below with the a specific version you would like to use e.g :  v2.2.5  
   Open the Terminal Window and enter :
cd /tmp
sudo wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
sudo tar -zxvf SpiderLabs-owasp-modsecurity-crs.tar.gz
sudo cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/
sudo rm SpiderLabs-owasp-modsecurity-crs.tar.gz
sudo rm -R SpiderLabs-owasp-modsecurity-crs-*
sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
   Now we create symbolic links to all activated base rules. Open a terminal window and enter :
cd /etc/modsecurity/base_rules
for f in * ; do sudo ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done
cd /etc/modsecurity/optional_rules
for f in * ; do sudo ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done 
   Now add these rules to Apache2. Open a terminal window and enter:
sudo vi /etc/apache2/mods-available/mod-security.conf
   Add the following to towards the end of the file with other includes  and save the file :
Include "/etc/modsecurity/activated_rules/*.conf"

4. Check if ModSecurity is enabled and restart Apache.

   Before restarting Apache2 check if the modules has been loaded.
   Open the Terminal Window and enter :
sudo a2enmod headers
sudo a2enmod mod-security

Restart Apache2 webserver

sudo /etc/init.d apache2 restart

atau

service apache2 restart

5. Install ModEvasive.

   Open the Terminal Window and enter :
sudo apt-get install libapache2-mod-evasive

6. Create log file directory for mod_evasive.

   Open the Terminal Window and enter :
sudo mkdir /var/log/mod_evasive
   Change the log folder permissions :
sudo chown www-data:www-data /var/log/mod_evasive/

7. Create mod-evasive.conf file and configure ModEvasive.

   Open the Terminal Window and enter :
sudo vi /etc/apache2/mods-available/mod-evasive.conf
   and add the following, changing the email value, and other options below as required :
<ifmodule mod_evasive20.c>
   DOSHashTableSize 3097
   DOSPageCount  2
   DOSSiteCount  50
   DOSPageInterval 1
   DOSSiteInterval  1
   DOSBlockingPeriod  10
   DOSLogDir   /var/log/mod_evasive
   DOSEmailNotify  EMAIL@DOMAIN.com
   DOSWhitelist   127.0.0.1
</ifmodule>

8. Fix mod-evasive email bug

   Because of this bug mod-evasive does not send emails on Ubuntu 12.04.
   A temporary workaround is to create symlink to the mail program.
   Open the Terminal Window and enter :
sudo ln -s /etc/alternatives/mail /bin/mail/

9. Check if ModEvasive is enabled and restart Apache.

   Before restarting Apache2 check if the module has been loaded.
   Open the Terminal Window and enter :
sudo a2enmod mod-evasive

Restart Apache2 webserver

sudo /etc/init.d/apache2 restart

atau

service apache2 restart



Referensi