Difference between revisions of "ModSecurity: OWASP CRS3 menambahkan"

From OnnoWiki
Jump to navigation Jump to search
Line 85: Line 85:
 
==Test==
 
==Test==
  
  ## XSS
+
===XSS===
 +
 
 +
  curl 'http://localhost/?q="><script>alert(1)</script>'
 +
 
 +
===SQLi===
 +
 
 +
curl "http://localhost/?q='1 OR 1=1"
 +
 
 +
===Responds===
 +
 
 
<code>
 
<code>
$ curl 'http://localhost/?q="><script>alert(1)</script>'
 
</code>
 
  
 
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
 
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
Line 101: Line 108:
 
  </body></html>
 
  </body></html>
  
## SQLi
+
</code>
$ curl "http://localhost/?q='1 OR 1=1"
 
 
 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
 
<html><head>
 
<title>403 Forbidden</title>
 
</head><body>
 
<h1>Forbidden</h1>
 
<p>You don't have permission to access /
 
on this server.</p>
 
<hr>
 
<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address>
 
</body></html>
 
  
 
Bisa juga di cek di
 
Bisa juga di cek di
  
 
  tail -f /var/log/apache2/modsec_audit.log
 
  tail -f /var/log/apache2/modsec_audit.log
 
 
 
 
 
 
 
 
  
 
==Referensi==
 
==Referensi==
  
 
* https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/
 
* https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/

Revision as of 08:55, 4 June 2017

sumber: https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/


Install Apache

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
apt-get install apache2 php7.0 php7.0-xmlrpc php7.0-mysql php7.0-gd php7.0-cli \
php7.0-curl mysql-client mysql-server dovecot-common dovecot-imapd \
dovecot-pop3d postfix squirrelmail squirrelmail-decode php7.0 php5.6 \
php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \
php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0
sudo apt-get install libxml2 libxml2-dev libxml2-utils \
libaprutil1 libaprutil1-dev

Install ModSecurity

apt-get install libapache2-modsecurity

cek

apachectl -M | grep --color security


Install ModSecurity Core Rule Set (CRS)

Instalasi dari Github

rm -rf /usr/share/modsecurity-crs
apt-get install -y git
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs

rename .conf extension.

cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

Setup ModSecurity CRS

mkdir -p /usr/share/modsecurity-crs/activated_rules/
cd /usr/share/modsecurity-crs
for f in `ls rules`; do sudo ln -s ../rules/$f activated_rules/$f; done

Konfigurasi

Edit modsecurity.conf agar

vi /etc/modsecurity/modsecurity.conf

Ubah

SecRuleEngine DetectionOnly

menjadi

SecRuleEngine On


Edit security2.conf

vi /etc/apache2/mods-available/security2.conf

Tambahkan IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf

<IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/*.conf
        Include "/usr/share/modsecurity-crs/*.conf"
        Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
</IfModule>

Reload Apache

a2enmod headers
a2enmod mod-security
service apache2 reload

Test

XSS

curl 'http://localhost/?q="><script>alert(1)</script>'

SQLi

curl "http://localhost/?q='1 OR 1=1"

Responds

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>

Forbidden

You don't have permission to access / on this server.


<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address>
</body></html>

Bisa juga di cek di

tail -f /var/log/apache2/modsec_audit.log

Referensi