Difference between revisions of "ModSecurity: Instalasi ModSecurity dan ModEvasive"

From OnnoWiki
Jump to navigation Jump to search
Line 23: Line 23:
 
  ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.1 /usr/lib/libxml2.so.2.9.1
 
  ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.1 /usr/lib/libxml2.so.2.9.1
  
* Instalasi ModSecurity
+
==Instalasi & Konfigurasi ModSecurity==
  
 +
Instalasi
  
 
  sudo apt-get install libapache-mod-security
 
  sudo apt-get install libapache-mod-security
  
 +
Konfigurasi
 
2. Configure ModSecurity rules.
 
2. Configure ModSecurity rules.
  
Line 34: Line 36:
 
  sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
 
  sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
  
    The default folder for ModSecurity rules is /etc/modsecurity/ . All .conf files will be included and need to be configured as required.
+
* The default folder for ModSecurity rules is /etc/modsecurity/ . All .conf files will be included and need to be configured as required.
    We need to activate all the base rules and make sure they also get loaded.  
+
* We need to activate all the base rules and make sure they also get loaded.  
    You might want to edit the SecRequestBodyLimit option in the modsecurity.conf file.
+
* You might want to edit the SecRequestBodyLimit option in the modsecurity.conf file.
    SecRequestBodyLimit limits the page request size and limits file uploads to 128 KB by default. Change this to the size of files you would accept uploaded to the server.
+
* SecRequestBodyLimit limits the page request size and limits file uploads to 128 KB by default. Change this to the size of files you would accept uploaded to the server.
    This settings is very important as it limits the size of all files that can be uploaded to the server. For CMS sites using Drupal or Wordpress this setting is the source of much pain.  
+
* This settings is very important as it limits the size of all files that can be uploaded to the server. For CMS sites using Drupal or Wordpress this setting is the source of much pain.  
    Open the Terminal Window and enter :
+
 
 +
* Open the Terminal Window and enter :
  
 
  sudo vi /etc/modsecurity/modsecurity.conf
 
  sudo vi /etc/modsecurity/modsecurity.conf
  
    First activate the rules by editing the SecRuleEngine option and set to On.
+
* Aktifkan aturan / rule dengan mengedit SecRuleEngine menjadi On.
  
 
  SecRuleEngine On
 
  SecRuleEngine On
  
    Edit the following to option to increase the request limit to 16 MB and save the file :
+
* Edit opsi berikut untuk menaikan request limit ke 16Mbyte dan save file:
  
 
  SecRequestBodyLimit 16384000
 
  SecRequestBodyLimit 16384000

Revision as of 12:46, 30 March 2015

  • Instalasi dan konfigurasi modul ModSecurity dan mod_evasive Apache2 di Ubuntu server.
  • Semua menjadi jauh lebih mudah daripada sebelumnya dalam menginstal kedua modul keamanan yang sangat baik ini untuk Apache2 di Ubuntu LTS, karena kedua modul tersedia dalam dalam repositori standar Ubuntu.
  • Ini hanya titik awal untuk mendapatkan mod_security dan mod_evasive agar bekerja. Silahkan mengacu pada dokumentasi kedua proyek untuk berbagai opsi konfigurasi yang tersedia dan mengkonfigurasi pengaturan keamanan anda sesuai kebutuhan.


Kebutuhan

  • Instalasi Ubuntu LTS server, or yang terbaru di mesin anda.
  • Instalasi Apache2 webserver, di setup dan di konfigurasi:
sudo apt-get install apache2 php5 php5-xmlrpc php5-mysql php5-gd php5-cli \
php5-curl mysql-client mysql-server
  • Instalasi dependensi yang dibutuhkan untuk modsecurity
sudo apt-get install libxml2 libxml2-dev libxml2-utils \
libaprutil1 libaprutil1-dev
  • Untuk mengguna 64bit, perlu menambahkan link berikut
ln -s /usr/lib/x86_64-linux-gnu/libxml2.so /usr/lib/libxml2.so
ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2
ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.1 /usr/lib/libxml2.so.2.9.1

Instalasi & Konfigurasi ModSecurity

Instalasi

sudo apt-get install libapache-mod-security

Konfigurasi 2. Configure ModSecurity rules.

   Activate the recommended default rules to get things going. Configure as needed. For complete information refer to the ModSecurity Reference Manual - click here.
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
  • The default folder for ModSecurity rules is /etc/modsecurity/ . All .conf files will be included and need to be configured as required.
  • We need to activate all the base rules and make sure they also get loaded.
  • You might want to edit the SecRequestBodyLimit option in the modsecurity.conf file.
  • SecRequestBodyLimit limits the page request size and limits file uploads to 128 KB by default. Change this to the size of files you would accept uploaded to the server.
  • This settings is very important as it limits the size of all files that can be uploaded to the server. For CMS sites using Drupal or Wordpress this setting is the source of much pain.
  • Open the Terminal Window and enter :
sudo vi /etc/modsecurity/modsecurity.conf
  • Aktifkan aturan / rule dengan mengedit SecRuleEngine menjadi On.
SecRuleEngine On
  • Edit opsi berikut untuk menaikan request limit ke 16Mbyte dan save file:
SecRequestBodyLimit 16384000
SecRequestBodyInMemoryLimit 16384000

3. Download and install the latest OWASP Core Rule Set.

   We need to download and install the latest OWASP ModSecurity Core Rule Set from the project website. Click here for more information.
   We will also activate the default CRS config file modsecurity_crs_10_setup.conf.example
   If you prefer not to use the latest rules, replace master below with the a specific version you would like to use e.g :  v2.2.5  
   Open the Terminal Window and enter :
cd /tmp
sudo wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
sudo tar -zxvf SpiderLabs-owasp-modsecurity-crs.tar.gz
sudo cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/
sudo rm SpiderLabs-owasp-modsecurity-crs.tar.gz
sudo rm -R SpiderLabs-owasp-modsecurity-crs-*
sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
   Now we create symbolic links to all activated base rules. Open a terminal window and enter :
cd /etc/modsecurity/base_rules
for f in * ; do sudo ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done
cd /etc/modsecurity/optional_rules
for f in * ; do sudo ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done 
   Now add these rules to Apache2. Open a terminal window and enter:
sudo vi /etc/apache2/mods-available/mod-security.conf
   Add the following to towards the end of the file with other includes  and save the file :
Include "/etc/modsecurity/activated_rules/*.conf"

4. Check if ModSecurity is enabled and restart Apache.

   Before restarting Apache2 check if the modules has been loaded.
   Open the Terminal Window and enter :
sudo a2enmod headers
sudo a2enmod mod-security

Restart Apache2 webserver

sudo /etc/init.d apache2 restart

atau

service apache2 restart

5. Install ModEvasive.

   Open the Terminal Window and enter :
sudo apt-get install libapache2-mod-evasive

6. Create log file directory for mod_evasive.

   Open the Terminal Window and enter :
sudo mkdir /var/log/mod_evasive
   Change the log folder permissions :
sudo chown www-data:www-data /var/log/mod_evasive/

7. Create mod-evasive.conf file and configure ModEvasive.

   Open the Terminal Window and enter :
sudo vi /etc/apache2/mods-available/mod-evasive.conf
   and add the following, changing the email value, and other options below as required :
<ifmodule mod_evasive20.c>
   DOSHashTableSize 3097
   DOSPageCount  2
   DOSSiteCount  50
   DOSPageInterval 1
   DOSSiteInterval  1
   DOSBlockingPeriod  10
   DOSLogDir   /var/log/mod_evasive
   DOSEmailNotify  EMAIL@DOMAIN.com
   DOSWhitelist   127.0.0.1
</ifmodule>

8. Fix mod-evasive email bug

   Because of this bug mod-evasive does not send emails on Ubuntu 12.04.
   A temporary workaround is to create symlink to the mail program.
   Open the Terminal Window and enter :
sudo ln -s /etc/alternatives/mail /bin/mail/

9. Check if ModEvasive is enabled and restart Apache.

   Before restarting Apache2 check if the module has been loaded.
   Open the Terminal Window and enter :
sudo a2enmod mod-evasive

Restart Apache2 webserver

sudo /etc/init.d/apache2 restart

atau

service apache2 restart

Referensi