Difference between revisions of "ModSecurity: OWASP CRS3 menambahkan"

From OnnoWiki
Jump to navigation Jump to search
Line 40: Line 40:
 
  cd /usr/share/modsecurity-crs
 
  cd /usr/share/modsecurity-crs
  
Activate rules
+
==Konfigurasi==
  
$ sudo ln -s ../modsecurity_crs_10_setup.conf activated_rules/modsecurity_crs_10_setup.conf
+
Edit modsecurity.conf agar
 
 
masukan base_rules,
 
 
 
$ for f in `ls base_rules`; do sudo ln -s ../base_rules/$f activated_rules/$f; done
 
  
Now you're activated_rules directory should look something like this:
+
vi /etc/modsecurity/modsecurity.conf
  
$ ll activated_rules/
+
Ubah
total 20
 
drwxr-xr-x 2 root root 4096 Jun 26 14:15 ./
 
drwxr-xr-x 9 root root 4096 Jun 26 13:56 ../
 
lrwxrwxrwx 1 root root  44 Jun 26 14:07 modsecurity_35_bad_robots.data -> ../base_rules/modsecurity_35_bad_robots.data
 
lrwxrwxrwx 1 root root  42 Jun 26 14:07 modsecurity_35_scanners.data -> ../base_rules/modsecurity_35_scanners.data
 
lrwxrwxrwx 1 root root  49 Jun 26 14:07 modsecurity_40_generic_attacks.data -> ../base_rules/modsecurity_40_generic_attacks.data
 
lrwxrwxrwx 1 root root  42 Jun 26 14:07 modsecurity_50_outbound.data -> ../base_rules/modsecurity_50_outbound.data
 
lrwxrwxrwx 1 root root  50 Jun 26 14:07 modsecurity_50_outbound_malware.data -> ../base_rules/modsecurity_50_outbound_malware.data
 
lrwxrwxrwx 1 root root  32 Jun 26 14:15 modsecurity_crs_10_setup.conf -> ../modsecurity_crs_10_setup.conf
 
lrwxrwxrwx 1 root root  57 Jun 26 14:07 modsecurity_crs_20_protocol_violations.conf -> ../base_rules/modsecurity_crs_20_protocol_violations.conf
 
lrwxrwxrwx 1 root root  56 Jun 26 14:07 modsecurity_crs_21_protocol_anomalies.conf -> ../base_rules/modsecurity_crs_21_protocol_anomalies.conf
 
lrwxrwxrwx 1 root root  52 Jun 26 14:07 modsecurity_crs_23_request_limits.conf -> ../base_rules/modsecurity_crs_23_request_limits.conf
 
lrwxrwxrwx 1 root root  49 Jun 26 14:07 modsecurity_crs_30_http_policy.conf -> ../base_rules/modsecurity_crs_30_http_policy.conf
 
lrwxrwxrwx 1 root root  48 Jun 26 14:07 modsecurity_crs_35_bad_robots.conf -> ../base_rules/modsecurity_crs_35_bad_robots.conf
 
lrwxrwxrwx 1 root root  53 Jun 26 14:07 modsecurity_crs_40_generic_attacks.conf -> ../base_rules /modsecurity_crs_40_generic_attacks.conf
 
lrwxrwxrwx 1 root root  59 Jun 26 14:07 modsecurity_crs_41_sql_injection_attacks.conf -> ../base_rules/modsecurity_crs_41_sql_injection_attacks.conf
 
lrwxrwxrwx 1 root root  49 Jun 26 14:07 modsecurity_crs_41_xss_attacks.conf -> ../base_rules/modsecurity_crs_41_xss_attacks.conf
 
lrwxrwxrwx 1 root root  52 Jun 26 14:07 modsecurity_crs_42_tight_security.conf -> ../base_rules/modsecurity_crs_42_tight_security.conf
 
lrwxrwxrwx 1 root root  45 Jun 26 14:07 modsecurity_crs_45_trojans.conf -> ../base_rules/modsecurity_crs_45_trojans.conf
 
lrwxrwxrwx 1 root root  55 Jun 26 14:07 modsecurity_crs_47_common_exceptions.conf -> ../base_rules/modsecurity_crs_47_common_exceptions.conf
 
lrwxrwxrwx 1 root root  62 Jun 26 14:07 modsecurity_crs_48_local_exceptions.conf.example -> ../base_rules/modsecurity_crs_48_local_exceptions.conf.example
 
lrwxrwxrwx 1 root root  54 Jun 26 14:07 modsecurity_crs_49_inbound_blocking.conf -> ../base_rules/modsecurity_crs_49_inbound_blocking.conf
 
lrwxrwxrwx 1 root root  46 Jun 26 14:07 modsecurity_crs_50_outbound.conf -> ../base_rules/modsecurity_crs_50_outbound.conf
 
lrwxrwxrwx 1 root root  55 Jun 26 14:07 modsecurity_crs_59_outbound_blocking.conf -> ../base_rules/modsecurity_crs_59_outbound_blocking.conf
 
lrwxrwxrwx 1 root root  49 Jun 26 14:07 modsecurity_crs_60_correlation.conf -> ../base_rules/modsecurity_crs_60_correlation.conf
 
-rw-r--r-- 1 root root 5720 Jul 12  2013 README
 
 
 
==Konfigurasi==
 
 
 
cd /etc/modsecurity
 
cp modsecurity.conf-recommended modsecurity.conf
 
 
 
Edit modsecurity.conf agar
 
  
 
  SecRuleEngine DetectionOnly
 
  SecRuleEngine DetectionOnly
Line 92: Line 55:
  
  
Edit /etc/apache2/mods-available/security2.conf . Tambahkan IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf
+
Edit security2.conf
 +
 
 +
vi /etc/apache2/mods-available/security2.conf
 +
 
 +
Tambahkan IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf
  
 
  <IfModule security2_module>
 
  <IfModule security2_module>
Line 103: Line 70:
 
         # make your life easier
 
         # make your life easier
 
         IncludeOptional /etc/modsecurity/*.conf
 
         IncludeOptional /etc/modsecurity/*.conf
         IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf
+
         IncludeOptional /usr/share/modsecurity-crs/*.conf
 
  </IfModule>
 
  </IfModule>
  

Revision as of 08:41, 4 June 2017

sumber: https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/


Install Apache

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

apt-get install apache2 php7.0 php7.0-xmlrpc php7.0-mysql php7.0-gd php7.0-cli \
php7.0-curl mysql-client mysql-server dovecot-common dovecot-imapd \
dovecot-pop3d postfix squirrelmail squirrelmail-decode php7.0 php5.6 \
php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \
php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0

sudo apt-get install libxml2 libxml2-dev libxml2-utils \
libaprutil1 libaprutil1-dev

Install ModSecurity

apt-get install libapache2-modsecurity

cek 

apachectl -M | grep --color security


Install ModSecurity Core Rule Set (CRS)

Instalasi dari Github 

rm -rf /usr/share/modsecurity-crs
apt-get install -y git
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs

rename .conf extension. 

cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

Setup ModSecurity CRS

cd /usr/share/modsecurity-crs

Konfigurasi

Edit modsecurity.conf agar 

vi /etc/modsecurity/modsecurity.conf

Ubah 

SecRuleEngine DetectionOnly

menjadi 

SecRuleEngine On


Edit security2.conf 

vi /etc/apache2/mods-available/security2.conf

Tambahkan IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf 

<IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/*.conf
        IncludeOptional /usr/share/modsecurity-crs/*.conf
</IfModule>

Reload apache 

$ sudo service apache2 reload


Test

## XSS
$ curl 'http://localhost/?q="><script>alert(1)</script>'

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>

Forbidden

You don't have permission to access / on this server.

<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address>
</body></html>

## SQLi
$ curl "http://localhost/?q='1 OR 1=1"

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>

Forbidden

You don't have permission to access / on this server.

<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address>
</body></html>

Bisa juga di cek di 

/var/log/apache2/modsec_audit.log





Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=ModSecurity:_OWASP_CRS3_menambahkan&oldid=48329"