Difference between revisions of "ModSecurity: OWASP CRS3 menambahkan"

From OnnoWiki
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 21: Line 21:
 
  apt update
 
  apt update
 
  apt -y install libapache2-modsecurity
 
  apt -y install libapache2-modsecurity
 +
 +
Ubuntu 20.04
 +
 +
apt -y install libapache2-mod-security2
 +
 
cek
 
cek
  
Line 28: Line 33:
  
 
Instalasi dari Github
 
Instalasi dari Github
 +
 +
Ubuntui 20.04
 +
 +
cd ~
 +
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
 +
 +
cd ~/owasp-modsecurity-crs
 +
sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf
 +
sudo mv rules/ /etc/modsecurity/
 +
 +
Versi lama
  
 
  rm -rf /usr/share/modsecurity-crs
 
  rm -rf /usr/share/modsecurity-crs

Latest revision as of 20:46, 15 January 2021

sumber: https://2buntu.com/articles/1571/installing-lamp-modsecurity-modsecurity-crs-on-ubuntu-1604/


Install Apache

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
apt-get install apache2 php7.0 php7.0-xmlrpc php7.0-mysql php7.0-gd php7.0-cli \
php7.0-curl mysql-client mysql-server dovecot-common dovecot-imapd \
dovecot-pop3d postfix squirrelmail squirrelmail-decode php7.0 php5.6 \
php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \
php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0
sudo apt-get install libxml2 libxml2-dev libxml2-utils \
libaprutil1 libaprutil1-dev

Install ModSecurity

sudo su
apt update
apt -y install libapache2-modsecurity

Ubuntu 20.04

apt -y install libapache2-mod-security2

cek

apachectl -M | grep --color security

Install ModSecurity Core Rule Set (CRS)

Instalasi dari Github

Ubuntui 20.04

cd ~
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cd ~/owasp-modsecurity-crs
sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf
sudo mv rules/ /etc/modsecurity/

Versi lama

rm -rf /usr/share/modsecurity-crs
apt-get install -y git
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf


Silahkan baca2 file crs-setup.conf kalau mau mengerti cara / proses deteksi. Ada bagian PARANOID :) ..

Setup ModSecurity CRS

mkdir -p /usr/share/modsecurity-crs/activated_rules/
cd /usr/share/modsecurity-crs
for f in `ls rules`; do sudo ln -s ../rules/$f activated_rules/$f; done

Konfigurasi

Edit modsecurity.conf agar

mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
vi /etc/modsecurity/modsecurity.conf

Ubah

SecRuleEngine DetectionOnly

menjadi

SecRuleEngine On


Edit security2.conf

vi /etc/apache2/mods-available/security2.conf

Tambahkan IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf

<IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/*.conf
        Include "/usr/share/modsecurity-crs/*.conf"
        Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
</IfModule>

Reload Apache

Enable module

a2enmod headers
a2enmod security2
service apache2 reload


Cara Disable module

a2dismod headers
a2dismod security2
service apache2 reload

Test

Jika anda menginstalasi DVWA, bisa di lakukan test ke DVWA dengan kondisi module di enable / disable.

XSS

curl 'http://localhost/?q="><script>alert(1)</script>'

SQLi

curl "http://localhost/?q='1 OR 1=1"

Responds

Harusnya akan dapat kode kira-kira

403 Forbidden

Cek Log

watch -n 2 "tail /var/log/apache2/modsec_audit.log"

atau

tail -f /var/log/apache2/modsec_audit.log

Referensi