Monday, November 11, 2024
Mod Security Rocky Linux

Cara Instal ModSecurity dengan Nginx di Rocky Linux 8

modsecurity

“Cara Instal ModSecurity dengan Nginx di Rocky Linux 8”

Pengantar

ModSecurity adalah firewall aplikasi web sumber terbuka yang populer dan gratis yang digunakan untuk melindungi aplikasi web dari beberapa jenis serangan termasuk injeksi SQL, skrip lintas situs, dan penyertaan file lokal. Ini sering digunakan untuk melindungi situs web, cPanel, dan panel kontrol hosting lainnya. Sementara ModSecurity terutama dirancang untuk server web Apache, ModSecurity juga dapat bekerja dengan server web Nginx.

Persyaratan

Cara Instal ModSecurity dengan Nginx di Rocky Linux 8

dnf update -y
dnf install gcc-c++ flex bison yajl curl-devel curl zlib-devel pcre-devel autoconf automake git curl make libxml2-devel pkgconfig libtool httpd-devel redhat-rpm-config git wget openssl openssl-devel vim
dnf --enablerepo=powertools install doxygen yajl-devel -y
dnf install epel-release https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
dnf --enablerepo=remi install GeoIP-devel -y
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity

- Ganti directory

cd ModSecurity
git submodule init
git submodule update

- compile

/configure
make
make install
  • Install nginx
cd ../
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git

wget http://nginx.org/download/nginx-1.19.10.tar.gz
tar xzf nginx-1.19.10.tar.gz
useradd -r -M -s /sbin/nologin -d /usr/local/nginx nginx

- ganti directory

cd nginx-1.19.10
./configure --user=nginx --group=nginx --with-pcre-jit --with-debug --with-http_ssl_module --with-http_realip_module --add-module=/root/ModSecurity-nginx

- install

make
make install

- copy config

cp /root/ModSecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf
cp /root/ModSecurity/unicode.mapping /usr/local/nginx/conf/

- backup nginx config

cp /usr/local/nginx/conf/nginx.conf{,.bak}

- edit nginx config

nano /usr/local/nginx/conf/nginx.conf

user  nginx;
worker_processes  1;
pid        /run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  nginx.example.com;
        modsecurity  on;
        modsecurity_rules_file  /usr/local/nginx/conf/modsecurity.conf;
        access_log  /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log;
        location / {
            root   html;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

- Buat directory

mkdir /var/log/nginx
  • Buat service systemd
nano /etc/systemd/system/nginx.service

[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=mixed
PrivateTmp=true

[Install]
WantedBy=multi-user.target

- buat symlink

ln -s /usr/local/nginx/sbin/nginx /usr/sbin/

- start service

systemctl daemon-reload
systemctl enable --now nginx
systemctl status nginx
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /usr/local/nginx/conf/modsecurity.conf

sed -i 's#/var/log/modsec_audit.log#/var/log/nginx/modsec_audit.log#' /usr/local/nginx/conf/modsecurity.conf
  • Install OWASP ModSecurity
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/local/nginx/conf/owasp-crs

cp /usr/local/nginx/conf/owasp-crs/crs-setup.conf{.example,}

echo -e "Include owasp-crs/crs-setup.conf\nInclude owasp-crs/rules/*.conf" >> /usr/local/nginx/conf/modsecurity.conf

systemctl restart nginx
  • Test Mod Sec
curl localhost/index.html?exec=/bin/bash

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.19.10</center>
</body>
</html>
tail -100 /var/log/nginx/modsec_audit.log

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Instal PhpMyAdmin di Arch Linux. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.

(Visited 84 times, 1 visits today)

Similar Posts