“Install ModSecurity pada CentOS 7”
Daftar Isi
Pengantar
ModSecurity adalah Web Application Firewall (WAF) untuk web server Apache. Selain menyediakan kemampuan logging, ModSecurity dapat memonitor trafik HTTP secara real time dalam mendeteksi serangan. ModSecurity juga beroperasi sebagai Instrusion Detection System (IDS), memungkinkan Anda untuk bereaksi terhadap peristiwa mencurigakan yang terjadi pada sistem web Anda.
Install ModSecurity pada CentOS 7
yum update -y
yum install mod_security -y
- restart web server
/etc/init.d/httpd restart atau service httpd restart
- Cek versi mod sec
yum info mod_security
- List file config mod sec
/etc/httpd/conf.d/mod_security.conf /etc/httpd/modsecurity.d/ /etc/httpd/modsecurity.d/crs-setup.conf /var/log/httpd/modsec_debug.log /var/log/httpd/modsec_audit.log
- Setting OWASP mod sec
mkdir /etc/httpd/crs cd /etc/httpd/crs git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git cd /etc/httpd/crs/owasp-modsecurity-crs/ cp crs-setup.conf.example crs-setup.conf
- Setting mod sec
nano /etc/httpd/conf.d/mod_security.conf # ModSecurity Core Rules Set configuration #IncludeOptional modsecurity.d/*.conf #IncludeOptional modsecurity.d/activated_rules/*.conf IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/crs-setup.conf IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/rules/*.conf - restart web server /etc/init.d/httpd restart
- setting apache
nano /etc/httpd/conf.d/mod_security.conf SecResponseBodyAccess On - restart web server /etc/init.d/httpd restart
- Test mod sec
curl 192.168.1.30/index.php?exec=/bin/bash atau curl localhost/index.php?exec=/bin/bash
403 Forbidden
- Cek log
tail -f /var/log/httpd/modsec_audit.log
- Cara Whitelist IP Addr
touch /etc/httpd/conf.d/admminPage.conf nano /etc/httpd/conf.d/admminPage.conf RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)admin(.*)$ RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.65$ ## IP Addr RewriteRule .* / [R=302,L] <LocationMatch "/administrator"> SecRuleEngine DetectionOnly
Penutup
Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Install ModSecurity pada CentOS 7. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.
(Visited 86 times, 1 visits today)