Friday, March 1, 2024
Centos Mod Security

Install ModSecurity pada CentOS 7

modsecurity

“Install ModSecurity pada CentOS 7”

Pengantar

ModSecurity adalah Web Application Firewall (WAF) untuk web server Apache. Selain menyediakan kemampuan logging, ModSecurity dapat memonitor trafik HTTP secara real time dalam mendeteksi serangan. ModSecurity juga beroperasi sebagai Instrusion Detection System (IDS), memungkinkan Anda untuk bereaksi terhadap peristiwa mencurigakan yang terjadi pada sistem web Anda.

Install ModSecurity pada CentOS 7

yum update -y
yum install mod_security -y
  • restart web server
/etc/init.d/httpd restart  atau
service httpd restart
yum info mod_security
  • List file config mod sec
/etc/httpd/conf.d/mod_security.conf
/etc/httpd/modsecurity.d/
/etc/httpd/modsecurity.d/crs-setup.conf
/var/log/httpd/modsec_debug.log
/var/log/httpd/modsec_audit.log 
mkdir /etc/httpd/crs
cd /etc/httpd/crs
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git 
cd /etc/httpd/crs/owasp-modsecurity-crs/
cp crs-setup.conf.example crs-setup.conf
  • Setting mod sec
nano /etc/httpd/conf.d/mod_security.conf

# ModSecurity Core Rules Set configuration
    #IncludeOptional modsecurity.d/*.conf
    #IncludeOptional modsecurity.d/activated_rules/*.conf
     IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/crs-setup.conf
     IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/rules/*.conf

- restart web server

 /etc/init.d/httpd restart
  • setting apache
nano /etc/httpd/conf.d/mod_security.conf

SecResponseBodyAccess On

- restart web server

/etc/init.d/httpd restart
  • Test mod sec
curl 192.168.1.30/index.php?exec=/bin/bash atau curl localhost/index.php?exec=/bin/bash
403 Forbidden
tail -f /var/log/httpd/modsec_audit.log
  • Cara Whitelist IP Addr
touch /etc/httpd/conf.d/admminPage.conf
nano /etc/httpd/conf.d/admminPage.conf


        RewriteEngine on
        RewriteCond %{REQUEST_URI} ^(.*)admin(.*)$
        RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.65$ ## IP Addr
        RewriteRule .* / [R=302,L]
        <LocationMatch "/administrator">
                SecRuleEngine   DetectionOnly

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Install ModSecurity pada CentOS 7. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.

(Visited 40 times, 1 visits today)
Baca Juga :  Install Netdata pada Rocky Linux

Similar Posts