Sunday, December 4, 2022
Centos Mod Security

Install ModSecurity pada CentOS 7

modsecurity

Install ModSecurity pada CentOS 7

yum update -y
yum install mod_security -y
/etc/init.d/httpd restart  atau
service httpd restart
  • Cek versi mod sec
yum info mod_security
  • List file config mod sec
/etc/httpd/conf.d/mod_security.conf
/etc/httpd/modsecurity.d/
/etc/httpd/modsecurity.d/crs-setup.conf
/var/log/httpd/modsec_debug.log
/var/log/httpd/modsec_audit.log 
mkdir /etc/httpd/crs
cd /etc/httpd/crs
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git 
cd /etc/httpd/crs/owasp-modsecurity-crs/
cp crs-setup.conf.example crs-setup.conf
  • Setting mod sec
nano /etc/httpd/conf.d/mod_security.conf

# ModSecurity Core Rules Set configuration
    #IncludeOptional modsecurity.d/*.conf
    #IncludeOptional modsecurity.d/activated_rules/*.conf
     IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/crs-setup.conf
     IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/rules/*.conf

- restart web server

 /etc/init.d/httpd restart
nano /etc/httpd/conf.d/mod_security.conf

SecResponseBodyAccess On

- restart web server

/etc/init.d/httpd restart
  • Test mod sec
curl 192.168.1.30/index.php?exec=/bin/bash atau curl localhost/index.php?exec=/bin/bash
403 Forbidden
tail -f /var/log/httpd/modsec_audit.log
  • Cara Whitelist IP Addr
touch /etc/httpd/conf.d/admminPage.conf
nano /etc/httpd/conf.d/admminPage.conf


        RewriteEngine on
        RewriteCond %{REQUEST_URI} ^(.*)admin(.*)$
        RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.65$ ## IP Addr
        RewriteRule .* / [R=302,L]
        <LocationMatch "/administrator">
                SecRuleEngine   DetectionOnly

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Install ModSecurity pada CentOS 7. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.

(Visited 10 times, 1 visits today)
Baca Juga :  Cara Install Discord di Manjaro Linux

Similar Posts