Install ModSecurity pada CentOS 7

admin

1 year ago

“Install ModSecurity pada CentOS 7”

Daftar Isi

Toggle

Pengantar

ModSecurity adalah Web Application Firewall (WAF) untuk web server Apache. Selain menyediakan kemampuan logging, ModSecurity dapat memonitor trafik HTTP secara real time dalam mendeteksi serangan. ModSecurity juga beroperasi sebagai Instrusion Detection System (IDS), memungkinkan Anda untuk bereaksi terhadap peristiwa mencurigakan yang terjadi pada sistem web Anda.

Install ModSecurity pada CentOS 7

Update OS

yum update -y

Install mod security

yum install mod_security -y

restart web server

/etc/init.d/httpd restart  atau
service httpd restart

Cek versi mod sec

yum info mod_security

List file config mod sec

/etc/httpd/conf.d/mod_security.conf
/etc/httpd/modsecurity.d/
/etc/httpd/modsecurity.d/crs-setup.conf
/var/log/httpd/modsec_debug.log
/var/log/httpd/modsec_audit.log

Setting OWASP mod sec

mkdir /etc/httpd/crs
cd /etc/httpd/crs
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git 
cd /etc/httpd/crs/owasp-modsecurity-crs/
cp crs-setup.conf.example crs-setup.conf

Setting mod sec

nano /etc/httpd/conf.d/mod_security.conf

# ModSecurity Core Rules Set configuration
    #IncludeOptional modsecurity.d/*.conf
    #IncludeOptional modsecurity.d/activated_rules/*.conf
     IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/crs-setup.conf
     IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/rules/*.conf

- restart web server

 /etc/init.d/httpd restart

setting apache

nano /etc/httpd/conf.d/mod_security.conf

SecResponseBodyAccess On

- restart web server

/etc/init.d/httpd restart

Test mod sec

curl 192.168.1.30/index.php?exec=/bin/bash atau curl localhost/index.php?exec=/bin/bash

403 Forbidden

Cek log

tail -f /var/log/httpd/modsec_audit.log

Cara Whitelist IP Addr

touch /etc/httpd/conf.d/admminPage.conf
nano /etc/httpd/conf.d/admminPage.conf


        RewriteEngine on
        RewriteCond %{REQUEST_URI} ^(.*)admin(.*)$
        RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.65$ ## IP Addr
        RewriteRule .* / [R=302,L]
        <LocationMatch "/administrator">
                SecRuleEngine   DetectionOnly

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Install ModSecurity pada CentOS 7. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.