Install ModSecurity pada CentOS 7

“Install ModSecurity pada CentOS 7”

Pengantar

ModSecurity adalah Web Application Firewall (WAF) untuk web server Apache. Selain menyediakan kemampuan logging, ModSecurity dapat memonitor trafik HTTP secara real time dalam mendeteksi serangan. ModSecurity juga beroperasi sebagai Instrusion Detection System (IDS), memungkinkan Anda untuk bereaksi terhadap peristiwa mencurigakan yang terjadi pada sistem web Anda.

Install ModSecurity pada CentOS 7

• Update OS

yum update -y

• Install mod security

yum install mod_security -y

• restart web server

/etc/init.d/httpd restart  atau
service httpd restart

• Cek versi mod sec

yum info mod_security

• List file config mod sec

/etc/httpd/conf.d/mod_security.conf
/etc/httpd/modsecurity.d/
/etc/httpd/modsecurity.d/crs-setup.conf
/var/log/httpd/modsec_debug.log
/var/log/httpd/modsec_audit.log 

• Setting OWASP mod sec

mkdir /etc/httpd/crs
cd /etc/httpd/crs
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git 
cd /etc/httpd/crs/owasp-modsecurity-crs/
cp crs-setup.conf.example crs-setup.conf

• Setting mod sec

nano /etc/httpd/conf.d/mod_security.conf

# ModSecurity Core Rules Set configuration
    #IncludeOptional modsecurity.d/*.conf
    #IncludeOptional modsecurity.d/activated_rules/*.conf
     IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/crs-setup.conf
     IncludeOptional /etc/httpd/crs/owasp-modsecurity-crs/rules/*.conf

- restart web server

 /etc/init.d/httpd restart

• setting apache

nano /etc/httpd/conf.d/mod_security.conf

SecResponseBodyAccess On

- restart web server

/etc/init.d/httpd restart

• Test mod sec

curl 192.168.1.30/index.php?exec=/bin/bash atau curl localhost/index.php?exec=/bin/bash

403 Forbidden

• Cek log

tail -f /var/log/httpd/modsec_audit.log

• Cara Whitelist IP Addr

touch /etc/httpd/conf.d/admminPage.conf
nano /etc/httpd/conf.d/admminPage.conf


        RewriteEngine on
        RewriteCond %{REQUEST_URI} ^(.*)admin(.*)$
        RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.65$ ## IP Addr
        RewriteRule .* / [R=302,L]
        <LocationMatch "/administrator">
                SecRuleEngine   DetectionOnly

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Install ModSecurity pada CentOS 7. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.