ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Before installing ModSecurity, you need to get latest version of ModSecurity from
http://www.modsecurity.org/download/index.html
Download latest ModSecurity
#wget http://www.modsecurity.org/download/modsecurity-apache_1.9.3.tar.gz
Uncompress the file
#tar -zxvf modsecurity-apache_1.9.3.tar.gz
Go to the folder
cd modsecurity-apache_1.9.3
cd apache1 (or apache2 if you are using Apache 2)
Now run
apxs -cia mod_security.c
Now you will see some thing like
vnlamp# /usr/local/apache/bin/apxs -cia mod_security.c
gcc -funsigned-char -DMOD_SSL=208125 -DEAPI -fpic -DSHARED_MODULE -I/usr/local/apache/include -c mod_security.c
gcc -shared -o mod_security.so mod_security.o
[activating module `security' in /usr/local/apache/conf/httpd.conf]
cp mod_security.so /usr/local/apache/libexec/mod_security.so
chmod 755 /usr/local/apache/libexec/mod_security.so
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak
cp /usr/local/apache/conf/httpd.conf.new /usr/local/apache/conf/httpd.conf
rm /usr/local/apache/conf/httpd.conf.new
vnlamp#
Edit httpd.conf file
#vi /etc/httpd/conf/httpd.conf
Find
DefaultType text/plain
Add below
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off
SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog /var/log/audit_log
SecFilterDebugLog /var/log/modsec_debug_log
SecFilterDebugLevel 0
SecFilterScanPOST On
SecFilterDefaultAction "deny,log,status:500"
SecFilter /etc/
SecFilter /initrd/
SecFilter /lost+found/
SecFilter /mnt/
SecFilter /proc/
SecFilter /root/
SecFilter /usr/local/apache
SecFilter /usr/local/cpanel
SecFilter /usr/local/mysql
SecFilter /var/
SecFilter /boot/
SecFilter /bin/cc
SecFilter /bin/gcc
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilterSelective ARGS_VALUES "[[:space:]](cc|bcc|to)[[:space:]]*:.*@"
SecFilterSelective ARGS_VALUES "MIME-Version: 1.0"
SecFilterSelective ARGS_VALUES "Content-Transfer-Encoding: 7bit"
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "perl "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "cd /tmp"
SecFilterSelective THE_REQUEST "cd /var/tmp"
Now restart apache web server, your web server is protected with mod_security
#apachectl stop
#apachectl start
*Khi bạn dùng apache2 thì chú ý bước này
Uncompress the file
#tar -zxvf modsecurity-apache_1.9.3.tar.gz
Go to the folder
cd modsecurity-apache_1.9.3
cd apache2 ( vào TM apache2 chứ không vào apache1 )
Now run
apxs -cia mod_security.c
Thứ Hai, 6 tháng 6, 2011
Installing ModSecurity
Bài viết liên quan:
0 nhận xét:
Đăng nhận xét