Install Modsecurity di Apache: Difference between revisions

Latest revision as of 20:38, 22 November 2022

Installing ModSecurity

ModSecurity can be installed by running the following command in your terminal:

sudo apt install libapache2-mod-security2 -y

Alternatively, you can also build ModSecurity manually by cloning the official ModSecurity Github repository.
After installing ModSecurity, enable the Apache 2 headers module by running the following command:

sudo a2enmod headers

After installing ModSecurity and enabling the header module, you need to restart the apache2 service, this can be done by running the following command:

sudo systemctl restart apache2

You should now have ModSecurity installed. The next steps involves enabling and configuring ModSecurity and the OWASP-CRS.

Configuring ModSecurity

ModSecurity is a firewall and therefore requires rules to function. This section shows you how to implement the OWASP Core Rule Set. First, you must prepare the ModSecurity configuration file.
Remove the .recommended extension from the ModSecurity configuration file name with the following command:

sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

With a text editor such as vim, open /etc/modsecurity/modsecurity.conf and change the value for SecRuleEngine to On:

vim /etc/modsecurity/modsecurity.conf

# -- Rule engine initialization ----------------------------------------------

# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
SecRuleEngine On
...

Restart Apache to apply the changes:

sudo systemctl restart apache2

ModSecurity should now be configured to run. The next step in the process is to set up a rule set to actively prevent your web server from attacks.

Setting Up the OWASP ModSecurity Core Rule Set

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, and Local File Inclusion.

To set up the OWASP-CRS, follow the procedures outlined below.

First, delete the current rule set that comes prepackaged with ModSecurity by running the following command:

sudo rm -rf /usr/share/modsecurity-crs

Ensure that git is installed:

sudo apt install git

Clone the OWASP-CRS GitHub repository into the /usr/share/modsecurity-crs directory:

sudo git clone https://github.com/coreruleset/coreruleset /usr/share/modsecurity-crs

Rename the crs-setup.conf.example to crs-setup.conf:

sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

Rename the default request exclusion rule file:

sudo mv /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

You should now have the OWASP-CRS setup and ready to be used in your Apache configuration.

Enabling ModSecurity in Apache 2

To begin using ModSecurity, enable it in the Apache configuration file by following the steps outlined below:

Using a text editor such as vim, edit the /etc/apache2/mods-available/security2.conf file to include the OWASP-CRS files you have downloaded:

vim /etc/apache2/mods-available/security2.conf

<IfModule security2_module>
        SecDataDir /var/cache/modsecurity
        Include /usr/share/modsecurity-crs/crs-setup.conf
        Include /usr/share/modsecurity-crs/rules/*.conf
</IfModule>

In /etc/apache2/sites-enabled/000-default.conf file VirtualHost block, include the SecRuleEngine directive set to On.

vim /etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SecRuleEngine On
</VirtualHost>

If you are running a website that uses SSL, add SecRuleEngine directive to that website’s configuration file as well. See our guide on SSL Certificates with Apache on Debian & Ubuntu for more information.
Restart the apache2 service to apply the configuration:

sudo systemctl restart apache2

ModSecurity should now be configured and running to protect your web server from attacks. You can now perform a quick test to verify that ModSecurity is running.

Source

linode.com

@@ Line 1: / Line 1: @@
-ModSecurity dapat diinstal dengan menjalankan perintah berikut di terminal Anda:
+==Installing ModSecurity==
- sudo apt install libapache2-mod-security2 -y
-Atau, Anda juga dapat membangun ModSecurity secara manual dengan mengkloning repositori resmi ModSecurity Github.
+* ModSecurity can be installed by running the following command in your terminal:
+<syntaxhighlight lang="bash">
+sudo apt install libapache2-mod-security2 -y
+</syntaxhighlight>
-Setelah menginstal ModSecurity, aktifkan modul header Apache 2 dengan menjalankan perintah berikut:
+* Alternatively, you can also build ModSecurity manually by cloning the official ModSecurity Github repository.
- sudo a2enmod headers
+* After installing ModSecurity, enable the Apache 2 headers module by running the following command:
+<syntaxhighlight lang="bash">
+sudo a2enmod headers
+</syntaxhighlight>
-Setelah menginstal ModSecurity dan mengaktifkan modul header, Anda perlu me-restart layanan apache2, ini dapat dilakukan dengan menjalankan perintah berikut:
+* After installing ModSecurity and enabling the header module, you need to restart the apache2 service, this can be done by running the following command:
- sudo systemctl restart apache2
+<syntaxhighlight lang="bash">
+sudo systemctl restart apache2
+</syntaxhighlight>
-Anda sekarang harus menginstal ModSecurity. Langkah selanjutnya melibatkan mengaktifkan dan mengonfigurasi ModSecurity dan OWASP-CRS.
+* You should now have ModSecurity installed. The next steps involves enabling and configuring ModSecurity and the OWASP-CRS.
-==Konfigurasi Modsecurity==
+==Configuring ModSecurity==
-ModSecurity adalah firewall dan karenanya membutuhkan aturan untuk berfungsi. Bagian ini menunjukkan cara menerapkan Set Aturan Inti OWASP. Pertama, Anda harus menyiapkan file konfigurasi ModSecurity.
-Hapus ekstensi .recommended dari nama file konfigurasi ModSecurity dengan perintah berikut:
+* ModSecurity is a firewall and therefore requires rules to function. This section shows you how to implement the OWASP Core Rule Set. First, you must prepare the ModSecurity configuration file.
-  sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
+* Remove the <code>.recommended</code> extension from the ModSecurity configuration file name with the following command:
-Dengan editor teks seperti vim, buka <code>/etc/modsecurity/modsecurity.conf</code> dan ubah nilai untuk <code>SecRuleEngine</code> menjadi <code>On</code>:
+<syntaxhighlight lang="bash">
+sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
+</syntaxhighlight>
- # -- Rule engine initialization ----------------------------------------------
+* With a text editor such as vim, open /etc/modsecurity/modsecurity.conf and change the value for SecRuleEngine to On:
- # Enable ModSecurity, attaching it to every transaction. Use detection
- # only to start with, because that minimises the chances of post-installation
- # disruption.
- #
- SecRuleEngine On
- ...
-Mulai ulang Apache untuk menerapkan perubahan:
- sudo systemctl restart apache2
-ModSecurity sekarang harus dikonfigurasi untuk dijalankan. Langkah selanjutnya dalam proses ini adalah menyiapkan seperangkat aturan untuk secara aktif mencegah server web Anda dari serangan.
+<syntaxhighlight lang="bash">
+vim /etc/modsecurity/modsecurity.conf
+</syntaxhighlight>
+<syntaxhighlight lang="bash">
+# -- Rule engine initialization ----------------------------------------------
+# Enable ModSecurity, attaching it to every transaction. Use detection
+# only to start with, because that minimises the chances of post-installation
+# disruption.
+#
+SecRuleEngine On
+...
+</syntaxhighlight>
+* Restart Apache to apply the changes:
+<syntaxhighlight lang="bash">
+sudo systemctl restart apache2
+</syntaxhighlight>
+* ModSecurity should now be configured to run. The next step in the process is to set up a rule set to actively prevent your web server from attacks.
+==Setting Up the OWASP ModSecurity Core Rule Set==
+The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, and Local File Inclusion.
+To set up the OWASP-CRS, follow the procedures outlined below.
+* First, delete the current rule set that comes prepackaged with ModSecurity by running the following command:
+<syntaxhighlight lang="bash">
+sudo rm -rf /usr/share/modsecurity-crs
+</syntaxhighlight>
+* Ensure that git is installed:
+<syntaxhighlight lang="bash">
+sudo apt install git
+</syntaxhighlight>
+* Clone the OWASP-CRS GitHub repository into the <code>/usr/share/modsecurity-crs</code> directory:
+<syntaxhighlight lang="bash">
+sudo git clone https://github.com/coreruleset/coreruleset /usr/share/modsecurity-crs
+</syntaxhighlight>
+Rename the <code>crs-setup.conf.example</code> to <code>crs-setup.conf</code>:
+<syntaxhighlight lang="bash">
+sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
+</syntaxhighlight>
+* Rename the default request exclusion rule file:
+<syntaxhighlight lang="bash">
+sudo mv /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+</syntaxhighlight>
+* You should now have the OWASP-CRS setup and ready to be used in your Apache configuration.
+==Enabling ModSecurity in Apache 2==
+To begin using ModSecurity, enable it in the Apache configuration file by following the steps outlined below:
+* Using a text editor such as vim, edit the /etc/apache2/mods-available/security2.conf file to include the OWASP-CRS files you have downloaded:
+<syntaxhighlight lang="bash">
+vim /etc/apache2/mods-available/security2.conf
+</syntaxhighlight>
+<syntaxhighlight lang="apacheconf">
+<IfModule security2_module>
+        SecDataDir /var/cache/modsecurity
+        Include /usr/share/modsecurity-crs/crs-setup.conf
+        Include /usr/share/modsecurity-crs/rules/*.conf
+</IfModule>
+</syntaxhighlight>
+* In <code>/etc/apache2/sites-enabled/000-default.conf</code> file VirtualHost block, include the SecRuleEngine directive set to On.
+<syntaxhighlight lang="bash">
+vim /etc/apache2/sites-enabled/000-default.conf
+</syntaxhighlight>
+<syntaxhighlight lang="apacheconf">
+<VirtualHost *:80>
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+        SecRuleEngine On
+</VirtualHost>
+</syntaxhighlight>
+* If you are running a website that uses SSL, add SecRuleEngine directive to that website’s configuration file as well. See our guide on SSL Certificates with Apache on Debian & Ubuntu for more information.
+* Restart the apache2 service to apply the configuration:
+<syntaxhighlight lang="bash">
+sudo systemctl restart apache2
+</syntaxhighlight>
+* ModSecurity should now be configured and running to protect your web server from attacks. You can now perform a quick test to verify that ModSecurity is running.
 ==Source==
-*[https://www.linode.com/docs/guides/securing-apache2-with-modsecurity/ linode.com]
+*[https://www.linode.com/docs/guides/configure-modsecurity-on-apache/ linode.com]
+[[Category:Security]]
+[[Category:Server]]
+[[Category:Website]]
+[[Category:Web Server]]
+[[Category:ModSecurity]]