Jump to content

Install Modsecurity di Apache: Difference between revisions

From Wiki
← Older edit
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,154 edits
VisualWikitext
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
sudo apt-get install libapache2-mod-security2
==Installing ModSecurity==


Restart Apache:
* ModSecurity can be installed by running the following command in your terminal:
/etc/init.d/apache2 restart
<syntaxhighlight lang="bash">
sudo apt install libapache2-mod-security2 -y
</syntaxhighlight>


Verify the version of ModSecurity is 2.8.0 or higher:
* Alternatively, you can also build ModSecurity manually by cloning the official ModSecurity Github repository.
apt-cache show libapache2-mod-security2
* After installing ModSecurity, enable the Apache 2 headers module by running the following command:
<syntaxhighlight lang="bash">
sudo a2enmod headers
</syntaxhighlight>


===OWASP ModSecurity Core Rule Set===
* After installing ModSecurity and enabling the header module, you need to restart the apache2 service, this can be done by running the following command:
The following steps are for Debian based distributions. File paths and commands for RHEL will differ slightly.
<syntaxhighlight lang="bash">
sudo systemctl restart apache2
</syntaxhighlight>


Move and change the name of the default ModSecurity file:
* You should now have ModSecurity installed. The next steps involves enabling and configuring ModSecurity and the OWASP-CRS.
mv /etc/modsecurity/modsecurity.conf-recommended  modsecurity.conf


Install git if needed:
==Configuring ModSecurity==
sudo apt install git


Download the OWASP ModSecurity CRS from Github:
* ModSecurity is a firewall and therefore requires rules to function. This section shows you how to implement the OWASP Core Rule Set. First, you must prepare the ModSecurity configuration file.
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
* Remove the <code>.recommended</code> extension from the ModSecurity configuration file name with the following command:


Navigate into the downloaded directory. Move and rename crs-setup.conf.example to crs-setup.conf. Then move rules/ as well.
<syntaxhighlight lang="bash">
cd owasp-modsecurity-crs
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
</syntaxhighlight>


mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf
* With a text editor such as vim, open /etc/modsecurity/modsecurity.conf and change the value for SecRuleEngine to On:


mv rules/ /etc/modsecurity/


The configuration file should match the path above as defined in the IncludeOptional directive. Add another Include directive pointing to the rule set:


<IfModule security2_module>
<syntaxhighlight lang="bash">
        # Default Debian dir for modsecurity's persistent data
vim /etc/modsecurity/modsecurity.conf
        SecDataDir /var/cache/modsecurity
</syntaxhighlight>
        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/*.conf
        Include /etc/modsecurity/rules/*.conf
</IfModule>


Restart Apache so that the changes will take effect:
<syntaxhighlight lang="bash">
/etc/init.d/apache2 restart
# -- Rule engine initialization ----------------------------------------------
 
# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
SecRuleEngine On
...
</syntaxhighlight>
 
* Restart Apache to apply the changes:
<syntaxhighlight lang="bash">
sudo systemctl restart apache2
</syntaxhighlight>
 
* ModSecurity should now be configured to run. The next step in the process is to set up a rule set to actively prevent your web server from attacks.
 
==Setting Up the OWASP ModSecurity Core Rule Set==
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, and Local File Inclusion.
 
To set up the OWASP-CRS, follow the procedures outlined below.
 
* First, delete the current rule set that comes prepackaged with ModSecurity by running the following command:
<syntaxhighlight lang="bash">
sudo rm -rf /usr/share/modsecurity-crs
</syntaxhighlight>
 
* Ensure that git is installed:
<syntaxhighlight lang="bash">
sudo apt install git
</syntaxhighlight>
 
* Clone the OWASP-CRS GitHub repository into the <code>/usr/share/modsecurity-crs</code> directory:
 
<syntaxhighlight lang="bash">
sudo git clone https://github.com/coreruleset/coreruleset /usr/share/modsecurity-crs
</syntaxhighlight>
 
Rename the <code>crs-setup.conf.example</code> to <code>crs-setup.conf</code>:
 
<syntaxhighlight lang="bash">
sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
</syntaxhighlight>
 
* Rename the default request exclusion rule file:
<syntaxhighlight lang="bash">
sudo mv /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
</syntaxhighlight>
 
* You should now have the OWASP-CRS setup and ready to be used in your Apache configuration.
 
==Enabling ModSecurity in Apache 2==
To begin using ModSecurity, enable it in the Apache configuration file by following the steps outlined below:
 
* Using a text editor such as vim, edit the /etc/apache2/mods-available/security2.conf file to include the OWASP-CRS files you have downloaded:
<syntaxhighlight lang="bash">
vim /etc/apache2/mods-available/security2.conf
</syntaxhighlight>
 
<syntaxhighlight lang="apacheconf">
<IfModule security2_module>
        SecDataDir /var/cache/modsecurity
        Include /usr/share/modsecurity-crs/crs-setup.conf
        Include /usr/share/modsecurity-crs/rules/*.conf
</IfModule>
</syntaxhighlight>
 
* In <code>/etc/apache2/sites-enabled/000-default.conf</code> file VirtualHost block, include the SecRuleEngine directive set to On.
 
 
<syntaxhighlight lang="bash">
vim /etc/apache2/sites-enabled/000-default.conf
</syntaxhighlight>
 
<syntaxhighlight lang="apacheconf">
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
 
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
 
        SecRuleEngine On
</VirtualHost>
</syntaxhighlight>
 
* If you are running a website that uses SSL, add SecRuleEngine directive to that website’s configuration file as well. See our guide on SSL Certificates with Apache on Debian & Ubuntu for more information.
* Restart the apache2 service to apply the configuration:
<syntaxhighlight lang="bash">
sudo systemctl restart apache2
</syntaxhighlight>
 
* ModSecurity should now be configured and running to protect your web server from attacks. You can now perform a quick test to verify that ModSecurity is running.


==Source==
==Source==

Latest revision as of 20:38, 22 November 2022

Installing ModSecurity

  • ModSecurity can be installed by running the following command in your terminal:
sudo apt install libapache2-mod-security2 -y
  • Alternatively, you can also build ModSecurity manually by cloning the official ModSecurity Github repository.
  • After installing ModSecurity, enable the Apache 2 headers module by running the following command:
sudo a2enmod headers
  • After installing ModSecurity and enabling the header module, you need to restart the apache2 service, this can be done by running the following command:
sudo systemctl restart apache2
  • You should now have ModSecurity installed. The next steps involves enabling and configuring ModSecurity and the OWASP-CRS.

Configuring ModSecurity

  • ModSecurity is a firewall and therefore requires rules to function. This section shows you how to implement the OWASP Core Rule Set. First, you must prepare the ModSecurity configuration file.
  • Remove the .recommended extension from the ModSecurity configuration file name with the following command:
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
  • With a text editor such as vim, open /etc/modsecurity/modsecurity.conf and change the value for SecRuleEngine to On:


vim /etc/modsecurity/modsecurity.conf

# -- Rule engine initialization ----------------------------------------------

# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
SecRuleEngine On
...
  • Restart Apache to apply the changes:
sudo systemctl restart apache2
  • ModSecurity should now be configured to run. The next step in the process is to set up a rule set to actively prevent your web server from attacks.

Setting Up the OWASP ModSecurity Core Rule Set

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, and Local File Inclusion.

To set up the OWASP-CRS, follow the procedures outlined below.

  • First, delete the current rule set that comes prepackaged with ModSecurity by running the following command:
sudo rm -rf /usr/share/modsecurity-crs
  • Ensure that git is installed:
sudo apt install git
  • Clone the OWASP-CRS GitHub repository into the /usr/share/modsecurity-crs directory:
sudo git clone https://github.com/coreruleset/coreruleset /usr/share/modsecurity-crs

Rename the crs-setup.conf.example to crs-setup.conf: 

sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
  • Rename the default request exclusion rule file:
sudo mv /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
  • You should now have the OWASP-CRS setup and ready to be used in your Apache configuration.

Enabling ModSecurity in Apache 2

To begin using ModSecurity, enable it in the Apache configuration file by following the steps outlined below:

  • Using a text editor such as vim, edit the /etc/apache2/mods-available/security2.conf file to include the OWASP-CRS files you have downloaded:
vim /etc/apache2/mods-available/security2.conf

<IfModule security2_module>
        SecDataDir /var/cache/modsecurity
        Include /usr/share/modsecurity-crs/crs-setup.conf
        Include /usr/share/modsecurity-crs/rules/*.conf
</IfModule>
  • In /etc/apache2/sites-enabled/000-default.conf file VirtualHost block, include the SecRuleEngine directive set to On.


vim /etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SecRuleEngine On
</VirtualHost>
  • If you are running a website that uses SSL, add SecRuleEngine directive to that website’s configuration file as well. See our guide on SSL Certificates with Apache on Debian & Ubuntu for more information.
  • Restart the apache2 service to apply the configuration:
sudo systemctl restart apache2
  • ModSecurity should now be configured and running to protect your web server from attacks. You can now perform a quick test to verify that ModSecurity is running.

Source

Retrieved from "https://kangtain.com/wiki/index.php?title=Install_Modsecurity_di_Apache&oldid=7259"