Install Modsecurity di Apache: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
==Installing ModSecurity== | ==Installing ModSecurity== | ||
* ModSecurity can be installed by running the following command in your terminal: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo apt install libapache2-mod-security2 -y | sudo apt install libapache2-mod-security2 -y | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Alternatively, you can also build ModSecurity manually by cloning the official ModSecurity Github repository. | * Alternatively, you can also build ModSecurity manually by cloning the official ModSecurity Github repository. | ||
* After installing ModSecurity, enable the Apache 2 headers module by running the following command: | |||
After installing ModSecurity, enable the Apache 2 headers module by running the following command: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo a2enmod headers | sudo a2enmod headers | ||
</syntaxhighlight> | </syntaxhighlight> | ||
After installing ModSecurity and enabling the header module, you need to restart the apache2 service, this can be done by running the following command: | * After installing ModSecurity and enabling the header module, you need to restart the apache2 service, this can be done by running the following command: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo systemctl restart apache2 | sudo systemctl restart apache2 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
You should now have ModSecurity installed. The next steps involves enabling and configuring ModSecurity and the OWASP-CRS. | * You should now have ModSecurity installed. The next steps involves enabling and configuring ModSecurity and the OWASP-CRS. | ||
==Configuring ModSecurity== | ==Configuring ModSecurity== | ||
Remove the <code>.recommended</code> extension from the ModSecurity configuration file name with the following command: | * ModSecurity is a firewall and therefore requires rules to function. This section shows you how to implement the OWASP Core Rule Set. First, you must prepare the ModSecurity configuration file. | ||
* Remove the <code>.recommended</code> extension from the ModSecurity configuration file name with the following command: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 31: | Line 28: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
With a text editor such as vim, open /etc/modsecurity/modsecurity.conf and change the value for SecRuleEngine to On: | * With a text editor such as vim, open /etc/modsecurity/modsecurity.conf and change the value for SecRuleEngine to On: | ||
| Line 48: | Line 46: | ||
... | ... | ||
</syntaxhighlight> | </syntaxhighlight> | ||
* Restart Apache to apply the changes: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo systemctl restart apache2 | sudo systemctl restart apache2 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
ModSecurity should now be configured to run. The next step in the process is to set up a rule set to actively prevent your web server from attacks. | * ModSecurity should now be configured to run. The next step in the process is to set up a rule set to actively prevent your web server from attacks. | ||
==Setting Up the OWASP ModSecurity Core Rule Set== | ==Setting Up the OWASP ModSecurity Core Rule Set== | ||
| Line 62: | Line 59: | ||
To set up the OWASP-CRS, follow the procedures outlined below. | To set up the OWASP-CRS, follow the procedures outlined below. | ||
First, delete the current rule set that comes prepackaged with ModSecurity by running the following command: | * First, delete the current rule set that comes prepackaged with ModSecurity by running the following command: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo rm -rf /usr/share/modsecurity-crs | sudo rm -rf /usr/share/modsecurity-crs | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Ensure that git is installed: | * Ensure that git is installed: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo apt install git | sudo apt install git | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Clone the OWASP-CRS GitHub repository into the <code>/usr/share/modsecurity-crs</code> directory: | * Clone the OWASP-CRS GitHub repository into the <code>/usr/share/modsecurity-crs</code> directory: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 86: | Line 81: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Rename the default request exclusion rule file: | * Rename the default request exclusion rule file: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo mv /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf | sudo mv /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf | ||
</syntaxhighlight> | </syntaxhighlight> | ||
You should now have the OWASP-CRS setup and ready to be used in your Apache configuration. | * You should now have the OWASP-CRS setup and ready to be used in your Apache configuration. | ||
==Enabling ModSecurity in Apache 2== | ==Enabling ModSecurity in Apache 2== | ||
To begin using ModSecurity, enable it in the Apache configuration file by following the steps outlined below: | To begin using ModSecurity, enable it in the Apache configuration file by following the steps outlined below: | ||
Using a text editor such as vim, edit the /etc/apache2/mods-available/security2.conf file to include the OWASP-CRS files you have downloaded: | * Using a text editor such as vim, edit the /etc/apache2/mods-available/security2.conf file to include the OWASP-CRS files you have downloaded: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
vim /etc/apache2/mods-available/security2.conf | vim /etc/apache2/mods-available/security2.conf | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="apacheconf"> | ||
<IfModule security2_module> | <IfModule security2_module> | ||
SecDataDir /var/cache/modsecurity | SecDataDir /var/cache/modsecurity | ||
| Line 111: | Line 103: | ||
</IfModule> | </IfModule> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
In <code>/etc/apache2/sites-enabled/000-default.conf</code> file VirtualHost block, include the SecRuleEngine directive set to On. | * In <code>/etc/apache2/sites-enabled/000-default.conf</code> file VirtualHost block, include the SecRuleEngine directive set to On. | ||
| Line 119: | Line 111: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="apacheconf"> | ||
<VirtualHost *:80> | <VirtualHost *:80> | ||
ServerAdmin webmaster@localhost | ServerAdmin webmaster@localhost | ||
| Line 130: | Line 122: | ||
</VirtualHost> | </VirtualHost> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
* If you are running a website that uses SSL, add SecRuleEngine directive to that website’s configuration file as well. See our guide on SSL Certificates with Apache on Debian & Ubuntu for more information. | |||
* Restart the apache2 service to apply the configuration: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo systemctl restart apache2 | sudo systemctl restart apache2 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
ModSecurity should now be configured and running to protect your web server from attacks. You can now perform a quick test to verify that ModSecurity is running. | * ModSecurity should now be configured and running to protect your web server from attacks. You can now perform a quick test to verify that ModSecurity is running. | ||
==Source== | ==Source== | ||