Mod Security Kurulumu

 

 

Mod Security Kurulumu

 

* wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz

* tar -zxf modsecurity-apache_1.9.4.tar.gz

* cd modsecurity-apache_1.9.4

* cd apache2/

* yum install httpd-devel

* /usr/sbin/apxs -cia mod_security.c

* cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-mod_sec

* nano -w /etc/httpd/conf/httpd.conf

İçerisinde “LoadModule security_module    /usr/lib/httpd/modules/mod_security.so” satırı bulunur ve altına

http://www.eth0.us/mod_security sayfasındaki —-Ruleset—- arasındaki komutlar eklenir

CTRL+X Y ENTER

 

* service httpd restart

 

LoadModule security_module yapıştırılacak dosya aşağıdadır

 

 

 

# Turn the filtering engine On or Off

SecFilterEngine On

 

# Change Server: string

SecServerSignature “Apache”

 

 

# This setting should be set to On only if the Web site is

# using the Unicode encoding. Otherwise it may interfere with

# the normal Web site operation.

SecFilterCheckUnicodeEncoding Off

 

# The audit engine works independently and

# can be turned On of Off on the per-server or

# on the per-directory basis. “On” will log everything,

# “DynamicOrRelevant” will log dynamic requests or violations,

# and “RelevantOnly” will only log policy violations

SecAuditEngine RelevantOnly

 

# The name of the audit log file

SecAuditLog logs/audit_log

 

# Should mod_security inspect POST payloads

SecFilterScanPOST On

 

# Action to take by default

SecFilterDefaultAction “deny,log,status:403”

 

## ## ## ## ## ## ## ## ## ##

## ## ## ## ## ## ## ## ## ##

 

# Require HTTP_USER_AGENT and HTTP_HOST in all requests

# SecFilterSelective “HTTP_USER_AGENT|HTTP_HOST” “^$”

 

# Require Content-Length to be provided with

# every POST request

SecFilterSelective REQUEST_METHOD “^POST$” chain

SecFilterSelective HTTP_Content-Length “^$”

 

# Don’t accept transfer encodings we know we don’t handle

# (and you don’t need it anyway)

SecFilterSelective HTTP_Transfer-Encoding “!^$”

 

# Protecting from XSS attacks through the PHP session cookie

SecFilterSelective ARG_PHPSESSID “!^[0-9a-z]*$”

SecFilterSelective COOKIE_PHPSESSID “!^[0-9a-z]*$”

 

SecFilter “viewtopic.php?” chain

SecFilter “chr(([0-9]{1,3}))” “deny,log”

 

# Block various methods of downloading files to a server

SecFilterSelective THE_REQUEST “wget “

SecFilterSelective THE_REQUEST “lynx “

SecFilterSelective THE_REQUEST “scp “

SecFilterSelective THE_REQUEST “ftp “

SecFilterSelective THE_REQUEST “cvs “

SecFilterSelective THE_REQUEST “rcp “

SecFilterSelective THE_REQUEST “curl “

SecFilterSelective THE_REQUEST “telnet “

SecFilterSelective THE_REQUEST “ssh “

SecFilterSelective THE_REQUEST “echo “

SecFilterSelective THE_REQUEST “links -dump “

SecFilterSelective THE_REQUEST “links -dump-charset “

SecFilterSelective THE_REQUEST “links -dump-width “

SecFilterSelective THE_REQUEST “links http:// “

SecFilterSelective THE_REQUEST “links ftp:// “

SecFilterSelective THE_REQUEST “links -source “

SecFilterSelective THE_REQUEST “mkdir “

SecFilterSelective THE_REQUEST “cd /tmp “

SecFilterSelective THE_REQUEST “cd /var/tmp “

SecFilterSelective THE_REQUEST “cd /etc/httpd/proxy “

SecFilterSelective THE_REQUEST “/config.php?v=1&DIR “

SecFilterSelective THE_REQUEST “&highlight=%2527%252E “

SecFilterSelective THE_REQUEST “changedir=%2Ftmp%2F.php “

SecFilterSelective THE_REQUEST “arta.zip “

SecFilterSelective THE_REQUEST “cmd=cdx20/var “

SecFilterSelective THE_REQUEST “HCL_path=http “

SecFilterSelective THE_REQUEST “clamav-partial “

SecFilterSelective THE_REQUEST “vi.recover “

SecFilterSelective THE_REQUEST “netenberg “

SecFilterSelective THE_REQUEST “psybnc “

SecFilterSelective THE_REQUEST “fantastico_de_luxe “

 

SecFilter “bcc:”

SecFilter “bccx3a”

SecFilter “cc:”

SecFilter “ccx3a”

SecFilter “bcc:|Bcc:|BCC:” chain

SecFilter “[A-Z0-9._%-]+@[A-Z0-9._%-]+.[A-Z]{2,4},x20[A-Z0-9._%-]+@[A-Z0-9._%-]+.[A-Z]{2,4}”

SecFilterSelective POST_PAYLOAD “Bcc:”

SecFilterSelective POST_PAYLOAD “Bcc:x20”

SecFilterSelective POST_PAYLOAD “cc:”

SecFilterSelective POST_PAYLOAD “cc:x20”

SecFilterSelective POST_PAYLOAD “bcc:”

SecFilterSelective POST_PAYLOAD “bcc:x20”

SecFilterSelective POST_PAYLOAD “bcc: “

SecFilterSelective THE_REQUEST “Bcc:”

SecFilterSelective THE_REQUEST “Bcc:x20”

SecFilterSelective THE_REQUEST “cc:”

SecFilterSelective THE_REQUEST “cc:x20”

SecFilterSelective THE_REQUEST “bcc:”

SecFilterSelective THE_REQUEST “bcc:x20”

SecFilterSelective THE_REQUEST “bcc: “

# WEB-PHP phpbb quick-reply.php arbitrary command attempt

SecFilterSelective THE_REQUEST “/quick-reply.php” chain

SecFilter “phpbb_root_path=”