apache2安装owasp-modsecurity-src
一、安装靶场
首先先在kali中安装sqli靶场环境用来测试WAF的可用性,然后安装所需要的WAF,安装owasp src规则库,最后启用WAF。
1.检测必备环境是否已经开启
service apache2 start
访问 http://127.0.0.1,显示页面出来,即表示apache启动成功
SRE实战 互联网时代守护先锋,助力企业售后服务体系运筹帷幄!一键直达领取阿里云限量特价优惠。2.安装sqli-labs
git clone https://github.com/mukkul007/sqli-labs-kali2 sqli-labs
这里注意:kali中自带的PHP版本在7.0以上,无法直接使用一般版本的Sqli-labs,必须用这个版本的才行
3.添加数据量信息
service mysql start
mysql -uroot
登录后,创建新用户名和密码
grant all on dvwa.* to root@localhost identified by '123456';
成功后刷新权限
flush privileges;
然后exit退出数据库
4.配置文件设定
cd /var/www/html/sqli-labs/sql-connections
gedit db-creds.inc
5.启动sqli-labs
http://127.0.0.1/sqli-labs/ 点击setup
开启靶场要注意要提前开启数据库服务和apache2服务
二、安装ModSecurity
1.安装modsecurity-crs
apt-get install modsecurity-crs
安装完之后自己就跑到目录/etc/modsecurity下了,这里应该就是默认的吧
查看目录下的内容
将第二个文件改名
2.在apache2配置文件中安装modsecurity crs规则库
比较长的命令打一下
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs
安装完成后,当前目录下会多出一个owasp-modsecurity-crs目录,这里存放的就是在apache下运行的规则库了,只需要配置规则库,就可以了
owasp crs规则库的内容如下
3.将crs-setup.conf.example改名为crs-setup.conf
4.在rules目录下重命名两个规则库
mv REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
mv RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
5.在apache2的配置文件/etc/apache2/apache2.conf的最后添加内容
<IfModule security2_module>
Include modsec/owasp-modsecurity-crs/crs-setup.conf
Include modsec/owasp-modsecurity-crs/rules/*.conf
</IfModule>
6.编辑crs-setup.conf文件(使用命令)
# sed -ie 's/SecDefaultAction "phase:1,log,auditlog,pass"/#SecDefaultAction "phase:1,log,auditlog,pass"/g' crs-setup.conf
# sed -ie 's/SecDefaultAction "phase:2,log,auditlog,pass"/#SecDefaultAction "phase:2,log,auditlog,pass"/g' crs-setup.conf
# sed -ie 's/#.*SecDefaultAction "phase:1,log,auditlog,deny,status:403"/SecDefaultAction "phase:1,log,auditlog,deny,status:403"/g' crs-setup.conf
# sed -ie 's/# SecDefaultAction "phase:2,log,auditlog,deny,status:403"/SecDefaultAction "phase:2,log,auditlog,deny,status:403"/g' crs-setup.conf
7.生成例外排除请求的配置文件
cp rules/*.data /etc/apache2/modsec
除了这个目录,其他都是刚刚copy过来的
8.添加规则
在/etc/apache2/modsec下添加一个main.conf配置文件,并添加我们想要的规则:
# Include the recommended configuration
include etc/modsecurity/modsecurity.conf
include owasp-modsecurity-crs/crs-setup.conf
include owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
include owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
Include owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
include owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
include owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf
include owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
include owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf
include owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf
include owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
include owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf
include owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
include owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
include owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
include owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
include owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
include owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
include owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
include owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf
include owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf
include owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
include owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
include owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
include owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
include owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
include owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf
include owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
# A test rule
SecRule ARGS:testparam "@contains test" "id:1234,deny,log,status:403"
【注】考虑到可能对主机性能上的损耗,可以根据实际需求加入对应的漏洞的防护规则即可。
9.重启apache2服务
apache2 --help //查看具体错误在哪
看到说${APACHE_RUN_DIR}没有定义
解决方法:
. /etc/apache2/envvars
10.处理apache2服务开启时的错误
在/etc/apache2/apache2.conf下更改成正确的crs-setup.conf路径
又出现的错误是找不到这个,于是我把它删了emmm
知道出现running,说明apache2服务可以正常运行了
11.打开规则库的使用
将SecRuleEngine打开
三、配置虚拟主机
新增虚拟主机映射
四、测试结果
加了个分号,WAF会拒绝访问
如果,将/etc/modsecurity/modsecurity.conf的SecRuleEngine改回DetectionOnly,
再重启一下apache2之后再注入单引号,发现WAF没有起到作用
说明安装成功
【注】这里的环境我的/etc/apache2/modsec是自己创建的,里面的owasp-modsecurity-src的文件是我之前在哪里的GitHub下载,之后又用xftp传进去的,如果Apache开启的时候有其他报错现象,要自己解决。
五、参考链接
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/INSTALL https://www.cnblogs.com/Hi-blog/p/OWASP-ModSecurity-Core-Rule-Set-CRS.html https://klionsec.github.io/2017/07/31/waf-for-modsecurity/
更多精彩
