Pranaam to all bhai ji _/\_
Today we are going to learn, how to setup mod_security and configuring it with OWASP core rule sets
mod security is apache server security module which prevent web server from many known security attack by checking client requst and block request if it is contains malicious data
it is well known and widely used open source web server security module .
but there is important thing , we also need to configure mod_security with core rule set , so that it can check client request for known malicious data/keywords.i am gonna configure mod_security with OWASP core rule sets
lets start............
Installation:-
mod_security can be installed by using 2 ways
using yum
using tar bal(source)
i am using yum :P
yum package name for mod_security is mod_security
run command
yum install mod_security
Configuration:-
after installation of mod_security, we need to add core rule sets so that it can block malicious request to web server
here is download links for core rule sets
http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/
i am going ot use owasp-modsecurity-core rule sets
download tar file of rule sets using wget command
wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/owasp-modsecurity-crs-2.2.8.tar.gz/fdee278c02d41a1377dc20a616b2f327/owasp-modsecurity-crs-2.2.8.tar.gz
extract them using command tar -xzf owasp*
change name of extracted directory to simple one or you may use original name :)
and place extracted directory of core rule sets to directory /etc/httpd
enter into core rule set directory , we need to rename modsecurity_crs_10_setup.conf.example to something.conf
i am renaming modsecurity_crs_10_setup.conf.example to modsecurity_crs_10_setup.conf
using mv command
mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
ok now we need to include these core rule sets into apache configuration file (/etc/httpd/conf/httpd.conf)
opn file /etc/httpd/conf/httpd.conf
and add location of core rule set configuration file(modsecurity_crs_10_setup.conf) as well as conf files in base_rule directory under core rule set directory
for example , in mine case core rule set directory name is modsecurity-crs-2.2.8
config file name is modsecurity_crs_10_setup.conf and it is present under modsecurity-crs-2.2.8 directory
base_rules directory also under modsecurity-crs-2.2.8 directory
so..... add following lines at the end of apache server config file
<IfModule security2_module>
include your_core_rule_set_dir/modsecurity_crs_10_setup.conf
include your_core_rule_set_dir/base_rules/*.conf
<IfModule>
in mine case , your_core_rule_set_dir is modsecurity-crs-2.2.8
oooooooooooook , restart apache server and see the magic
and here is magic :D
i have a SQL injection vulnerable website on my system and what hapened when i tried to inject SQL command :P
aaahaaa :D mod security is blocking SQL injection ^_^
this was tutorial on how to setup mod_security and configuring it
Thank you
Greetz to :- Guru ji Zero , code breaker ica, Aasim shaikh,Reborn, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,Hardeep bhai,Mannu,Viki and AR AR bhai ji <3
Good one :)
ReplyDeletegood hai bhaiji
ReplyDelete