zoukankan      html  css  js  c++  java

  • modsecurity安装

    Centos下nginx+Modsecurity安装:https://www.jianshu.com/p/93e310e12036
    https://www.oschina.net/p/modsecurity?hmsr=aladdin1e1
    http://www.modsecurity.cn/practice/post/23.html

    http://www.modsecurity.cn/chm/pmFromFile.html

    一,安装依赖:

    # yum instal l-y gitwgetepel-releasegcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel lmdb-devel libxml2-devel ssdeep-devel lua-devel libtool autoconf automake

    # yum install gcc-c++

    二,安装MS:

    # cd /usr/local
    # git clone https://github.com/SpiderLabs/ModSecurity

    # cd ModSecurity

    # git checkout -b v3/master origin/v3/master      

    # git submodule init                              

    # git submodule update

    # sh build.sh

    # ./configure

    # make

    # makeinstall

    三,安装nginx与ModSecurity-nginx连接器:

    # cd /usr/local

    # git clone https://github.com/SpiderLabs/ModSecurity-nginx

    # wget wget http://nginx.org/download/nginx-1.18.0.tar.gz

    # tar -xvzf nginx-1.18.0.tar.gz

    # cd /usr/local/nginx-1.18.0

    # ./configure --add-module=/usr/local/ModSecurity-nginx

    # make && make install

    四,模拟攻击,测试未启动MS时的访问效果:

    启动nginx:
    # /usr/local/nginx/sbin/nginx

    访问URL地址:
    http://10.20.192.36/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

    未拦截效果:

    五、配置MS:

    # mkdir /usr/local/nginx/conf/modsecurity            

    # cp /usr/local/Modsecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity/modsecurity.conf

    #cp /usr/local/Modsecurity/unicode.mapping /usr/local/nginx/conf/modsecurity/

    #cd /usr/local/

    # wget http://www.modsecurity.cn/download/corerule/owasp-modsecurity-crs-3.3-dev.zip
    # unzip owasp-modsecurity-crs-3.3-dev.zip
    # cd owasp-modsecurity-crs-3.3-dev

    #cp crs-setup.conf.example /usr/local/nginx/conf/modsecurity/crs-setup.conf

    #cp -rf /usr/local/owasp-modsecurity-crs-3.3-dev/rules /usr/local/nginx/conf/modsecurity/

    # cd /usr/local/nginx/conf/modsecurity/

    # mv REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf                 
    # mv RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf


    编辑:vi nginx.conf
    在http或server节点中添加以下内容:

    modsecurity on;
    modsecurity_rules_file /usr/local/nginx/conf/modsecurity/modsecurity.conf;

    编辑:vi modsecurity.conf
    SecRuleEngine DetectionOnly 改为 SecRuleEngine On

    然后添加以下内容:
    Include /usr/local/nginx/conf/modsecurity/crs-setup.conf
    Include /usr/local/nginx/conf/modsecurity/rules/*.conf

    六,重新加载Nginx测试效果:
    # /usr/local/nginx/sbin/nginx -s reload

    重新攻击访问:
    http://10.20.192.36/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

    查看nginx日志:
    tailf /usr/local/nginx/logs/access.log


    七、modSecurity规则指令编写:
    1、一个简单的规则

    在/usr/local/nginx/conf/modsecurity/rules 目录下创建wz.conf,添加规则
    SecRule ARGS "(testwwd)+"
        "msg:'wwd22 test',
        id:300102,
        phase:request,
        deny,
        status:503"

    # /usr/local/nginx/sbin/nginx -s reload

    测试:http://10.20.192.36/?test=testwwd

    请尊重笔者的劳动成果哦,转载请说明出处哦
  • 相关阅读:
    .NET数据库编程求索之路6.使用ADO.NET实现(三层架构篇使用List传递数据基于存储过程)(1)
    【转】模板化的单例模式
    .NET数据库编程求索之路7.使用ADO.NET实现(工厂模式实现多数据库切换)(1)
    【转】VC++项目中stdafx.h的作用
    【转】用oledb读取dbf文件报错--“外部表不是预期的格式” [
    【转】ADO.Net连接DBF文件
    【转】可能继承的C++ Singleton基类
    .NET数据库编程求索之路6.使用ADO.NET实现(三层架构篇使用List传递数据基于存储过程)(2)
    .NET数据库编程求索之路4.使用ADO.NET实现(三层架构篇使用Table传递数据)(3)
    RMAN>干掉热备份#OCP试验1#
  • 原文地址:https://www.cnblogs.com/gufengchen/p/14998610.html
Copyright © 2011-2022 走看看