操作系统 CenOS 7.9
ModSecurity: 2.9.3 (中文社区可下载)
http://www.modsecurity.cn/download/modsecurity/modsecurity-2.9.3.tar.gz
ModSecurity所需环境:
Apache 2.0.x或以上版本,同时需开启mod_unique_id模块
libapr与libapr-util
libpcre
libxml2
liblua v5.x.x
libcurl v7.15.1 or higher
Apache所需环境:
libapr与libapr-util
libpcre
部署开始
一、软件包上传
软件包合集 http://www.modsecurity.cn/practice/files/apache+modsecurity.rar
上传至服务器中/usr/local目录下后解压
[root@virtual_cloud local]# ls
apr-1.5.2.tar.gz httpd-2.4.41.tar.gz lua-5.3.5.tar.gz owasp-modsecurity-crs-3.3-dev.zip
apr-util-1.5.4.tar.gz libxml2-2.9.9.tar.gz modsecurity-2.9.3.tar.gz pcre-8.43.tar.gz
二、安装相关依赖工具
yum install -y readline-devel curl-devel gcc gcc-c++ python-devel yajl-devel
三、创建相关安装目录
cd /usr/local
mkdir apr apr-util pcre apache libxml2
四、安装lua
#如果系统中已经自带lua,建议跳过此步直接yum install lua-devel
cd /usr/local
tar -zxvf lua-5.3.5.tar.gz
cd lua-5.3.5
#由于是64位操作系统,需要编辑/usr/local/lua-5.3.5/src/Makefile,将
#CFLAGS= -O2 -Wall -Wextra -DLUA_COMPAT_5_2 $(SYSCFLAGS) $(MYCFLAGS)改为
#CFLAGS= -O2 -Wall -fPIC -Wextra -DLUA_COMPAT_5_2 $(SYSCFLAGS) $(MYCFLAGS)
make linux test
make install
五、安装apr
cd /usr/local
tar -zxvf apr-1.5.2.tar.gz
cd apr-1.5.2
./configure --prefix=/usr/local/apr
#结尾会提示rm: cannot remove 'libtoolT': No such file or directory,无需处理
make
make install
六、安装apr-util
cd /usr/local
tar -zxvf apr-util-1.5.4.tar.gz
cd apr-util-1.5.4
./configure --prefix=/usr/local/apr-util -with-apr=/usr/local/apr/bin/apr-1-config
make
make install
七、安装pcre
cd /usr/local
tar -zxvf pcre-8.43.tar.gz
cd pcre-8.43
./configure --prefix=/usr/local/pcre
make
make install
#中间会出现两次警告,不影响最终效果,因此暂不处理
八、安装libxml2
cd /usr/local
tar -zxvf libxml2-2.9.9.tar.gz
cd libxml2-2.9.9
./configure --prefix=/usr/local/libxml2
make
make install
#中间会出现一次警告,libtool: warning: relinking 'libxml2mod.la',不影响最终效果,因此暂不处理
九、安装Apache
cd /usr/local
tar -zxvf httpd-2.4.41.tar.gz
cd httpd-2.4.41
./configure --prefix=/usr/local/apache --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --with-pcre=/usr/local/pcre
make
make install
修改httpd.conf配置文件,将"#ServerName www.example.com:80"改为"ServerName 0.0.0.0:80"后启动Apache
/usr/local/apache/bin/apachectl start
十、测试效果
模拟攻击,测试未安装ModSecurity时的访问效果,访问URL为:http://服务器IP/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
效果如下:
[root@virtual_cloud httpd-2.4.41]# curl "10.0.0.14/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E"
<html><body><h1>It works!</h1></body></html>
十一、安装ModSecurity
#停止Apache
/usr/local/apache/bin/apachectl stop
cd /usr/lib64/
ln -s libexpat.so.1.6.0 libexpat.so
#防止make时报错/usr/bin/ld: cannot find -lexpat
cd /usr/local
tar -zxvf modsecurity-2.9.3.tar.gz
cd modsecurity-2.9.3
./configure
make
make install
注意,如果在执行configure脚本时报以下错误:
./configure: /usr/local/apache/bin/apxs: /replace/with/path/to/perl/interpreter: bad interpreter: No
则需yum install perl-devel,然后编辑/usr/local/apache/bin/apxs,将第一行“#!/replace/with/path/to/perl/interpreter -w”改为“#!/usr/bin/perl -w”
十二、最后配置
创建用于存放规则文件的文件夹,可以只创建到rules这一层,个人是由于其他自定义规则文件存在,所以默认规则额外创建了一个base文件夹
mkdir -p /usr/local/apache/conf/modsecurity/rules/base
复制ModSecurity相关文件
cp /usr/local/modsecurity-2.9.3/modsecurity.conf-recommended /usr/local/apache/conf/modsecurity/modsecurity.conf
cp /usr/local/modsecurity-2.9.3/unicode.mapping /usr/local/apache/conf/modsecurity/unicode.mapping
将owasp-modsecurity-crs解压后中的crs-setup.conf.example复制到/usr/local/apache/conf/modsecurity/下并重命名为crs-setup.conf
将owasp-modsecurity-crs解压后rules文件夹内的所有文件复制到/usr/local/apache/conf/modsecurity/rules/base下,同时修改REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example与RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example两个文件的文件名,将".example"删除,可将自己写的规则放置于此两个文件中
编辑httpd.conf,去掉#LoadModule unique_id_module modules/mod_unique_id.so前的注释符,并添加以下内容
LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
Include conf/modsecurity/modsecurity.conf
Include conf/modsecurity/crs-setup.conf
Include conf/modsecurity/rules/base/*.conf
</IfModule>
编辑modsecurity.conf
SecRuleEngine DetectionOnly改为SecRuleEngine On
十三、重新启动Apache测试效果
/usr/local/apache/bin/apachectl start
再访问http://服务器IP/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
[root@virtual_cloud base]# curl "10.0.0.14/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
浙公网安备 33010602011771号