インストール&スタート
yum install -y httpd
yum install -y epel-release
yum install -y mod_security mod_security_crs
ルール設定
vi /etc/httpd/conf.d/mod_security.conf
Include modsecurity.d/activated_rules/modsecurity_crs_41_xss_attacks.conf
/etc/httpd/modsecurity.d/activated_rules/
modsecurity_crs_41_sql_injection_attacks.conf
modsecurity_crs_41_xss_attacks.conf
systemctl enable httpd
systemctl restart httpd
穴あけ
firewall-cmd –list-all
firewall-cmd –zone=public –add-service=http –permanent
firewall-cmd –reload
ログインページ作成
vi /var/www/html/index.html OK
ログ確認
less /var/log/httpd/modsec_audit.log
tail -f /var/log/httpd/modsec_audit.log
検証
curl “http://192.168.2.133/?a=”
curl “http://192.168.2.133/?a=SELECT+*+FROM+TABLE+WHERE+code%3D%27a%27+or+TRUE%3B”
コメント