[Linux]WAF(mod security)をlinuxに入れる

インストール&スタート
yum install -y httpd
yum install -y epel-release
yum install -y mod_security mod_security_crs

ルール設定
vi /etc/httpd/conf.d/mod_security.conf

Include modsecurity.d/activated_rules/modsecurity_crs_41_xss_attacks.conf
/etc/httpd/modsecurity.d/activated_rules/
modsecurity_crs_41_sql_injection_attacks.conf
modsecurity_crs_41_xss_attacks.conf

systemctl enable httpd
systemctl restart httpd

穴あけ
firewall-cmd –list-all
firewall-cmd –zone=public –add-service=http –permanent
firewall-cmd –reload

ログインページ作成
vi /var/www/html/index.html OK

ログ確認
less /var/log/httpd/modsec_audit.log
tail -f /var/log/httpd/modsec_audit.log

検証
curl “http://192.168.2.133/?a=”
curl “http://192.168.2.133/?a=SELECT+*+FROM+TABLE+WHERE+code%3D%27a%27+or+TRUE%3B”

コメント

タイトルとURLをコピーしました