- Install ModSecurity:
sudo
apt-get
install
libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev libapache-mod-security
sudo
ln
-s
/usr/lib/x86_64-linux-gnu/libxml2
.so.2
/usr/lib/libxml2
.so.2
- Configure ModSecurity:
sudo
mv
/etc/modsecurity/modsecurity
.conf-recommended
/etc/modsecurity/modsecurity
.conf;
sudo
vi
/etc/modsecurity/modsecurity
.conf
SecRuleEngine On
SecRequestBodyLimit 10000000
SecRequestBodyInMemoryLimit 10000000
- Check the ModSecurity version:
dpkg -s libapache-mod-security |
grep
Version
Version: 2.6.3-1ubuntu0.2
- Install OWASP ModSecurity Core Rule Set:
- Download the rule set(version 2.2.5 because the latest version requires ModSecurity 2.7.0+):
wget https:
//github
.com
/SpiderLabs/owasp-modsecurity-crs/tarball/v2
.2.5 -O
/tmp/owasp
.
tar
.gz
- Extract the package:
cd
/tmp
;
tar
-zxvf owasp.
tar
.gz;
rm
owasp.
tar
.gz
- Copy the directory to /etc/modsecurity, and set the permissions:
sudo
mv
SpiderLabs-owasp-modsecurity-crs-5c28b52/
/etc/modsecurity/owasp-crs
sudo
chmod
-R 644
/etc/modsecurity/owasp-crs
- Link the rules to /etc/modsecruity/owasp-crs/activated_rules directory:
sudo
mv
/etc/modsecurity/owasp-crs/modsecurity_crs_10_setup
.conf.example
/etc/modsecurity/owasp-crs/modsecurity_crs_10_setup
.conf
cd
/etc/modsecurity/owasp-crs/activated_rules/
sudo
ln
-s ..
/modsecurity_crs_10_setup
.conf
for
f
in
$(
ls
..
/base_rules/
);
do
sudo
ln
-s ..
/base_rules/
$f;
done
for
f
in
$(
ls
..
/optional_rules/
);
do
sudo
ln
-s ..
/optional_rules/
$f;
done
- Modify /etc/apache2/mods-available/mod-security.conf to include the rules:
sudo
vi
/etc/apache2/mods-available/mod-security
.conf
Include "/etc/modsecurity/owasp-crs/activated_rules/*.conf"
- Enable headers module:
sudo
a2enmod headers
Syntax error on line 29 of /etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_49_header_tagging.conf:
Invalid command 'RequestHeader', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
...fail!
- Download the rule set(version 2.2.5 because the latest version requires ModSecurity 2.7.0+):
- Enable ModSecurity module and restart apache2:
sudo
a2enmod mod-security;
sudo
/etc/init
.d
/apache2
restart
Ubuntu 12.04 Precise LTS: Install ModSecurity for Apache 2 web server
最新推荐文章于 2021-07-08 16:10:34 发布