modsecurity3.0安装部署

最新推荐文章于 2024-10-22 11:20:58 发布

猿进化

最新推荐文章于 2024-10-22 11:20:58 发布

阅读量1.5k

点赞数 1

分类专栏：网络安全

本文链接：https://blog.csdn.net/qq_37322178/article/details/109124330

版权

网络安全专栏收录该内容

12 篇文章

订阅专栏

Centos7.4 modsecurity with nginx 安装

1.安装依赖

yum install -y pcre pcre-devel openssl openssl-devel libtool libtool-ltdl-devel gcc gcc-c++ gcc-g77 autoconf automake

geoip geip-devel libcurl libcurl-devel yajl yajl-devel lmdb-devel ssdeep-devel lua-devel

2. openresty与modsecurity安装编译相关依赖

注：安装包放在/opt 目录否则 openresty make 失败

wget http://www.over-yonder.net/~fullermd/projects/libcidr/libcidr-1.2.3.tar.xz
wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
wget https://openresty.org/download/openresty-1.15.8.2.tar.gz
tar -xvf libcidr-1.2.3.tar.xz
tar -zxvf pcre-8.43.tar.gz
tar -zxvf openssl-1.1.1d.tar.gz
tar -zxvf openresty-1.15.8.2.tar.gz
rm -rf pcre-8.43.tar.gz \
           openssl-1.1.1d.tar.gz \
           openresty-1.15.8.2.tar.gz
cd /opt/libcidr-1.2.3
make && make install

#libmodsecurity编译安装
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity

cd ModSecurity

git submodule init

git submodule update

./build.sh

./configure

make

make install


#modsecurity nginx dynamicmodule编译
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git


#openresty 编译

cd /opt/openresty-1.15.8.2/
./configure --with-pcre-jit --with-ipv6 \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_sub_module \
--with-http_geoip_module \
--with-openssl=/opt/openssl-1.1.1d \
--with-pcre=/opt/pcre-8.43
--add-dynamic-module=../ModSecurity-nginx
gmake && gmake install

3.owasp规则库下载

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cd owasp-modsecurity-crs/
cp crs-setup.conf.example crs-setup.conf
cd rules
cp REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
cp RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf

4.nginx.conf 内容

#user  nobody;
worker_processes  1;
#error_log  logs/error.log;
#modsecurity动态库加载
load_module /usr/local/openresty/nginx/modules/ngx_http_modsecurity_module.so;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info; 

pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /opt/openresty/bundle/nginx-1.15.8/conf/mime.types;
    default_type  application/octet-stream;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    server {

        listen       80;
        server_name  _;
        #access_log  logs/host.access.log  main;
        #modsecurity 支持
        modsecurity on;
        location / {
            #modsecurity配置文件路径
            modsecurity_rules_file /opt/ModSecurity/modsecurity.conf;
            root   html;
            index  index.html index.htm;
        }

        location = /50x.html {
            root   html;
        }
    }
}

5.owasp规则库配置

cp /opt/ModSecurity/modsecurity.conf-recommended modsecurity.conf
vi modsecurity.conf
#最后添加
Include /opt/owasp-modsecurity-crs/crs-setup.conf
Include /opt/owasp-modsecurity-crs/rules/*.conf
#保存

6.访问攻击url查看日志

cat /var/log/modsec_audit.log

默认只是检测，不拦截，可以修改配置，将

vi /usr/local/nginx/modsecurity.conf 

# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
#SecRuleEngine DetectionOnly
SecRuleEngine On