Scribd Logo
Upload

Welcome to Scribd!

  • $ Sudo Apt-Get Install Apache2

    Uploaded by

    Ibrah Danjima
    15 views4 pages
    This document provides instructions for setting up ModSecurity, an open-source web application firewall, on an Apache web server installed on Ubuntu 16.04. It describes installing Apache, ModSecurity, and the OWASP ModSecurity Core Rule Set. It also explains configuring ModSecurity and Apache to use the rule set and then testing ModSecurity by attempting to execute a malicious script, which should be blocked.

    Original Description:

    TP apache

    Original Title

    TP1_Setup_ModSecurityforApacheServer

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for setting up ModSecurity, an open-source web application firewall, on an Apache web server installed on Ubuntu 16.04. It describes installing Apache, ModSecurity, and the OWASP ModSecurity Core Rule Set. It also explains configuring ModSecurity and Apache to use the rule set and then testing ModSecurity by attempting to execute a malicious script, which should be blocked.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    15 views4 pages

    $ Sudo Apt-Get Install Apache2

    Uploaded by

    Ibrah Danjima
    This document provides instructions for setting up ModSecurity, an open-source web application firewall, on an Apache web server installed on Ubuntu 16.04. It describes installing Apache, ModSecurity, and the OWASP ModSecurity Core Rule Set. It also explains configuring ModSecurity and Apache to use the rule set and then testing ModSecurity by attempting to execute a malicious script, which should be blocked.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    EST: Ecole Supérieure de Télécommunication (Niamey/Niger)

    Niveau: Master II Génie Logiciel & Administration Réseaux et Sécurité.

    TP n° 1: Setup ModSecurity for Apache on Ubuntu 16.04

    ModSecurity also known as Modsec is a robust Open-source firewall application for Apache
    web server. A firewall is a utility that protects a network or a software application from abuse
    and unauthorized access by filtering requests.

    Modsec offers security features to HTTP (Hypertext Transfer Protocol). Since it is free to use,
    it has been widely adopted for monitoring, logging and filtering requests on Apache web
    servers.

    The utility has been a success in fighting common vulnerabilities using the OWASP
    ModSecurity Core Rule Set.

    This guide explains the steps of setting up and securing the Apache web server with
    ModSecurity on Ubuntu 16.04.

    Install Apache
    Il faut installer Apache

    $ sudo apt-get install Apache2

    Avant il faut tester le script malicieux ci-dessous, le script va s’exécuter. (Voir capture ci-
    dessous)

    http://127.0.0.1/index.html?exec=/bin/bash

    1
    Step 1: Installing Apache Web server
    First, install Apache if it is not installed on Ubuntu 16.04 server. First update the Ubuntu
    package index.

    $ sudo apt-get update

    Step 2: Installing ModSecurity


    Once Apache is installed, the next step is installing ModSecurity. Run the command below:

    $ sudo apt-get install libapache2-mod-security2

    Restart Apache
    $ sudo service apache2 restart

    Check if the module is enabled by running the command below:

    $ sudo apachectl -M | grep security

    The below output will display:

    security2_module (shared)

    Step 3: Configuring ModSecurity


    ModSecurity engine needs rules to work. The rules decide how communication is handled on
    the web server. Depending on the configuration, ModSecurity can pass, drop, redirect,
    execute a script or even display a status code during a session.

    There is a default configuration file /etc/modsecurity/modsecurity.conf-recommended which


    you should copy to /etc/modsecurity/modsecurity.conf to enable and configure ModSecurity.
    To do this, run the command below:

    $ sudo cp /etc/modsecurity/modsecurity.conf-recommended
    /etc/modsecurity/modsecurity.conf

    Then, edit the file that you have copied using nano or gedit editor:

    $ sudo gedit /etc/modsecurity/modsecurity.conf

    Change the value of SecRuleEngine from DetectionOnly to On.

    $ SecRuleEngine = on

    Restart Apache for the changes to take effect

    $ sudo systemctl restart apache2

    2
    ModSecurity has default rules set located at /usr/share/modsecurity-crs directory. However,
    it is always recommended to download the rules set from GitHub:

    Before, you do this, rename the default rules directory:

    $ sudo mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bk

    Then, download new rule set from GitHub using the command below:

    $ sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git


    /usr/share/modsecurity-crs

    Copy the sample configuration file from the downloaded rules using the command below:

    $ sudo cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-


    crs/crs-setup.conf

    To get these rules working on Apache, you should edit the /etc/apache2/mods-
    enabled/security2.conf file using a gedit editor

    $ sudo gedit /etc/apache2/mods-enabled/security2.conf

    Add the following two lines at the end

    $ IncludeOptional /usr/share/modsecurity-crs/*.conf

    $ IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf

    Restart Apache:
    $ sudo systemctl restart apache2

    Step 4: Testing ModSecurity

    Now try to execute malicious scripts on a browser and see if ModSecurity rules will be
    triggered. Enter the below URL on a browser. Remember to replace the IP address with the
    public IP address of your server or domain name.

    http://127.0.0.1/index.html?exec=/bin/bash

    You should get a forbidden error message:

    Forbidden: You don't have permission to access / on this server. Apache/2.4.29 (Ubuntu)
    Server at 127.0.0.1 Port 80

    3
    Voir capture ci-dessous.

    Conclusion
    The Apache web server is now protected from malicious attackers. Note ModSecurity protects
    against many known attacks including SQL injection. The module is a great arsenal when it
    comes to hardening your web server from hackers.

    You might also like