Installation – Fedora/CentOS
$ sudo yum install mod_security
$ sudo /etc/init.d/httpd restart
https://modsecurity.org/download.html
NGINX 설치
RHEL/CentOS
Install the prerequisites:
sudo yum install yum-utils
To set up the yum repository, create the file named /etc/yum.repos.d/nginx.repo
with the following contents:
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
By default, the repository for stable nginx packages is used. If you would like to use mainline nginx packages, run the following command:
sudo yum-config-manager --enable nginx-mainline
To install nginx, run the following command:
sudo yum install nginx
When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62
, and if so, accept it.
$ yum groupinstall -y “Development Tools”
$ yum install -y http httpd-devel pure pure-devel libxml2 libxml2-devel curl curl-devel openssl openssl-devel pcre-devel
libmodsecurity 다운받고 컴파일
1. Clone GitHub repository
$ git clone –depth 1 -b v3/master –single-branch https://github.com/SpiderLabs/ModSecurity
2. CentOS 6.x 만 아래 단계 시행 (소스코드 컴파일 단계에서 macro `AM_PROG_AR’ not found in library 오류 방지)
$ wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/monkeyiq:/centos6updates/CentOS_CentOS-6/noarch/automake-1.13.4-3.2.noarch.rpm
$ wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/monkeyiq:/centos6updates/CentOS_CentOS-6/noarch/autoconf-2.69-12.2.noarch.rpm
$ yum install -y autoconf-*.noarch.rpm automake-*.noarch.rpm
3. $ gcc –version 결과가 4.8.5 이상이 아니면
$ yum install -y centos-release-scl && yum install -y devtoolset-3-toolchain
$ source /opt/rh/devtoolset-3/enable
4. 소스코드 컴파일
$ cd ModSecurity
$ git submodule init && git submodule update && ./build.sh && ./configure && make && make install
Nginx connector 다운받고 컴파일
1. Clone GitHub repository
$ git clone –depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
2. Nginx 버젼 측정
$ nginx -v
nginx version: nginx/1.19.6
3. 버젼에 맞는 Nginx 소스코드 다운로드
$ wget http://nginx.org/download/nginx-1.19.6.tar.gz
$ tar xvzf nginx-1.19.6.tar.gz
4. 동적 모듈 컴파일하고 Nginx 디렉토리에 복사
$ cd nginx-1.19.6
$ ./configure –with-compat –add-dynamic-module=../ModSecurity-nginx
$ make modules
$ cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
Nginx 동적 모듈 로드
1. /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
load_module “modules/ngx_http_modsecurity_module.so”;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
2. ModSecurity 설정
1. 추천 설정 다운로드
$ mkdir /etc/nginx/modsec
$ wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/master/modsecurity.conf-recommended
$ mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
2. “detection only” 모드에서 actively dropping traffic 로 변경
$ sed -i ‘s/SecRuleEngine DetectionOnly/SecRuleEngine On/’ /etc/nginx/modsec/modsecurity.conf
3. SecRequestBodyInMemoryLimit 줄 제거
3. 테스트 rule 만들기
1. $ vi /etc/nginx/modsec/main.conf
# Edit to set SecRuleEngine On
Include “/etc/nginx/modsec/modsecurity.conf”
# Basic test rule
SecRule ARGS:testparam “@contains test” “id:1234,deny,status:403”
4. 최종 Nginx 설정
1. Nginx 사이트 설정에서 ModSecurity 활성
server {
# …
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
}
2. nginx 재로드
$ nginx -t && nginx -s reload
3. 로그 확인
tail -f /var/log/modsec_audit.log
5. 테스트 해보기
1. 403 보기 위해서 다음의 curl 명령
$ curl localhost?testparam=test
<h1>403 forbidden</h1>
2. XSS 테스팅
$ curl localhost/?param=”><script>alert(1);</script>
$ grep error /var/log/nginx/error.log
2017/02/15 14:07:54 [error] ModSecurity: Warning. detected XSS using libinjection.
ModSecurity: Audit 활성하고 Debug 로깅
1. Nginx 사이트 “ModSecurity: Logging and Debugging” 문서
Deploy the OWASP Core Ruleset (CRS)
1. Nginx 사이트 “Enabling the OWASP CRS” 문서