Installation – Fedora/CentOS
$ sudo yum install mod_security
$ sudo /etc/init.d/httpd restart
https://modsecurity.org/download.html
NGINX 설치
RHEL/CentOS
Install the prerequisites:
sudo yum install yum-utils
To set up the yum repository, create the file named /etc/yum.repos.d/nginx.repo with the following contents:
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
By default, the repository for stable nginx packages is used. If you would like to use mainline nginx packages, run the following command:
sudo yum-config-manager --enable nginx-mainline
To install nginx, run the following command:
sudo yum install nginx
When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.
$ yum groupinstall -y “Development Tools”
$ yum install -y http httpd-devel pure pure-devel libxml2 libxml2-devel curl curl-devel openssl openssl-devel pcre-devel
libmodsecurity 다운받고 컴파일
1. Clone GitHub repository
$ git clone –depth 1 -b v3/master –single-branch https://github.com/SpiderLabs/ModSecurity
2. CentOS 6.x 만 아래 단계 시행 (소스코드 컴파일 단계에서 macro `AM_PROG_AR’ not found in library 오류 방지)
$ wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/monkeyiq:/centos6updates/CentOS_CentOS-6/noarch/automake-1.13.4-3.2.noarch.rpm
$ wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/monkeyiq:/centos6updates/CentOS_CentOS-6/noarch/autoconf-2.69-12.2.noarch.rpm
$ yum install -y autoconf-*.noarch.rpm automake-*.noarch.rpm
3. $ gcc –version 결과가 4.8.5 이상이 아니면
$ yum install -y centos-release-scl && yum install -y devtoolset-3-toolchain
$ source /opt/rh/devtoolset-3/enable
4. 소스코드 컴파일
$ cd ModSecurity
$ git submodule init && git submodule update && ./build.sh && ./configure && make && make install
Nginx connector 다운받고 컴파일
1. Clone GitHub repository
$ git clone –depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
2. Nginx 버젼 측정
$ nginx -v
nginx version: nginx/1.19.6
3. 버젼에 맞는 Nginx 소스코드 다운로드
$ wget http://nginx.org/download/nginx-1.19.6.tar.gz
$ tar xvzf nginx-1.19.6.tar.gz
4. 동적 모듈 컴파일하고 Nginx 디렉토리에 복사
$ cd nginx-1.19.6
$ ./configure –with-compat –add-dynamic-module=../ModSecurity-nginx
$ make modules
$ cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
Nginx 동적 모듈 로드
1. /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
load_module “modules/ngx_http_modsecurity_module.so”;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
2. ModSecurity 설정
1. 추천 설정 다운로드
$ mkdir /etc/nginx/modsec
$ wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/master/modsecurity.conf-recommended
$ mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
2. “detection only” 모드에서 actively dropping traffic 로 변경
$ sed -i ‘s/SecRuleEngine DetectionOnly/SecRuleEngine On/’ /etc/nginx/modsec/modsecurity.conf
3. SecRequestBodyInMemoryLimit 줄 제거
3. 테스트 rule 만들기
1. $ vi /etc/nginx/modsec/main.conf
# Edit to set SecRuleEngine On
Include “/etc/nginx/modsec/modsecurity.conf”
# Basic test rule
SecRule ARGS:testparam “@contains test” “id:1234,deny,status:403”
4. 최종 Nginx 설정
1. Nginx 사이트 설정에서 ModSecurity 활성
server {
# …
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
}
2. nginx 재로드
$ nginx -t && nginx -s reload
3. 로그 확인
tail -f /var/log/modsec_audit.log
5. 테스트 해보기
1. 403 보기 위해서 다음의 curl 명령
$ curl localhost?testparam=test
<h1>403 forbidden</h1>
2. XSS 테스팅
$ curl localhost/?param=”><script>alert(1);</script>
$ grep error /var/log/nginx/error.log
2017/02/15 14:07:54 [error] ModSecurity: Warning. detected XSS using libinjection.
ModSecurity: Audit 활성하고 Debug 로깅
1. Nginx 사이트 “ModSecurity: Logging and Debugging” 문서
Deploy the OWASP Core Ruleset (CRS)
1. Nginx 사이트 “Enabling the OWASP CRS” 문서