1.Installing Apache,PHP
按 ctrl+alt+T to 打开 terminal
输入下面命令
sudo apt-get update
sudo apt-get install apache2
sudo apt-get install php5
sudo /etc/init.d/apache2 restart
2.Installing Mod Security on Apache
安装依赖包的命令
sudo apt-get install libxml2 libxml2-devlibxml2-utils
sudo apt-get install libaprutil1libaprutil1-dev
64位Ubuntu运行下面命令
sudo ln -s/usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2
install mod security的命令
sudo apt-get install libapache-mod-security
3.Configuring ModSecurity Rules
sudo mv/etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
开始配置
sudo gedit/etc/modsecurity/modsecurity.conf
查找SecRuleEngine
将SecRuleEngine 设为 On .
SecRuleEngine On
4.Install the latest OWASP Rule Set
cd /tmp
sudo wget https://github.com/root25/MODSEC/raw/master/modsecurity-crs_2.2.5.tar.gz
sudo tar -zxvf modsecurity-crs_2.2.5.tar.gz
sudo cp -R modsecurity-crs_2.2.5/* /usr/share/modsecurity-crs/
sudo rm modsecurity-crs_2.2.5.tar.gz
sudo rm -R modsecurity-crs_2.2.5
sudo mv /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf.example /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf
将规则集加入活跃规则集
cd /usr/share/modsecurity-crs/base_rules
for f in * ; do sudo ln -s /usr/share/modsecurity-crs/base_rules/$f/usr/share/modsecurity-crs/activated_rules/$f ; done
cd /usr/share/modsecurity-crs/optional_rules
for f in * ; do sudo ln -s /usr/share/modsecurity-crs/optional_rules/$f/usr/share/modsecurity-crs/activated_rules/$f ; done
将它加入apache mods:
sudo gedit /etc/apache2/mods-available/security2.conf
在 </IfModule> 加入,保存退出
Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
IncludeOptional /etc/modsecurity/*.conf
#IncludeOptional/usr/share/modsecurity-crs/*.conf
#IncludeOptional/usr/share/modsecurity-crs/activated_rules/*.conf
使用headers module:
sudo a2enmod headers
5.Final
测试mod_decurity是否正常使用
sudo a2enmod mod-security
重启spache2
sudo /etc/init.d/apache2 restart
6.testing
访问URL:http://192.168.123.137:8080/?id=23' or '1'='1
7.Checking the Log
检测mod_security log
cd /var/log/apache2/
sudo less modsec_audit.log