Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
ModSecurity         @n0ts    Naoya Nakazawa    study2study #3       27/04/2011
Naoya Nakazawa@n0tshttp://www.sssg.org/blogs/naoya/ - Carpe Diem
NO    SOURCE CODE※     @smellman
ModSecurity
Open Source WebApplication Firewall
4 Projects
ModSecurity for Apache Apache          Apache
ModSecurity Core   Rule Set CRS
ModProfilerModSecurity
OverviewHTTP
!!!
# yum info mod_security Available Packages Name          : mod_security Arch        : x86_64 Version     : 2.5.12 Release ...
/etc/httpd/modsecurity.d|-- base_rules ... 28 files|-- modsecurity_crs_10_config.conf|-- modsecurity_localrules.conf`-- opti...
...
modsecurity_crs_10_config.conf    ModSecuriry
SecComponentSignature "core ruleset/2.0.5"    ModSecurity
SecAction "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}"                    1      3         ...
Phase:1Phase:2Phase:3Phase:4Phase:5
SecAction "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}"      t:none      pass      nolog    ...
SecAction "phase:1,t:none,nolog,pass,setvar:tx.paranoid_mode=0"SecAction "phase:1,t:none,nolog,pass,setvar:tx.inbound_anom...
SecDefaultAction "phase:2,pass"              phase:2 pass
SecRuleEngine OnOn      ModSecurity
modsecurity_localrules.conf
/base_rulesstudy2study
SecAuditEngine OnSecAuditLog OnSecAuditLog logs/mod_security_audit.log
Apache
END
http://sourceforge.net/apps/mediawiki/mod-security/index.php
mod_security introduction at study2study #3
mod_security introduction at study2study #3
mod_security introduction at study2study #3
Nächste SlideShare
Wird geladen in …5
×

mod_security introduction at study2study #3

4.735 Aufrufe

Veröffentlicht am

study2study

Veröffentlicht in: Technologie
  • DOWNLOAD FULL. BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

mod_security introduction at study2study #3

  1. 1. ModSecurity @n0ts Naoya Nakazawa study2study #3 27/04/2011
  2. 2. Naoya Nakazawa@n0tshttp://www.sssg.org/blogs/naoya/ - Carpe Diem
  3. 3. NO SOURCE CODE※ @smellman
  4. 4. ModSecurity
  5. 5. Open Source WebApplication Firewall
  6. 6. 4 Projects
  7. 7. ModSecurity for Apache Apache Apache
  8. 8. ModSecurity Core Rule Set CRS
  9. 9. ModProfilerModSecurity
  10. 10. OverviewHTTP
  11. 11. !!!
  12. 12. # yum info mod_security Available Packages Name : mod_security Arch : x86_64 Version : 2.5.12 Release : 1.el5 Size : 1.0 M Repo : epel Summary : Security module for the Apache HTTP Server URL : http:/ /www.modsecurity.org/ License : GPLv2 Description: ModSecurity is an open source intrusion detection and prevention : engine for web applications. It operates embedded into the web : server, acting as a powerful umbrella - shielding web applications : from attacks.
  13. 13. /etc/httpd/modsecurity.d|-- base_rules ... 28 files|-- modsecurity_crs_10_config.conf|-- modsecurity_localrules.conf`-- optional_rules ... 9files
  14. 14. ...
  15. 15. modsecurity_crs_10_config.conf ModSecuriry
  16. 16. SecComponentSignature "core ruleset/2.0.5" ModSecurity
  17. 17. SecAction "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}" 1 3 SecRule SecAction action1,action2,action3... phase1
  18. 18. Phase:1Phase:2Phase:3Phase:4Phase:5
  19. 19. SecAction "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}" t:none pass nolog initcol:global=global global initcol:ip=%{remote_addr} ip %{remote_addr} IP
  20. 20. SecAction "phase:1,t:none,nolog,pass,setvar:tx.paranoid_mode=0"SecAction "phase:1,t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=20"SecAction "phase:1,t:none,nolog,pass,setvar:tx.outbound_anomaly_score_level=15"SecAction "phase:1,t:none,nolog,pass, setvar:tx.critical_anomaly_score=20, setvar:tx.error_anomaly_score=15, setvar:tx.warning_anomaly_score=10, setvar:tx.notice_anomaly_score=5"SecAction "phase:1,t:none,nolog,pass,setvar:tx.max_num_args=255"SecAction "phase:1,t:none,nolog,pass, setvar:tx.allowed_methods=GET HEAD POST OPTIONS, setvar:tx.allowed_request_content_type=application/x-www-form-urlencoded multipart/form-datatext/xml application/xml, setvar:tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1, setvar:tx.restricted_extensions=.asa .asax .ascx .axd .backup .bak .bat .cdx .cer .cfg .cmd .com.config .conf .cs .csproj .csr .dat .db .dbf .dll .dos .htr .htw .ida .idc .idq .inc .ini .key .licx .lnk .log.mdb .old .pass .pdb .pol .printer .pwd .resources .resx .sql .sys .vb .vbs .vbproj .vsdisco .webinfo .xsd.xsx, setvar:tx.restricted_headers=Proxy-Connection Lock-Token Content-Range Translate via if"
  21. 21. SecDefaultAction "phase:2,pass" phase:2 pass
  22. 22. SecRuleEngine OnOn ModSecurity
  23. 23. modsecurity_localrules.conf
  24. 24. /base_rulesstudy2study
  25. 25. SecAuditEngine OnSecAuditLog OnSecAuditLog logs/mod_security_audit.log
  26. 26. Apache
  27. 27. END
  28. 28. http://sourceforge.net/apps/mediawiki/mod-security/index.php

×