RHEL / CentOS 安裝 mod_security

[yehlu]

https://www.phpini.com/apache/rhel-cent ... d_security

代碼: 選擇全部

yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git
wget https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz
tar xzf modsecurity-apache_2.9.2.tar.gz
cd modsecurity-apache_2.9.2
./configure
make install
cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
cp unicode.mapping /etc/httpd/conf.d/ 
cd /etc/httpd
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv owasp-modsecurity-crs modsecurity-crs
cd modsecurity-crs
cp crs-setup.conf.example modsecurity_crs_10_config.conf

/etc/httpd/conf/httpd.conf

代碼: 選擇全部

LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
#    Include conf.d/modsecurity.conf
</IfModule>
 
Include modsecurity-crs/modsecurity_crs_10_config.conf
Include modsecurity-crs/base_rules/*.conf

[yehlu]

ModSecurity requires mod_unique_id to be installed.

安装ModSecurity后，试验网站后。

查看日志

tail -f /var/log/httpd/error_log



出现如下报错：

Wed Mar 15 16:44:24 2017] [error] ModSecurity: ModSecurity requires mod_unique_id to be installed.
[Wed Mar 15 16:44:24 2017] [error] [client 172.26.18.108] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /usr/local/centreon/www/class/centreonGMT.class.php on line 141, referer: http://172.27.206.7/centreon/main.php?p ... 0and%201=1
[Wed Mar 15 16:44:24 2017] [error] ModSecurity: ModSecurity requires mod_unique_id to be installed.

经过试验，

cp /usr/local/src/modsecurity-2.9.1/unicode.mapping /etc/httpd/conf/

需要修改配置文件：

vi httpd.conf



#LoadModule unique_id_module modules/mod_unique_id.so 去掉注解



然后重启appach

service httpd reload

service httpd restart

查看日志

tail -f /var/log/httpd/error_log


[Thu Mar 16 10:40:37 2017] [error] [client 172.26.18.108] ModSecurity: collection_retrieve_ex: Unable to retrieve collection (name "ip", key "172.26.18.108_cd85a82133a70fed9906fed8b8960aec0bf92efa"). Use SecDataDir to define data directory first. [hostname "172.27.206.7"] [uri "/centreon/include/common/javascript/autologoutXMLresponse.php"] [unique_id "WMn7JawbzgcAAD9nEXIAAAAH"]
[Thu Mar 16 10:40:37 2017] [error] [client 172.26.18.108] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "172.27.206.7"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "172.27.206.7"] [uri "/centreon/include/common/javascript/autologoutXMLresponse.php"] [unique_id "WMn7JawbzgcAAD9nEXIAAAAH"]
[Thu Mar 16 10:40:37 2017] [error] [client 172.26.18.108] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /usr/local/centreon/www/class/centreonGMT.class.php on line 141, referer: http://172.27.206.7/centreon/main.php?p=60801



问题解决，规则已经生效了。

[yehlu]

vi /etc/hosts

代碼: 選擇全部

127.0.0.1 vmsrvr02.local.domain