• Fedora 36 dnf 安装ModSecurity和 OWASP 核心规则集

    dnf install httpd

    dnf install mod_security

    dnf install mod_security_crs

    systemctl enable httpd

    systemctl start httpd

     more /etc/httpd/conf.d/mod_security.conf

    测试:

     more /var/log/httpd/modsec_audit.log

    1. --64aa8f03-H--
    2. Message: Warning. Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "192.168.50.131"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"]
    3. Message: Warning. Matched phrase "bin/bash" at ARGS:exec. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "500"] [id "932160"] [msg "Remote Command Execution: Unix Shell Code Found"] [data "Matched Data: bin/bash found within ARGS:exec: /bin/bash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"]
    4. Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"]
    5. Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/RESPONSE-980-CORRELATION.conf"] [line "91"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"]
    6. Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.168.50.1] ModSecurity: Warning. Pattern match "^[\\\\\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "192.168.50.131"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "192.168.50.131"] [uri "/index.html"] [unique_id "YvJa-GThw6cKMirYI40waQAAAMQ"]
    7. Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.168.50.1] ModSecurity: Warning. Matched phrase "bin/bash" at ARGS:exec. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "500"] [id "932160"] [msg "Remote Command Execution: Unix Shell Code Found"] [data "Matched Data: bin/bash found within ARGS:exec: /bin/bash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "192.168.50.131"] [uri "/index.html"] [unique_id "YvJa-GThw6cKMirYI40waQAAAMQ"]
    8. Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.168.50.1] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "192.168.50.131"] [uri "/index.html"] [unique_id "YvJa-GThw6cKMirYI40waQAAAMQ"]
    9. Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.168.50.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/RESPONSE-980-CORRELATION.conf"] [line "91"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"] [hostname "192.168.50.131"] [uri "/index.html"] [unique_id "YvJa-GThw6cKMirYI40waQAAAMQ"]
    10. Action: Intercepted (phase 2)
    11. Stopwatch: 1660050168524288 8313 (- - -)
    12. Stopwatch2: 1660050168524288 8313; combined=3896, p1=1951, p2=1729, p3=0, p4=0, p5=216, sr=533, sw=0, l=0, gc=0
    13. Response-Body-Transformed: Dechunked
    14. Producer: ModSecurity for Apache/2.9.4 (http://www.modsecurity.org/); OWASP_CRS/3.3.0.
    15. Server: Apache/2.4.54 (Fedora Linux)
    16. Engine-Mode: "ENABLED"
    17.  
    18. --64aa8f03-Z--

    dnf install php

    cd /var/www/html/

    vi index.php

    1.    
    2.  
    3.  phpinfo();

    systemctl restart httpd

     

     

  • 相关阅读:
    【网络编程】C++实现网络通信服务器程序||计算机网络课设||Linux系统编程||TCP协议(附源码)
    Golang 结构化日志包 log/slog 详解(四):分组、上下文和属性值类型
    小满网络模型&http1-http2 &浏览器缓存
    数据结构(十三)树
    解决数据重复插入问题(sql与锁方法)
    【无标题】
    第三次工业革命(六)
    程序员的不知道的代码
    数字孪生:降低现代船舶水声设备研制风险与成本的关键要素
    TIA博途中通过数组实现批量处理模拟量的梯形图程序示例
  • 原文地址:https://blog.csdn.net/allway2/article/details/126255403