Red Hat/CentOS安装mod_security Apache入侵检测和防御引擎
时间:2020-01-09 10:43:23 来源:igfitidea点击:
如何在CentOS/RHEL/Red Hat Enterprise Linux 5.x服务器下为Web应用程序安装ModSecurity开源入侵检测和防御引擎?
ModSecurity嵌入Web服务器(httpd)中运行,充当保护Web应用程序免受攻击的强大保护伞。
为了使用mod_security,您需要在CentOS/RHEL Linux下打开EPEL仓库。
打开存储库后,执行以下命令以安装ModSecurity:
# yum install mod_security
输出示例:
Loaded plugins: downloadonly, fastestmirror, priorities, protectbase Loading mirror speeds from cached hostfile * epel: www.gtlib.gatech.edu * base: mirror.skiplink.com * updates: centos.aol.com * addons: mirror.cs.vt.edu * extras: mirror.trouble-free.net 0 packages excluded due to repository protections Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package mod_security.x86_64 0:2.5.9-1.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================== Installing: mod_security x86_64 2.5.9-1.el5 epel 935 k Transaction Summary ============================================================================================================================================================== Install 1 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 935 k Is this ok [y/N]: y Downloading Packages: mod_security-2.5.9-1.el5.x86_64.rpm | 935 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : mod_security [1/1] Installed: mod_security.x86_64 0:2.5.9-1.el5 Complete!
mod_security配置文件
- mod_security Apache模块的
/etc/httpd/conf.d/mod_security.conf主要配置文件。 - /mod/httpd/modsecurity.d/所有其他用于mod_security Apache的配置文件。
/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf在部署之前,应针对您的特定要求自定义此文件中包含的配置。- /var/log/httpd/modsec_debug.log使用调试消息来调试mod_security规则和其他问题。
/var/log/httpd/modsec_audit.log记录所有触发ModSecurity事件(检测到)或者严重错误的请求(RelevantOnly)。
打开/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf文件,执行:
# vi /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
确保将SecRuleEngine设置为On,以保护Web服务器免受攻击:
SecRuleEngine On
根据您的要求打开其他必需的选项和策略。
最后,重启httpd:
# service httpd restart
确保一切正常:
# tail -f /var/log/httpd/error_log
输出示例:
[Sat Jan 09 23:18:31 2009] [notice] caught SIGTERM, shutting down [Sat Jan 09 23:18:33 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Jan 09 23:18:34 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured. [Sat Jan 09 23:18:34 2009] [notice] Original server signature: Apache/2.2.3 (CentOS) [Sat Jan 09 23:18:34 2009] [notice] Digest: generating secret for digest authentication ... [Sat Jan 09 23:18:34 2009] [notice] Digest: done [Sat Jan 09 23:18:35 2009] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations
请参阅mod_security文档以了解安全策略。
