サイト管理者
なみかわみやこ
[サーバー構築したくなったらここ]
以前のリビジョンの文書です
mod_securityは、いわゆるWAF(Web Application Firewall)の事
apacheのモジュールとして動作するので、CentOS 6やScientific Linux 6はEPELのリポジトリからインストールが出来る
yum -y install mod_security
これだけだとセキュリティルールはインストールされないので以下もインストール
yum -y install mod_security_crs
設定ファイルは
/etc/httpd/conf.d/mod_security.conf
で作成作成されます
ルールファイルは
/etc/httpd/modsecurity.d/
に保存されます。
設定を反映させるには必ずApacheを再起動してやる必要があるので注意
service httpd restart
初期検出項目
- modsecurity_crs_20_protocol_violations.conf
Invalid HTTP Request Line HTTP Request Smuggling Attack Request Body Parsing Failed Content-Length HTTP header is not numeric GET or HEAD requests with bodies POST request must have a Content-Length header ModSecurity does not support transfer encodings URL Encoding Abuse Attack Attempt Unicode Full/Half Width Abuse Attack Attempt Proxy access attempt Invalid character in request
- modsecurity_crs_21_protocol_anomalies.conf
Request Missing a Host Header Request Missing an Accept Header Request Missing a User Agent Header Request Containing Content, but Missing Content-Type header Host header is a numeric IP address Invalid request modsecurity_crs_23_request_limits.conf
Too many arguments in request modsecurity_crs_30_http_policy.conf
Method is not allowed by policy Request content type is not allowed by policy HTTP protocol version is not allowed by policy URL file extension is restricted by policy HTTP header is restricted by policy ModSecurity does not support content encodings
- modsecurity_crs_35_bad_robots.conf
Request Indicates a Security Scanner Scanned the Site Rogue web site crawler Request Indicates an automated program explored the site
- modsecurity_crs_40_generic_attacks.conf
Session Fixation Blind SQL Injection Attack SQL Injection Attack Cross-site Scripting (XSS) Attack Remote File Access Attempt System Command Access System Command Injection Injection of Undocumented ColdFusion Tags LDAP Injection Attack SSI injection Attack PHP Injection Attack Persistent Universal PDF XSS attack Email Injection Attack HTTP Response Splitting Attack
- modsecurity_crs_45_trojans.conf
Backdoor access
- modsecurity_crs_50_outbound.conf
Statistics Information Leakage SQL Information Leakage IIS Information Leakage Zope Information Leakage Cold Fusion Information Leakage PHP Information Leakage ISA server existence revealed Microsoft Office document properties leakage Directory Listing ASP/JSP source code leakage PHP source code leakage Cold Fusion source code leakage IIS installed in default location The application is not available WebLogic information disclosure File or Directory Names Leakage
|
|
- Media Kiss Lab -