当前位置:网站首页>Fedora 36 dnf 安装ModSecurity和 OWASP 核心规则集
Fedora 36 dnf 安装ModSecurity和 OWASP 核心规则集
2022-08-09 23:58:00 【allway2】
dnf install httpd
dnf install mod_security
dnf install mod_security_crs
systemctl enable httpd
systemctl start httpd
more /etc/httpd/conf.d/mod_security.conf
测试:
more /var/log/httpd/modsec_audit.log
--64aa8f03-H--
Message: Warning. Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "192.168.50.131"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"]
Message: Warning. Matched phrase "bin/bash" at ARGS:exec. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "500"] [id "932160"] [msg "Remote Command Execution: Unix Shell Code Found"] [data "Matched Data: bin/bash found within ARGS:exec: /bin/bash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"]
Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"]
Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/RESPONSE-980-CORRELATION.conf"] [line "91"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.168.50.1] ModSecurity: Warning. Pattern match "^[\\\\\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "192.168.50.131"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "192.168.50.131"] [uri "/index.html"] [unique_id "YvJa-GThw6cKMirYI40waQAAAMQ"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.168.50.1] ModSecurity: Warning. Matched phrase "bin/bash" at ARGS:exec. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "500"] [id "932160"] [msg "Remote Command Execution: Unix Shell Code Found"] [data "Matched Data: bin/bash found within ARGS:exec: /bin/bash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/88"] [tag "PCI/6.5.2"] [hostname "192.168.50.131"] [uri "/index.html"] [unique_id "YvJa-GThw6cKMirYI40waQAAAMQ"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.168.50.1] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "192.168.50.131"] [uri "/index.html"] [unique_id "YvJa-GThw6cKMirYI40waQAAAMQ"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 192.168.50.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/RESPONSE-980-CORRELATION.conf"] [line "91"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"] [hostname "192.168.50.131"] [uri "/index.html"] [unique_id "YvJa-GThw6cKMirYI40waQAAAMQ"]
Action: Intercepted (phase 2)
Stopwatch: 1660050168524288 8313 (- - -)
Stopwatch2: 1660050168524288 8313; combined=3896, p1=1951, p2=1729, p3=0, p4=0, p5=216, sr=533, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.4 (http://www.modsecurity.org/); OWASP_CRS/3.3.0.
Server: Apache/2.4.54 (Fedora Linux)
Engine-Mode: "ENABLED"
--64aa8f03-Z--
dnf install php
cd /var/www/html/
vi index.php
<?php
phpinfo();
systemctl restart httpd
边栏推荐
- [C language] Address book "Static Memory Version"
- [obs] obsqsv11 hard coding and comparison with metartc codec
- 《痞子衡嵌入式半月刊》 第 60 期
- Are the numbers entered symmetrical?
- R语言使用glm函数构建logistic回归模型,使用forestmodel包的forest_model函数可视化逻辑回归模型对应的森林图
- 【毕业设计】基于ESP32的在线墨水屏桌面摆件 -物联网 单片机 嵌入式
- 365天挑战LeetCode1000题——Day 052 逐步求和得到正数的最小值 贪心
- Next.js获取路由参数及styled-jsx 的使用
- Xi'an biotin-tetrapolyethylene glycol-amide-4phenol light yellow semi-solid
- 字节技术面都过了,薪资都谈好了20K*13结果还是被刷了,问HR原因是。。。
猜你喜欢
WPF DataGrid using data templates
阿雷的血压有些低
2022中高级Android面试题汇总来助你通过面试
What should I do if there is no sound after reinstalling the system in win10?
服装店管理系统如何推送活动?
labelme标注的json标签转txt格式
C language structure, function and pointer exercise (simple address book)
JVM Memory and Garbage Collection - 10. Direct Memory
温度响应性纳米水凝胶光子品体/纤维素修饰荧光水凝胶/载脂质体水凝胶的制备方法
算法---整数替换(Kotlin)
随机推荐
知行合一的时候
Biotin-Cy2 Conjugate, Biotin-Cy2 Conjugate_Cy2 Biotin Conjugate
宝塔实测-搭建LightPicture开源图床系统
CAS:183896-00-6 (Biotin-PEG3-C3-NH2) PEG衍生物
3.4 - 编译与解释 3.5 - 编译过程 3.8 - 文法
Stanford CS143 速通PA1教程
R语言使用glm函数构建logistic回归模型,使用forestmodel包的forest_model函数可视化逻辑回归模型对应的森林图
Penetration Testing and Offensive and Defense Confrontation - Vulnerability Scanning & Logic Vulnerability (Part1)
20220808-一些想法
dlopen failed: library “libtaml.so“ not found
c语言文件基本操作总结
移动终端数据业务高安全通信方案研究
Mysql数据库 ALTER 基本操作
-red and black-
CVPR22 Oral|通过多尺度token聚合分流自注意力,代码已开源
《MySQL入门很轻松》第4章:数据表中存放的数据类型
03|流程控制
基于SSM实现手机销售商城系统
Prometeus 2.31.0 新特性
Are the numbers entered symmetrical?