Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
|
From: Jason L. <hac...@ya...> - 2021-03-02 09:14:18
|
Hi Ervin,Thank you so much for your reply.I read "https://github.com/coreruleset/coreruleset/blob/v3.4/dev/INSTALL" and I have other questions: 1- At "https://github.com/coreruleset/coreruleset/blob/v3.4/dev/INSTALL" I read "Download our release from https://coreruleset.org/installation/ and unpack it into a new owasp-modsecurity-crs folder". Thus, I must create a "owasp-modsecurity-crs" directory in the "/etc/httpd/modsecurity.d/" directory? 2- In the "httpd.conf" file, you can add some configuration lines and as "https://github.com/coreruleset/coreruleset/blob/v3.4/dev/INSTALL" said, it is : <IfModule security2_module> Include modsecurity.d/owasp-modsecurity-crs/crs-setup.conf Include modsecurity.d/owasp-modsecurity-crs/rules/*.conf </IfModule> But, it just for Debian? The "httpd.conf/apache2.conf" file is for Debian. How about CentOS? Should I add above lines to "/etc/httpd/conf/httpd.conf" file? 3- You said "Also I think local_rules contains the whole rule set", but in the "local_rules" directory, I just have one "modsecurity_localrules.conf" with below contents: # User defined rules and settings .## You can use this file/directory to drop your local rules or# to remove some rules provided by mod_security_crs package with SecRuleRemoveById## You can also disable mod_security for some incompatible web applications (eg. phpMyAdmin).## Is it normal? On Monday, March 1, 2021, 12:55:51 PM GMT+3:30, Ervin Hegedüs <ai...@gm...> wrote: hi Jason, On Sat, Feb 27, 2021 at 09:52:58AM +0000, Jason Long wrote: > Hi Ervin,Thank you so much for your help.My problem was that I forgot to install "mod_security_crs" package. After it, I have a "modsecurity.d" directory in the "/etc/httpd" directory.I changed "SecRuleEngine DetectionOnly" to "SecRuleEngine On" and restarted my Apache. I have some questions: > 1- In the "modsecurity.d" directory, I have below directories: > activated_rules crs-setup.conf local_rules > > Which directory is OK for the OWASP ModSecurity Rules? I assume that crs-setup.conf is a regular file, not a directory. Also I think local_rules contains the whole rule set, activated_rules contains symlinks to rule files to local_rules. You have to decide, what rules you need. crs-setup.conf is a configuration file for CRS - you can set up the CRS variables, eg. paranoia level, and many other things. Please check this file: https://github.com/coreruleset/coreruleset/blob/v3.4/dev/INSTALL > 2- Any header must be enabled in the "httpd.conf" file? Sorry, what do you mean exactly? Which header? I don't know CentOS, but I assume in httpd.conf you have to enable the security module. > 3- I scanned my website with "Sucuri Security", but it can't detect any Website Firewall. Why? I have no idea - may be you should ask Sucuri... (Note, I also checked one of my server, which *RUNS* ModSecurity, and I got same result...) > 4- Why ModSecurity does not allow uploading files to the website? Which log file must be examined? you should check the Apache's error.log, and if the audit.log is enabled that file too. a. |
