Thread: Re: [mod-security-users] Preventing perl script execution using mod_security howto ??
Brought to you by:
victorhora,
zimmerletw
From: BipinDas <bip...@di...> - 2007-05-31 08:43:28
|
BipinDas wrote: > Dear list, > I had implemented mod_security. Working fine. I would like to > know,whether it is possible to execute perl script in /tmp directory. > If yes,can anybody tell me how can I do it. Which rule should I write > for this. >Not sure what you want here. Your subject asks how to prevent perl >script execution, but then the body asks how to execute in /tmp. >Generally perl scripts would not be executable from /tmp based on your >Apache config. >Perhaps you are attempting to prevent uploading a perl script to /tmp? >Take a look at the @inspectFile operator with example in the docs. Dear Brian I meant to prevent executing perl scripts in /tmp /var/tmp /dev/shm directories. These directories was mounted non-executable in /etc/fstab. Now we could not execute scripts like this way $./test.pl or $./test.sh. But anybody can execute/compile like this way $perl test.pl $sh test.sh. I would like to know whether mod_security is capable to prevent these type of execution or compilation. Please help -- |
From: BipinDas <bip...@di...> - 2007-06-04 11:15:36
|
Ryan Barnett wrote: > > Are you concerned with people attempting to compile/execute scripts > through your web server or locally at a command prompt? If the issue > is the former, then you may want to look at implementing some rules > that use SCRIPT_UID or SCRIPT_USERNAME to verify the owner of a script > before it executes it - > http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/modsecurity2-apache-reference.html#N10C66 > > > > Here is an example rule -- > > > > SecRule **SCRIPT_USERNAME **"!^apache$" > > > > In this case, ModSecurity would only allow a script to execute if the > owner of the script was the "apache" user. So, in your scenario, > "apache" would not be the owner of perl or sh so this should prevent > execution. You would need to test this with your exact scenario > however to see if it works as expected. > > > > One important note about these variables -- they are only available > when Mod is running in embedded mode. > > > > -- > */Ryan C. Barnett > /*ModSecurity Community Manager > > Breach Security: Director of Application Security Training > Web Application Security Consortium (WASC) Member > CIS Apache Benchmark Project Lead > SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > > Author: Preventing Web Attacks with Apache > > > > > > ------------------------------------------------------------------------ > > *From:* mod...@li... > [mailto:mod...@li...] *On Behalf > Of *BipinDas > *Sent:* Thursday, May 31, 2007 4:43 AM > *To:* mod...@li... > *Subject:* Re: [mod-security-users] Preventing perl script execution > usingmod_security howto ?? > > > > BipinDas wrote: > > Dear list, > > I had implemented mod_security. Working fine. I would like to > > know,whether it is possible to execute perl script in /tmp directory. > > If yes,can anybody tell me how can I do it. Which rule should I write > > for this. > > >Not sure what you want here. Your subject asks how to prevent perl > >script execution, but then the body asks how to execute in /tmp. > > >Generally perl scripts would not be executable from /tmp based on your > >Apache config. > > >Perhaps you are attempting to prevent uploading a perl script to /tmp? > >Take a look at the @inspectFile operator with example in the docs. > > Dear Brian > I meant to prevent executing perl scripts in /tmp /var/tmp /dev/shm > directories. These directories was mounted non-executable in /etc/fstab. > Now we could not execute scripts like this way $./test.pl or $./test.sh. > But anybody can execute/compile like this way $perl test.pl $sh > test.sh. I would like to know whether mod_security is capable to prevent > these type of execution or compilation. > > Please help > > -- > > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.472 / Virus Database: 269.8.7/830 - Release Date: 6/3/2007 12:47 PM > Dear Ryan, My actual requirement is preventing execution of perl,bash script locally at the command prompt. Whether this should be prevented using mod_security. I am using mod_security-1.9. and apache 1.3. Whether SecRule is working with this version? Please advice -- |