Güvenlik » Güvenlik Makaleler

mod_security kurulumu

http://forum.whmdestek.com/

Go Back   WHM/cPanel Support Platform » Türkçe » Site, Sunucu Sorunlarınız ve Çözümleri » Güvenlik » Güvenlik Makaleler
Reload this Page mod_security kurulumu
 


Reply
Page 5 of 6 « First < 34 5 6 >
 
LinkBack (3) Thread Tools Display Modes
  #41  
Old 01.05.08, 18:56
Sempron
  
Join Date: Mar 2008
Posts: 44
Rep Power: 0
whmci is on a distinguished road
Code:
####################################
# FRONTPAGE
####################################

SecFilter "_vti_bin" allow
SecFilterSelective THE_REQUEST "/fpsrvadm\.exe" pass
SecFilterSelective THE_REQUEST "/fpremadm\.exe" pass
SecFilterSelective THE_REQUEST "/admisapi/fpadmin\.htm" pass
SecFilterSelective THE_REQUEST "/scripts/Fpadmcgi\.exe" pass
SecFilterSelective THE_REQUEST "/_private/orders\.txt" pass
SecFilterSelective THE_REQUEST "/_private/form_results\.txt" pass
SecFilterSelective THE_REQUEST "/_private/registrations\.htm" pass
SecFilterSelective THE_REQUEST "/cfgwiz\.exe" pass
SecFilterSelective THE_REQUEST "/authors\.pwd" pass
SecFilterSelective THE_REQUEST "/_vti_bin/_vti_aut/author\.exe" pass
SecFilterSelective THE_REQUEST "/administrators\.pwd" pass
SecFilterSelective THE_REQUEST "/_private/form_results\.htm" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/access\.cnf" pass
SecFilterSelective THE_REQUEST "/_private/register\.txt" pass
SecFilterSelective THE_REQUEST "/_private/registrations\.txt" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/service\.cnf" pass
SecFilterSelective THE_REQUEST "/service\.pwd" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/service\.stp" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/services\.cnf" pass
SecFilterSelective THE_REQUEST "/_vti_bin/shtml\.exe" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/svcacl\.cnf" pass
SecFilterSelective THE_REQUEST "/users\.pwd" pass
SecFilterSelective THE_REQUEST "/_vti_pvt/writeto\.cnf" pass
SecFilterSelective THE_REQUEST "/dvwssr\.dll" pass
SecFilterSelective THE_REQUEST "/_private/register\.htm" pass
SecFilterSelective THE_REQUEST "/_vti_bin/" pass
SecFilterSelective THE_REQUEST "/_vti_bin/vti_aut/author.exe" pass
SecFilterSelective THE_REQUEST "/_vti_bin/vti_aut/" pass


####################################
# WEB ATTACKS
####################################

# DISABLED - blocking many legit requests
# SecFilterSelective ARGS "bin/"
# SecFilter "\;id"
# SecFilter "tftp\x20"
# SecFilter "cc\x20"
# SecFilter "python\x20"
# SecFilter "nc\x20"
# SecFilter "rm\x20"

SecFilter "wget\x20"
SecFilter "uname\x20-a"
SecFilter "g\+\+\x20"
SecFilter "gcc\x20-o"
SecFilter "nmap\x20"
SecFilter "/etc/shadow"
SecFilter "/etc/passwd"

SecFilterSelective THE_REQUEST "/bin/ps"
SecFilterSelective THE_REQUEST "/usr/bin/id"
SecFilterSelective THE_REQUEST "/bin/kill"
SecFilterSelective THE_REQUEST "/usr/bin/gcc"
SecFilterSelective THE_REQUEST "/usr/bin/cc"
SecFilterSelective THE_REQUEST "/usr/bin/g\+\+"
SecFilterSelective THE_REQUEST "/bin/ping"
SecFilterSelective THE_REQUEST "/bin/mail"
SecFilterSelective THE_REQUEST "/bin/ls"

SecFilterSelective THE_REQUEST "lsof\x20" chain
SecFilterSelective !POST_PAYLOAD "lsof\x20"

SecFilterSelective THE_REQUEST "perl\x20" chain
SecFilterSelective !POST_PAYLOAD "perl\x20"

SecFilterSelective POST_PAYLOAD "Bcc:" chain
SecFilter "aol.com"
####################################
# GENERAL BAD STUFF
####################################

# *%0a.pl access
SecFilterSelective THE_REQUEST "/*\x0a\.pl"

# cross site scripting \(img src=javascript\) attempt
SecFilter "img src=javascript"


####################################
# SYSTEM FILE/COMMAND PROTECTION
####################################

SecFilterSelective ARGS "wget "
SecFilterSelective ARGS "lynx "
SecFilterSelective ARGS "curl "
# .bash_history access
SecFilterSelective THE_REQUEST "/\.bash_history"

# Apache Chunked-Encoding worm attempt
SecFilter "CCCCCCC\: AAAAAAAAAAAAAAAAAAA"


####################################
# SYSTEM USER PROTECTION
####################################

# /~nobody access
SecFilterSelective THE_REQUEST "/~nobody"

# /~root access
SecFilterSelective THE_REQUEST "/~root"

# /~ftp access
SecFilterSelective THE_REQUEST "/~ftp"


####################################
# INSTALLED SCRIPT SECURITY
####################################

# squirrel mail theme arbitrary command attempt
SecFilterSelective THE_REQUEST "/left_main\.php" chain
SecFilter "cmdd="
# PHP-Wiki cross site scripting attempt
SecFilterSelective THE_REQUEST "<script"

# PHPLIB remote command attempt
SecFilter "_PHPLIB\[libdir\]"

# formmail ban but allow modified cpanels formmail
SecFilter "/cgi-sys/formmail.cgi" allow
SecFilter "formmail.php$|formmail.php*/$"
SecFilter "formmail.cgi$|formmail.cgi*/$"
SecFilter "formmail.pl$|formmail.pl*/$"

# Galery module of phpnuke very vunerable
SecFilter "/modules/My_eGallery/"

####################################
# PHPBB VULNERABILITY PATCH
####################################
SecFilterSelective QUERY_STRING|POST_PAYLOAD|ARGS "echr\("
SecFilterSelective "THE_REQUEST" "(system|exec|passthru|popen|shell_exec|proc_open|fopen|fwrite)\s*\("

SecFilter "system\(chr\(99\)"
SecFilter "perl\x20"
SecFilter "sh\x20-c"

SecFilterScanPOST On
####################################
# Email Injection Header fix
####################################
SecFilter "bcc:"
SecFilterSelective THE_REQUEST "bcc:|bcc%3A"
#########################
#Iframe
SecFilter "GET\x20http://"
SecFilter "includedir=http"
#########################
Arkadaşlar bu moc_sec ayarları iyi midir??
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #42  
Old 11.05.08, 04:52
Cedric's Avatar
WHM VIP Member
  
Join Date: Mar 2008
Posts: 182
Rep Power: 1
Cedric is on a distinguished road
Arkadaşlar çok güzel bir konu olmuş. Teşekkürler. peki mod_security nasil kaldirilir? Sunucuyu, mode_security hiç kurulmamış haline geri çevirebilir miyiz?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #43  
Old 01.06.08, 06:26
Celeron
  
Join Date: Jun 2007
Location: Turkey
Age: 24
Posts: 99
Rep Power: 2
youdie is on a distinguished road


Main >> Software >> Apache Update kısmına girip , mod securitydeki ticki kaldır ve apache yi tekrar derle.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #44  
Old 24.09.08, 10:03
Celeron
  
Join Date: Jan 2008
Location: Gonya
Posts: 93
Rep Power: 1
aydin is on a distinguished road
Bir soru soracaktım direk root girişindemi dosyayı cekip kuruluma başlıyoruz yoksa

wget ile dosyamizi servera /usr/local/src dizinine cekiyorum ondan sonramı başlamam gerekli :S


Kurulum yaparken panel önemli değil sanırım ? Direct Admin kullanıyorum

root olarak nereye kuracagım konusunda celişki yaşıyorum :S
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #45  
Old 24.09.08, 12:30
Onur's Avatar
SysAdmin
  
Join Date: Jun 2007
Location: Karaman
Age: 20
Posts: 866
Rep Power: 1013
Onur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond repute
Send a message via MSN to Onur
/root dizni altında kurabilirsiniz.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #46  
Old 24.09.08, 19:39
Celeron
  
Join Date: Jan 2008
Location: Gonya
Posts: 93
Rep Power: 1
aydin is on a distinguished road
modsecurity-apache_2.5.6.tar.gz

modsecurity-apache_1.9.5.tar.gz ( bunun destegi bitmiş sanırım )

Hangi sürümü kurmam daha uygun olur anlatım eski oldugu için ve bu konuda yeni oldugum için . kusuruma bakmayın 2.5.6 yıda kurmak aynı şekildemidir ayarları filan ?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #47  
Old 25.09.08, 00:08
Onur's Avatar
SysAdmin
  
Join Date: Jun 2007
Location: Karaman
Age: 20
Posts: 866
Rep Power: 1013
Onur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond repute
Send a message via MSN to Onur
Her zaman güncel sürüm daha iyidir.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #48  
Old 25.09.08, 06:12
Celeron
  
Join Date: Jan 2008
Location: Gonya
Posts: 93
Rep Power: 1
aydin is on a distinguished road
4. aşamada böyle bir sorunla karsılastım :S

[root@aydin apache2]# /etc/httpd/bin/apxs -cia mod_security.c
-bash: /etc/httpd/bin/apxs: No such file or directory

dedigi için which apxs komutu ile apxs nin yolunu buldum ona göre yapmak istedim işlemi ve yine durdum


Quote:
[root@aydin apache2]# which apxs
/usr/sbin/apxs
[root@aydin apache2]# /usr/sbin/apxs -cia mod_security.c
/var/www/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX=2 -D_RE ENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -O2 -pthread -I/usr/local/include -I/usr/include/apache -I/usr/include/apache -I/usr/include/apache -c -o mo d_security.lo mod_security.c && touch mod_security.slo
gcc: mod_security.c: No such file or directory
gcc: no input files
apxs:Error: Command failed with rc=65536
.
Last edited by aydin; 25.09.08 at 06:41.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #49  
Old 25.09.08, 08:19
Onur's Avatar
SysAdmin
  
Join Date: Jun 2007
Location: Karaman
Age: 20
Posts: 866
Rep Power: 1013
Onur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond reputeOnur has a reputation beyond repute
Send a message via MSN to Onur
make
make install

komutlarını deneyebilirmisiniz birde?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #50  
Old 25.09.08, 08:42
Celeron
  
Join Date: Jan 2008
Location: Gonya
Posts: 93
Rep Power: 1
aydin is on a distinguished road
aşagıdaki şekilde bir durum olustu
Apache/2.2.9 (Unix) kurulu sistemde daha makina kurulalı 4-5 gün oluyor bana kaldı bu işler sizinde basınızı cok agrıtıyorum fakat ögrenmek istiyorum ve benden başka kullanan yok





biraz daha araştırıken aşagıdaki konuda kurulumu az daha degişik anlatmışlar

./configure --with-apxs=/path/to/httpd-2.x.y/bin/apxs kısmından birşey anlamadım burada


./configure
make
make install

olarakmı gercekleştirecegim kurulumu ?


http://www.modsecurity.org/documenta...tallation.html


UNIX
  1. Run the configure script to generate a Makefile. Typically no options are needed.
    ./configure
    Options are available for more customization (use ./configure --help for a full list), but typically you will only need to specify the location of the apxs command installed by Apache httpd with the --with-apxs option.
    ./configure --with-apxs=/path/to/httpd-2.x.y/bin/apxs
  2. Compile with: make
  3. Optionally test with: make test
    NOTE: This is step is still a bit experimental. If you have problems, please send the full output and error from the build to the support list. Most common issues are related to not finding the required headers and/or libraries.
  4. Optionally build the ModSecurity Log Collector with: make mlogc
  5. Optionally install mlogc: Review the INSTALL file included in the apache2/mlogc-src directory in the distribution.
  6. Install the ModSecurity module with: make install
Last edited by aydin; 25.09.08 at 08:50.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
Reply
Page 5 of 6 « First < 34 5 6 >

« Windows sunucunuzu SYN ve DOS saldırısına karşı koruyun ! | Stesbit Saldırı Yapan IP adresi nereye saldiri yapıyor? »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

LinkBacks (?)
LinkBack to this Thread: http://forum.whmdestek.com/guvenlik-makaleleri/39-mod_security-kurulumu.html
Posted By For Type Date
Fedora apache2 Cpanel / whm de Mod security kurulumu ? - Webmaster Forum & Webmaster Okulu This thread Pingback 11.11.07 19:26
ipsconfig panel kurulumu - CMSTURK.NET CMS İYS Webmaster Forumları This thread Refback 08.11.07 20:52
r57 Önlem - Webmaster Zone This thread Pingback 07.07.07 18:59


Sign up for PayPal and start accepting credit card payments instantly.

Navigasyon
WHM
cPanel
Site, Server Genel
Oyun Sunucuları
IRC Sunucuları
Güvenlik
FTP
Database
DNS
SSH
Apache
Mail
Hosting ve Network
OS-İşletim Sistemleri
Hardware
Menü
Contact Us
Anasayfa
Archive
Privacy
Top



WHMDestek.Com © Nisan 2007 | Her Hakkı Saklıdır. | WHMDestek.Com © 2007 April | All rights reserved.
Lütfen, Alıntı yaparken kaynağı belirtmeyi unutmayınız. | Please dont forget to remember citing our name when quoting. (ybsg)