{"id":7003,"date":"2017-09-12T15:11:23","date_gmt":"2017-09-12T07:11:23","guid":{"rendered":"http:\/\/rmohan.com\/?p=7003"},"modified":"2017-09-12T15:11:30","modified_gmt":"2017-09-12T07:11:30","slug":"open-web-application-security-project","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7003","title":{"rendered":"Open Web Application Security Project"},"content":{"rendered":"<p>In today\u2019s article we will guide you through the process of installing mod_security with the OWASP (Open Web Application Security Project) core rule set on a CentOS 7 from source.<\/p>\n<p>ModSecurity is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity must be configured with rules. In order to enable users to take full advantage of ModSecurity out of the box, Trustwave\u2019s SpiderLabs created the OWASP ModSecurity Core Rule Set (CRS) Project. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS provides generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded.<\/p>\n<p>Prerequisites<\/p>\n<p>Log in to your your server as user \u201croot\u201d user credentials and make sure that all packages are up to date. You can make use of below command to update your CentOS 7 server.<\/p>\n<p># yum -y update<br \/>\nAfter system update install the following dependencies as ModSecurity 2.x works only with Apache 2.0.x or higher. Let\u2019s run below command to install apache and its other dependencies as shown below.<\/p>\n<p># yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git<br \/>\nsystem prereq<\/p>\n<p>Installing mod_security<\/p>\n<p>Get the \u2018mod_security\u2019 source package to install on your server from their official website link .mod_security can be installed in most web servers like Nginx, Apache and even Microsoft IIS. But in this tutorial will cover only on a server running Apache.<\/p>\n<p>#cd \/opt\/<br \/>\n#wget https:\/\/www.modsecurity.org\/tarball\/2.9.1\/modsecurity-2.9.1.tar.gz<br \/>\nmod security<\/p>\n<p>Extract the downloaded archive and change the current working directory to the newly extracted directory using below commands.<\/p>\n<p>#tar xzfv modsecurity-2.9.1.tar.gz<br \/>\n#cd modsecurity-2.9.1<br \/>\nNow, using below commands configure, compile and install mod_security from the source code as shown shown.<\/p>\n<p>#.\/configure<br \/>\n# make install<br \/>\ninstalling mod_security<\/p>\n<p>Configure mod_security<\/p>\n<p>After installation setup of mod_security, copy recommended configuration files.<\/p>\n<p># cp modsecurity.conf-recommended \/etc\/httpd\/conf.d\/modsecurity.conf<br \/>\n# cp unicode.mapping \/etc\/httpd\/conf.d\/<br \/>\nNow we need to configure the Apache web server . Open the web server configuration file and add the following lines in it.<\/p>\n<p># vim \/etc\/httpd\/conf\/httpd.conf<br \/>\nLoadModule security2_module modules\/mod_security2.so<br \/>\nLoadModule unique_id_module modules\/mod_unique_id.so<br \/>\nSave the changes using \u2018:wq!\u2019 and restart Apache services.<\/p>\n<p># systemctl restart httpd.service<br \/>\n# systemctl status httpd.service<br \/>\n# systemctl enable httpd.service<br \/>\nmod_security configurations<\/p>\n<p>Installing OWASP<\/p>\n<p>Now we will install OWSAP CRS to be integrated with Apache\u2019s ModSecurity. Use below commands to download and configure OWASP (Open Web Application Security Project) core rule set for a base configuration.<\/p>\n<p># cd \/etc\/httpd<br \/>\n# git clone https:\/\/github.com\/SpiderLabs\/owasp-modsecurity-crs.git<br \/>\n#mv owasp-modsecurity-crs modsecurity-crs<br \/>\n#cd modsecurity-crs<br \/>\n#cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf<br \/>\nNow once again open the Apache configuration file to add the following lines at the end.<\/p>\n<p>#vim \/etc\/httpd\/conf\/httpd.conf<br \/>\nLoadModule security2_module modules\/mod_security2.so<br \/>\nLoadModule unique_id_module modules\/mod_unique_id.so<br \/>\nSo now you\u2019ve installed Mod_Security and OWASP-CRS, it\u2019s time to restart Apache service so the module can be loaded along with its rules.<\/p>\n<p># systemctl restart httpd.service<br \/>\nOWASP setup<\/p>\n<p>Enjoy some basic necessary protection on your Linux CentOS 7 Apache server. It gives you couple of other advantages like below.<\/p>\n<p>Real-time Blacklist Lookups: utilizes 3rd Party IP Reputation<br \/>\nWeb-based Malware Detection: identifies malicious web content by check against the Google Safe Browsing API.<br \/>\nIdentification of Application Defects: alerts on application misconfigurations.<br \/>\nHTTP Denial of Service Protections: defense against HTTP Flooding and Slow HTTP DoS Attacks.<br \/>\nTracking Sensitive Data: Tracks Credit Card usage and blocks leakages.<br \/>\nTrojan Protection: Detecting access to Trojans horses.<br \/>\nIntegration with AV Scanning for File Uploads \u2013 detects malicious files uploaded through the web application.<br \/>\nError Detection and Hiding: Disguising error messages sent by the server.<br \/>\nCommon Web Attacks Protection: detecting common web application security attack.<br \/>\nAutomation Detection: Detecting bots, crawlers, scanners and other surface malicious activity.<br \/>\nHTTP Protection: detecting violations of the HTTP protocol and a locally defined usage policy.<\/p>\n<p>Conclusion<\/p>\n<p>mod_security is basically used to protect and monitor real time HTTP traffic and web applications from brute fore attacks and it also acts as intrusion detection and prevention system for web applications. In order to become useful, ModSecurity must be configured with rules which we can then use OWASP (Open Web Application Security Project) which is a Core Rules Set (CRS) for mod_security base configuration. Thank you for reading this and I hope you find this article useful.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In today\u2019s article we will guide you through the process of installing mod_security with the OWASP (Open Web Application Security Project) core rule set on a CentOS 7 from source.<\/p>\n<p>ModSecurity is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity must be configured with [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,73],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7003"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7003"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7003\/revisions"}],"predecessor-version":[{"id":7004,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7003\/revisions\/7004"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}