Отчёт по Пр. Заданию 4

# Отчёт по Пр. Заданию 4 ###### tags: `Web basic` Установка ModSecurity и nginx по мануалу из Дополнительного материала Add Latest Nginx PPA Install latest Nginx (MAINLINE): sudo add-apt-repository ppa:ondrej/nginx-mainline -y && sudo apt update ![](https://i.imgur.com/B6UKc3A.png) Add Nginx Source Code to Repository sudo nano /etc/apt/sources.list.d/ondrej-ubuntu-nginx-mainline-*.list sudo apt update ![](https://i.imgur.com/ssEabig.png) Download Nginx Source Install Dependencies and Execute Download Verify Source Version sudo mkdir /usr/local/src/nginx && cd /usr/local/src/nginx sudo apt install dpkg-dev -y && sudo apt source nginx ls nginx -v sudo apt install git -y ![](https://i.imgur.com/XawnlfZ.png) Install libmodsecurity3 for ModSecurity Clone ModSecurity Repsoitory from Github Install libmodsecurity3 Dependencies git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity /usr/local/src/ModSecurity/ cd /usr/local/src/ModSecurity/ sudo apt install gcc make build-essential autoconf automake libtool libcurl4-openssl-dev liblua5.3-dev libfuzzy-dev ssdeep gettext pkg-config libpcre3 libpcre3-dev libxml2 libxml2-dev libcurl4 libgeoip-dev libyajl-dev doxygen -y ![](https://i.imgur.com/86dze1F.png) Building the ModSecurity Environment git submodule init git submodule update ./build.sh ![](https://i.imgur.com/BF6PHHf.png) Building the ModSecurity Environment ./configure ![](https://i.imgur.com/2dJwbIf.png) Compiling the ModSecurity Source Code make -j4 (т.к. для данной машины я выделил в Vbox 4 ядра и процесс прошёл гораздо быстрее нежели без флага -j) ![](https://i.imgur.com/1vKfk7b.png) sudo make install ![](https://i.imgur.com/USbviHJ.png) Install ModSecurity-nginx Connector Clone ModSecurity-nginx Repsoitory from Github Install ModSecurity-nginx Dependencies sudo git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git /usr/local/src/ModSecurity-nginx/ cd /usr/local/src/nginx/nginx-1.23.1 sudo apt build-dep nginx && sudo apt install uuid-dev -y ![](https://i.imgur.com/CxFTyTW.png) Install ModSecurity-nginx Dependencies sudo ./configure --with-compat --add-dynamic-module=/usr/local/src/ModSecurity-nginx ![](https://i.imgur.com/W5Awr5K.png) Install ModSecurity-nginx Dependencies sudo make modules ![](https://i.imgur.com/V6EJgXJ.png) Load and Configure ModSecurity-nginx Connector with Nginx Enable ModSecurity in nginx.conf Create and Configure Directory and Files for ModSecurity ![](https://i.imgur.com/KEqYXRE.png) To change this behavior to (on) on line 7 ![](https://i.imgur.com/lgjOm0x.png) change on line 224 in same file to correct string ![](https://i.imgur.com/QtWiPHR.png) sudo nano /etc/nginx/modsec/modsec-config.conf incert string in file ![](https://i.imgur.com/KVina00.png) sudo cp /usr/local/src/ModSecurity/unicode.mapping /etc/nginx/modsec/ sudo nginx -t ![](https://i.imgur.com/dnjt9hG.png) Install OWASP Core Rule Set for ModSecurity wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.2.zip ![](https://i.imgur.com/6v7bF5k.png) sudo apt-get install unzip -y sudo unzip v3.3.2.zip -d /etc/nginx/modsec ![](https://i.imgur.com/F6Y3txi.png) sudo cp /etc/nginx/modsec/coreruleset-3.3.2/crs-setup.conf.example /etc/nginx/modsec/coreruleset-3.3.2/crs-setup.conf ![](https://i.imgur.com/TJCdW9g.png) sudo nano /etc/nginx/modsec/modsec-config.conf incert 3 string in file ![](https://i.imgur.com/vFbKZW7.png) sudo nginx -t ![](https://i.imgur.com/mAhBRTv.png) Test OWASP CRS is working on server ![](https://i.imgur.com/o2GABF6.png) Create ModSecurity LogRotate file ![](https://i.imgur.com/WrvxZ06.png) reverse-proxy ![](https://i.imgur.com/sMJsKyU.png) Теперь справа ubuntuWAF с установленным ModSecurity (ip 192.168.1.19) и слева ubuntu с установленным docker и магазином в нём (ip 192.168.1.22) В итоге машинка WAF является проксёй для машинки с магазином. ![](https://i.imgur.com/oJ48QDJ.png) ![](https://i.imgur.com/kj9jZCM.png) Атаки 1 атака (SQL ingection) На странице Login ввёл в поле Email строку: administratot'-- ![](https://i.imgur.com/NRnmrl0.png) Лог относящийся к данной атаке ![](https://i.imgur.com/de7ZlU3.png) 2 атака (XSS) На странице Customer Feedback в поле Комеентариев ввёл: <script>alert(1)</script> ![](https://i.imgur.com/MXlMM35.png) ![](https://i.imgur.com/y0tP6nE.png) Лог относящийся к данной атаке ![](https://i.imgur.com/kU0BlHl.png) 3 атака (Path traversal) В BurpSuite отправил POST запрос к /etc/passwd файлу сервера ![](https://i.imgur.com/ANp0EH4.png) Лог относящийся к данной атаке ![](https://i.imgur.com/oSUlQaR.png) Все Логи ![](https://i.imgur.com/pABqbmD.png) ![](https://i.imgur.com/cNhQD2G.png) Другие логи ![](https://i.imgur.com/D2cdFuX.png) ![](https://i.imgur.com/4kBJJ30.png) ![](https://i.imgur.com/beKHZYp.png) ![](https://i.imgur.com/MjPSHMO.png) ![](https://i.imgur.com/Y37IvRv.png)