Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
An attack or technical problem? Google server downtime issue, and all google services such Gmail, YouTube, Google Docs.. down!
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to keep iptables firewall rules on Linux forever?
1) Permanently saving iptables firewall rules on Linux
You need to use the following commands to keep your iptables firewall rules permanently:
Iptables-save or ip6tables-save command - saves or dumps the contents of IPv4 or IPv6 tables in an easily parsed format to the screen or to a specified file.
Iptables-restore command or ip6tables-restore command -
2) Restores IPv4 or IPv6 firewall rules and tables from a given file on Linux.
Step 1 - Open Terminal
Open a terminal application and enter the following commands.
3) To log into a remote server using the ssh command:
$ ssh admin@server1.iundercode.help
You must enter the following command as root using the sudo or su command.
Step 2. Save the Linux firewall rules for IPv4 and IPv6.
Debian ΠΈ Ubuntu Linux:
$ sudo /sbin/iptables-save > /etc/iptables/rules.v4
## IPv6 ##
$ sudo /sbin/ip6tables-save > /etc/iptables/rules.v6
CentOS / RHEL:
$ sudo /sbin/iptables-save > /etc/sysconfig/iptables
## IPv6 ##
$ sudo /sbin/ip6tables-save > /etc/sysconfig/ip6tables
4) Displaying saved rules on Linux
We can display the saved file using cat command or search using grep / egrep command:
$ cat /etc/iptables/rules.v4
Step 3. Restoring the Linux firewall rules for IPv4 and IPv6.
We'll just reverse the above commands in reverse order for each operating system:
## Debian or Ubuntu ##
$ sudo /sbin/iptables-restore < /etc/iptables/rules.v4
$ sudo /sbin/ip6tables-restore < /etc/iptables/rules.v6
## CentOS/RHEL ##
$ sudo /sbin/iptables-save < /etc/sysconfig/iptables
$ sudo /sbin/ip6tables-save < /etc/sysconfig/ip6tables
Step 4 - Installing the iptables-persistent package for Debian or Ubuntu Linux
5) Note that the following command will conflict with iptables interfaces such as ufw or firewall-cmd. Avoid using the following packages if you are using these tools.
We need to install iptables-persistent.
It will act as a loader for Netfilter rules, the iptables netfilter-persistent plugin, which is a loader for Netfilter configuration using a plugin based architecture.
In other words, automatic loading of saved iptables rules from above files.
6) Enter the following apt command or apt-get command:
$ sudo apt install iptables-persistent
$ sudo apt-get install iptables-persistent
7) Make sure services are enabled on Debian or Ubuntu using the systemctl command:
$ sudo systemctl is-enabled netfilter-persistent.service
If not, enable:
$ sudo systemctl enable netfilter-persistent.service
Checking status:
$ sudo systemctl status netfilter-persistent.service
Step 5 - Install the iptables-services package for RHEL / CentOS
By default, RHEL / CentOS 7 or 8 comes with firewalld.
If you want a good old file firewall, enter the following commands:
$ sudo systemctl stop firewalld.service
$ sudo systemctl disable firewalld.service
$ sudo systemctl mask firewalld.service
$ sudo yum install iptables-services
$ sudo systemctl enable iptables
$ sudo systemctl enable ip6tables
$ sudo systemctl status iptables
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to keep iptables firewall rules on Linux forever?
1) Permanently saving iptables firewall rules on Linux
You need to use the following commands to keep your iptables firewall rules permanently:
Iptables-save or ip6tables-save command - saves or dumps the contents of IPv4 or IPv6 tables in an easily parsed format to the screen or to a specified file.
Iptables-restore command or ip6tables-restore command -
2) Restores IPv4 or IPv6 firewall rules and tables from a given file on Linux.
Step 1 - Open Terminal
Open a terminal application and enter the following commands.
3) To log into a remote server using the ssh command:
$ ssh admin@server1.iundercode.help
You must enter the following command as root using the sudo or su command.
Step 2. Save the Linux firewall rules for IPv4 and IPv6.
Debian ΠΈ Ubuntu Linux:
$ sudo /sbin/iptables-save > /etc/iptables/rules.v4
## IPv6 ##
$ sudo /sbin/ip6tables-save > /etc/iptables/rules.v6
CentOS / RHEL:
$ sudo /sbin/iptables-save > /etc/sysconfig/iptables
## IPv6 ##
$ sudo /sbin/ip6tables-save > /etc/sysconfig/ip6tables
4) Displaying saved rules on Linux
We can display the saved file using cat command or search using grep / egrep command:
$ cat /etc/iptables/rules.v4
Step 3. Restoring the Linux firewall rules for IPv4 and IPv6.
We'll just reverse the above commands in reverse order for each operating system:
## Debian or Ubuntu ##
$ sudo /sbin/iptables-restore < /etc/iptables/rules.v4
$ sudo /sbin/ip6tables-restore < /etc/iptables/rules.v6
## CentOS/RHEL ##
$ sudo /sbin/iptables-save < /etc/sysconfig/iptables
$ sudo /sbin/ip6tables-save < /etc/sysconfig/ip6tables
Step 4 - Installing the iptables-persistent package for Debian or Ubuntu Linux
5) Note that the following command will conflict with iptables interfaces such as ufw or firewall-cmd. Avoid using the following packages if you are using these tools.
We need to install iptables-persistent.
It will act as a loader for Netfilter rules, the iptables netfilter-persistent plugin, which is a loader for Netfilter configuration using a plugin based architecture.
In other words, automatic loading of saved iptables rules from above files.
6) Enter the following apt command or apt-get command:
$ sudo apt install iptables-persistent
$ sudo apt-get install iptables-persistent
7) Make sure services are enabled on Debian or Ubuntu using the systemctl command:
$ sudo systemctl is-enabled netfilter-persistent.service
If not, enable:
$ sudo systemctl enable netfilter-persistent.service
Checking status:
$ sudo systemctl status netfilter-persistent.service
Step 5 - Install the iptables-services package for RHEL / CentOS
By default, RHEL / CentOS 7 or 8 comes with firewalld.
If you want a good old file firewall, enter the following commands:
$ sudo systemctl stop firewalld.service
$ sudo systemctl disable firewalld.service
$ sudo systemctl mask firewalld.service
$ sudo yum install iptables-services
$ sudo systemctl enable iptables
$ sudo systemctl enable ip6tables
$ sudo systemctl status iptables
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Fiji Miner Botnet, which bloomed in the debate on vulnerability, mines cryptocurrency.
#Vulnerabilities
#Vulnerabilities
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Is Tor Safe?
1) That seems to be the question, alright. And to that, well, it really depends on whom you ask, because there are always wolves in sheep's clothing out there who stand to gain from your ignorance. Many say no. A few say yes. The media, for all their expertise in things political and social, come up woefully lacking when something as complex as Tor is discussed.
2) Case in point: Gizmodo reported that in December, 2014, a group of hackers managed to compromise enough Tor relays to decloak Tor users. If you're just hearing this for the first time, part of what makes Tor anonymous is that it relays your data from one node to another. It was believed that if they compromised enough of them, then they could track individual users on the Tor network and reveal their real life identities. Kind of like how the agents in The Matrix find those who've been unplugged.
3) Anyway as luck would have it, it turned out to be kiddie script-hackers with too much time on their hands who simply wanted a new target to hack. Who knows why. Could be that they'd toyed with the Playstation Network and Xbox users long enough and simply wanted a curious peak here and there. These were not superhacker-level NSA members, either.
4) But as is usually the case with the media, this attack attracted the attention of a few bloggers and tech journalists unsympathetic to Tor and frankly, ignorant of what really constitutes a threat. The Tor devs commented on it, too:
"This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far."
(from tor book)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Is Tor Safe?
1) That seems to be the question, alright. And to that, well, it really depends on whom you ask, because there are always wolves in sheep's clothing out there who stand to gain from your ignorance. Many say no. A few say yes. The media, for all their expertise in things political and social, come up woefully lacking when something as complex as Tor is discussed.
2) Case in point: Gizmodo reported that in December, 2014, a group of hackers managed to compromise enough Tor relays to decloak Tor users. If you're just hearing this for the first time, part of what makes Tor anonymous is that it relays your data from one node to another. It was believed that if they compromised enough of them, then they could track individual users on the Tor network and reveal their real life identities. Kind of like how the agents in The Matrix find those who've been unplugged.
3) Anyway as luck would have it, it turned out to be kiddie script-hackers with too much time on their hands who simply wanted a new target to hack. Who knows why. Could be that they'd toyed with the Playstation Network and Xbox users long enough and simply wanted a curious peak here and there. These were not superhacker-level NSA members, either.
4) But as is usually the case with the media, this attack attracted the attention of a few bloggers and tech journalists unsympathetic to Tor and frankly, ignorant of what really constitutes a threat. The Tor devs commented on it, too:
"This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far."
(from tor book)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
The 5G security forum is held by the Korea Information Security Industry Association.
#international
#international
Forwarded from UNDERCODE NEWS
Oracle escapes from Silicon Valley. Experts: Wow, how the state-owned company collapsed!
#international
#international
Forwarded from UNDERCODE NEWS
Satellite positioning tracking systems to apply to high-precision positioning and autonomous driving with Super Formula at 290 km / h
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Redis different data types usage scenario code examples:
1) String
The String data structure is a simple key-value type, and the value can be not only a String, but also a number.
Conventional key-value cache application;
Regular counting: the number of Weibo, the number of fans, etc.
2) hash
Redis hash is a mapping table between field and value of string type, and hash is particularly suitable for storing objects.
Store some changed data, such as user information, etc.
3) list
A list is a linked list, and anyone with a little knowledge of data structure should be able to understand its structure. Using the Lists structure, we can easily realize the latest news ranking and other functions. Another application of List is the message queue. You can use the PUSH operation of the List to store tasks in the List, and then the worker thread will use the POP operation to take out the tasks for execution. Redis also provides an api to manipulate a certain section of the List. You can directly query and delete a certain section of the List.
Redis's list is a doubly linked list in which each child element is of type String. You can add or delete elements from the head or tail of the list through push and pop operations, so that the List can be used as a stack or a queue.
4) Message queue system
Use list to build a queue system, and use sorted set to build a priority queue system.
For example: The Redis as the log collector
is actually still a queue multiple endpoints writes log information Redis, then a worker will unify all logs to disk.
The operation of fetching the latest N data
//Add the current login person to the linked list
ret = r.lpush("login:last_login_times", uid)
//Keep only N bits in the linked list
ret = redis.ltrim("login:last_login_times", 0, N-1)
/ /Get the list of the first N latest login user IDs
last_login_list = r.lrange("login:last_login_times", 0, N-1)
For example, Sina Weibo:
In Redis, our latest Weibo ID uses a resident cache, which is always updated. However, the limit cannot exceed 5000 IDs, so the function that gets IDs will always ask Redis. Only when the start/count parameter exceeds this range, you need to access the database.
> The system does not "refresh" the cache like the traditional way, and the information in the Redis instance is always consistent. The SQL database (or other types of databases on the hard disk) is only triggered when the user needs to get "very far away" data, and the homepage or the first comment page will not bother the database on the hard disk.
5) set
A set is a collection, and the concept of a collection is a combination of unique values. Using the set data structure provided by Redis, some collective data can be stored. The elements in the set are in no order.
Case:
In the Weibo application, all the followers of a user can be stored in a collection, and all its fans can be stored in a collection. Redis also provides operations such as intersection, union, and difference for collections, which can easily implement functions such as common attention, common preference, and second-degree friends. For all the above collection operations, you can also use different command options Whether to return the result to the client or save the collection to a new collection.
Intersection, union, difference
//The book table stores the book name
set book:1:name "The Ruby Programming Language"
set book:2:name "Ruby on rail"
set book:3:name "Programming Erlang"
//tag table uses sets to store data, because sets are good at intersection and union
sadd tag:ruby 1
sadd tag:ruby 2
sadd tag:web 2
sadd tag:erlang 3
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Redis different data types usage scenario code examples:
1) String
The String data structure is a simple key-value type, and the value can be not only a String, but also a number.
Conventional key-value cache application;
Regular counting: the number of Weibo, the number of fans, etc.
2) hash
Redis hash is a mapping table between field and value of string type, and hash is particularly suitable for storing objects.
Store some changed data, such as user information, etc.
3) list
A list is a linked list, and anyone with a little knowledge of data structure should be able to understand its structure. Using the Lists structure, we can easily realize the latest news ranking and other functions. Another application of List is the message queue. You can use the PUSH operation of the List to store tasks in the List, and then the worker thread will use the POP operation to take out the tasks for execution. Redis also provides an api to manipulate a certain section of the List. You can directly query and delete a certain section of the List.
Redis's list is a doubly linked list in which each child element is of type String. You can add or delete elements from the head or tail of the list through push and pop operations, so that the List can be used as a stack or a queue.
4) Message queue system
Use list to build a queue system, and use sorted set to build a priority queue system.
For example: The Redis as the log collector
is actually still a queue multiple endpoints writes log information Redis, then a worker will unify all logs to disk.
The operation of fetching the latest N data
//Add the current login person to the linked list
ret = r.lpush("login:last_login_times", uid)
//Keep only N bits in the linked list
ret = redis.ltrim("login:last_login_times", 0, N-1)
/ /Get the list of the first N latest login user IDs
last_login_list = r.lrange("login:last_login_times", 0, N-1)
For example, Sina Weibo:
In Redis, our latest Weibo ID uses a resident cache, which is always updated. However, the limit cannot exceed 5000 IDs, so the function that gets IDs will always ask Redis. Only when the start/count parameter exceeds this range, you need to access the database.
> The system does not "refresh" the cache like the traditional way, and the information in the Redis instance is always consistent. The SQL database (or other types of databases on the hard disk) is only triggered when the user needs to get "very far away" data, and the homepage or the first comment page will not bother the database on the hard disk.
5) set
A set is a collection, and the concept of a collection is a combination of unique values. Using the set data structure provided by Redis, some collective data can be stored. The elements in the set are in no order.
Case:
In the Weibo application, all the followers of a user can be stored in a collection, and all its fans can be stored in a collection. Redis also provides operations such as intersection, union, and difference for collections, which can easily implement functions such as common attention, common preference, and second-degree friends. For all the above collection operations, you can also use different command options Whether to return the result to the client or save the collection to a new collection.
Intersection, union, difference
//The book table stores the book name
set book:1:name "The Ruby Programming Language"
set book:2:name "Ruby on rail"
set book:3:name "Programming Erlang"
//tag table uses sets to store data, because sets are good at intersection and union
sadd tag:ruby 1
sadd tag:ruby 2
sadd tag:web 2
sadd tag:erlang 3
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Not only google and youtube. Down network: Tim, WindTre, Vodafone and Iliad, here are today's problems
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
HACKING RESOURCES "
- [pwnsecurity.net](http://www.pwnsecurity.net/) - by [Shashank](https://twitter.com/cyberboyIndia)
- [breaksec.com](https://www.breaksec.com/) - by [Nir Goldshlager]
- [pwndizzle.blogspot.in](http://pwndizzle.blogspot.in/) - by [Alex Davies]
- [c0rni3sm.blogspot.in](http://c0rni3sm.blogspot.in/) - by [yappare
- [exploit.co.il/blog](http://exploit.co.il/blog/) - by [Shai rod]
- [ibreak.software](https://ibreak.software/) - by [Riyaz Ahemed Walikar]
- [panchocosil.blogspot.in](http://panchocosil.blogspot.in/) - by [Francisco Correa]
- [breakingmesh.blogspot.in](http://breakingmesh.blogspot.in/)
- [websecresearch.com](http://www.websecresearch.com/) - by [ Ajay Singh Negi]
- [securitylearn.net](http://www.securitylearn.net/about/) - by [Satish Bommisetty]
- [secinfinity.net](http://www.secinfinity.net/) - by Prakash Sharma
β β β Uππ»βΊπ«Δπ¬πβ β β β
HACKING RESOURCES "
- [pwnsecurity.net](http://www.pwnsecurity.net/) - by [Shashank](https://twitter.com/cyberboyIndia)
- [breaksec.com](https://www.breaksec.com/) - by [Nir Goldshlager]
- [pwndizzle.blogspot.in](http://pwndizzle.blogspot.in/) - by [Alex Davies]
- [c0rni3sm.blogspot.in](http://c0rni3sm.blogspot.in/) - by [yappare
- [exploit.co.il/blog](http://exploit.co.il/blog/) - by [Shai rod]
- [ibreak.software](https://ibreak.software/) - by [Riyaz Ahemed Walikar]
- [panchocosil.blogspot.in](http://panchocosil.blogspot.in/) - by [Francisco Correa]
- [breakingmesh.blogspot.in](http://breakingmesh.blogspot.in/)
- [websecresearch.com](http://www.websecresearch.com/) - by [ Ajay Singh Negi]
- [securitylearn.net](http://www.securitylearn.net/about/) - by [Satish Bommisetty]
- [secinfinity.net](http://www.secinfinity.net/) - by Prakash Sharma
β β β Uππ»βΊπ«Δπ¬πβ β β β
Pwnsecurity
Pwnsecurity - Security and tech expert
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Apache protection against brute-force and DDoS using Mod_Security and Mod_evasive modules
Step 1. Installing Iptables Firewall on RHEL / CentOS 8/7 and Fedora
First, stop and disable firewalld:
# systemctl stop firewalld
# systemctl disable firewalld
Then install the iptables-services package before enabling iptables:
# yum update && yum install iptables-services
# systemctl enable iptables
# systemctl start iptables
# systemctl status iptables
Step 2: Install Mod_Security and Mod_evasive
Besides installing LAMP, you also need to enable EPEL repository on RHEL / CentOS 8/7 in order to install both packages.
Fedora users don't need to enable the repo because epel is already part of the Fedora project.
# yum update && yum install mod_security mod_evasive
--------------- CentOS / RHEL 8 ---------------
# dnf install https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-1.el8.noarch.rpm
# dnf --enablerepo = raven-extras install mod_evasive
When the installation is complete, you will find the configuration files for both tools in /etc/httpd/conf.d.
# ls -l /etc/httpd/conf.d
Now, to combine these two modules with Apache and load them at startup, make sure the following lines appear in the top level section of mod_evasive.conf and mod_security.conf respectively:
LoadModule evasive20_module modules / mod_evasive24.so
LoadModule security2_module modules / mod_security2.so
Note that modules / mod_security2.so and modules / mod_evasive24.so are relative paths to the / etc / httpd directory.
You can check this (and change it if necessary) by listing the contents of the / etc / httpd / modules directory:
# cd / etc / httpd / modules
# pwd
# ls -l | grep -Ei '(evasive | security)'
Then restart Apache and make sure it loads mod_evasive and mod_security:
# systemctl restart httpd
Dump the list of loaded static and shared modules.
# httpd -M | grep -Ei '(evasive | security)'
Step 3: Install the core ruleset and configure Mod_Security
In a nutshell, the Core Rule Set (aka CRS) provides the web server with instructions on how to behave under certain conditions.
The developer firm mod_security provides a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS, which can be downloaded and installed as follows.
1. Download the OWASP CRS to the directory created for this purpose.
# mkdir / etc / httpd / crs-itsecforu
# cd / etc / httpd / crs-itsecforu
# wget -c https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0.tar.gz -O master
2. Unpack the CRS file and change the directory name as you wish.
# tar xzf master
# mv owasp-modsecurity-crs-3.2.0 owasp-modsecurity-crs
3. Now it's time to configure mod_security.
Copy the example file with rules (owasp-modsecurity-crs / modsecurity_crs_10_setup.conf.example) to another file without the .example extension:
# cd owasp-modsecurity-crs /
# cp crs-setup.conf.example crs-setup.conf
and tell Apache to use this file along with the module by inserting the following lines into the main web server configuration file /etc/httpd/conf/httpd.conf.
If you decide to unpack the archive into a different directory, you will need to edit the paths:
<IfModule security2_module>
Include crs-itsecforu / owasp-modsecurity-crs / crs-setup.conf
Include crs-itsecforu / owasp-modsecurity-crs / rules / *. Conf
</IfModule>
Finally, it is a good idea to create our own config file in the /etc/httpd/modsecurity.d directory where we put our custom directives (in the next example we'll call it itsecforu.conf) instead of modifying the CRS files directly. , E it will simplify the CRS updated as new versions are released.
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text / plain text / html text / xml application / octet-stream
SecDataDir / tmp
</IfModule>
Step 4: Configuring Mod_Evasive
mod_evasive is configured using directives in /etc/httpd/conf.d/mod_evasive.conf.
π¦π Apache protection against brute-force and DDoS using Mod_Security and Mod_evasive modules
Step 1. Installing Iptables Firewall on RHEL / CentOS 8/7 and Fedora
First, stop and disable firewalld:
# systemctl stop firewalld
# systemctl disable firewalld
Then install the iptables-services package before enabling iptables:
# yum update && yum install iptables-services
# systemctl enable iptables
# systemctl start iptables
# systemctl status iptables
Step 2: Install Mod_Security and Mod_evasive
Besides installing LAMP, you also need to enable EPEL repository on RHEL / CentOS 8/7 in order to install both packages.
Fedora users don't need to enable the repo because epel is already part of the Fedora project.
# yum update && yum install mod_security mod_evasive
--------------- CentOS / RHEL 8 ---------------
# dnf install https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-1.el8.noarch.rpm
# dnf --enablerepo = raven-extras install mod_evasive
When the installation is complete, you will find the configuration files for both tools in /etc/httpd/conf.d.
# ls -l /etc/httpd/conf.d
Now, to combine these two modules with Apache and load them at startup, make sure the following lines appear in the top level section of mod_evasive.conf and mod_security.conf respectively:
LoadModule evasive20_module modules / mod_evasive24.so
LoadModule security2_module modules / mod_security2.so
Note that modules / mod_security2.so and modules / mod_evasive24.so are relative paths to the / etc / httpd directory.
You can check this (and change it if necessary) by listing the contents of the / etc / httpd / modules directory:
# cd / etc / httpd / modules
# pwd
# ls -l | grep -Ei '(evasive | security)'
Then restart Apache and make sure it loads mod_evasive and mod_security:
# systemctl restart httpd
Dump the list of loaded static and shared modules.
# httpd -M | grep -Ei '(evasive | security)'
Step 3: Install the core ruleset and configure Mod_Security
In a nutshell, the Core Rule Set (aka CRS) provides the web server with instructions on how to behave under certain conditions.
The developer firm mod_security provides a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS, which can be downloaded and installed as follows.
1. Download the OWASP CRS to the directory created for this purpose.
# mkdir / etc / httpd / crs-itsecforu
# cd / etc / httpd / crs-itsecforu
# wget -c https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0.tar.gz -O master
2. Unpack the CRS file and change the directory name as you wish.
# tar xzf master
# mv owasp-modsecurity-crs-3.2.0 owasp-modsecurity-crs
3. Now it's time to configure mod_security.
Copy the example file with rules (owasp-modsecurity-crs / modsecurity_crs_10_setup.conf.example) to another file without the .example extension:
# cd owasp-modsecurity-crs /
# cp crs-setup.conf.example crs-setup.conf
and tell Apache to use this file along with the module by inserting the following lines into the main web server configuration file /etc/httpd/conf/httpd.conf.
If you decide to unpack the archive into a different directory, you will need to edit the paths:
<IfModule security2_module>
Include crs-itsecforu / owasp-modsecurity-crs / crs-setup.conf
Include crs-itsecforu / owasp-modsecurity-crs / rules / *. Conf
</IfModule>
Finally, it is a good idea to create our own config file in the /etc/httpd/modsecurity.d directory where we put our custom directives (in the next example we'll call it itsecforu.conf) instead of modifying the CRS files directly. , E it will simplify the CRS updated as new versions are released.
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text / plain text / html text / xml application / octet-stream
SecDataDir / tmp
</IfModule>
Step 4: Configuring Mod_Evasive
mod_evasive is configured using directives in /etc/httpd/conf.d/mod_evasive.conf.
Since there are no update rules during package update, we do not need a separate file to add custom directives, unlike mod_security.
The mod_evasive.conf file has the following directives enabled by default (note that there are many comments in this file, so we removed them to highlight the configuration directives):
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
β β β Uππ»βΊπ«Δπ¬πβ β β β
The mod_evasive.conf file has the following directives enabled by default (note that there are many comments in this file, so we removed them to highlight the configuration directives):
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Ali Baba got a fine of 1.5 million! Why did the antitrust rule go online after 12 years?
#international
#international
