| |
12-01-2007, 19:25:52
| ||||
| ||||
 Apache Security Modülü ( mod_sec ) Kurulum kısmı tek tık ile hallolsada ruleset kısmında "acaba ne yazmalıyım?" tarzında sorusu olabilicek sunucu sahipleri için minik bir how-to. WHM'ye giriyoruz, soldaki "cPanel" menümüzden "Addon Modules" linkini tıklıyoruz ve sağdan "modsecurity" bölgesindeki "Install and Keep Updated" checkbox'ini klikleyip yallah diyoruz. ardından.. sunucumuza SSH üzerinden root ile giriş yapıyoruz.. #cd /usr/local/apache/conf/ yazarak modsecurity'nin ayar dosyalarının yamacına gidiyoruz. #rm -rf modsec.conf yazarak mevcut conf'u siliyoruz. ekdeki modsec.conf'u text editörünüz ile açıp sunucuda.. #pico -w modsec.conf komutu ile modsec.conf oluşturup lokaldeki modsec.conf'un içeriğini oraya pasteliyoruz ve kaydedip çıkıyoruz. #pico -w modsec.snort.conf snort.org tarafından tespit edilmiş bilimum atağı engelleyecek ruleset'i http://modsecurity.org/documentation...dsec-rules.txt adresinden temin edip modsec.snort.conf'un içine kaydedip çıkıyoruz. #/scripts/restartsrv httpd diyerekten apache'mizi yeniden başlatıyoruz ve olayımız bitiyor. arzu ederseniz biraz google kasarak modsec.conf için çeşitli kurallar bulabilirsiniz. ben snort dışında ek hiçbirşey kulanmıyorum. tercih sizin. afiet NOT : eger snortda soun yaşarsanız 2inci sayfadaki mesajımda verdiğim modsec.conf'u snortsuz bir şekilde kulanabilirsiniz.
__________________ Geleceğin Türkçe dizininde yer alın | Domain Kayıt Servisi Who wants to live forever? | En Ucuz Alan Adı Kayıt Bayiliği  |
|
14-01-2007, 23:41:41
| |||
| |||
| direk whm kullanarak bu kural dosyasınıda kullanabilirsiniz çok sıkıdır özel yapım bazı scriptlerde hata verdirebilir csf varsa mod sec ile beraber çalıştırabilirsiniz birçokkes kuralları ihlal edeni banlayacaktır deneyin. Kod: SecFilterEngine Off SecServerSignature " " SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding On SecFilterForceByteRange 1 255 SecAuditEngine RelevantOnly SecAuditLog /var/log/httpd/audit_log SecFilterScanPOST On SecFilterDefaultAction "deny,log,status:500" # istekler HTTP_USER_AGENT ve HTTP_HOST hepsi #SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$" # XSS için SecFilter "<[[:space:]]*script" SecFilter "delete[[:space:]]+from" SecFilter "insert[[:space:]]+into" SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$" SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$" SecFilterSelective THE_REQUEST "/bin/ps" SecFilterSelective THE_REQUEST "ps\x20" SecFilter "wget\x20" SecFilter "uname\x20-a" SecFilterSelective THE_REQUEST "/usr/bin/id" SecFilter "\;id" SecFilterSelective THE_REQUEST "/bin/kill" SecFilterSelective THE_REQUEST "/usr/bin/chsh" SecFilter "tftp\x20" SecFilterSelective THE_REQUEST "/usr/bin/gcc" SecFilter "gcc\x20-o" SecFilterSelective THE_REQUEST "/usr/bin/cc" SecFilter "cc\x20" SecFilterSelective THE_REQUEST "/usr/bin/cpp" SecFilter "cpp\x20" SecFilterSelective THE_REQUEST "/usr/bin/g\+\+" SecFilter "g\+\+\x20" SecFilterSelective THE_REQUEST "bin/python" SecFilter "python\x20" SecFilter "bin/tclsh" SecFilter "tclsh8\x20" SecFilterSelective THE_REQUEST "bin/nasm" SecFilter "nasm\x20" SecFilter "perl\x20" SecFilter "traceroute\x20" SecFilterSelective THE_REQUEST "/bin/ping" SecFilter "nc\x20" SecFilter "nmap\x20" SecFilterSelective THE_REQUEST "/usr/X11R6/bin/xterm" SecFilter "\x20-display\x20" SecFilter "lsof\x20" SecFilter "rm\x20" SecFilterSelective THE_REQUEST "/bin/mail" SecFilterSelective THE_REQUEST "/bin/ls" SecFilter "/etc/shadow" SecFilterSelective THE_REQUEST "\.htgroup" SecFilter " /HTTP/1\." SecFilterSelective THE_REQUEST "/formmail" chain SecFilter "\x0a" SecFilterSelective THE_REQUEST "/formmail" log,pass SecFilterSelective THE_REQUEST "/phf" chain SecFilter "\x0a/" SecFilterSelective THE_REQUEST "/phf" log,pass SecFilterSelective THE_REQUEST "/phf" chain SecFilter "\x0a/" SecFilterSelective THE_REQUEST "/phf" log,pass SecFilterSelective THE_REQUEST "/rksh" SecFilterSelective THE_REQUEST "/bash" log,pass SecFilterSelective THE_REQUEST "/zsh" SecFilterSelective THE_REQUEST "/csh" SecFilterSelective THE_REQUEST "/tcsh" SecFilterSelective THE_REQUEST "/rsh" SecFilterSelective THE_REQUEST "/ksh" SecFilter "javascript\://" SecFilterSelective THE_REQUEST "/fpsrvadm\.exe" log,pass SecFilterSelective THE_REQUEST "/fpremadm\.exe" log,pass SecFilterSelective THE_REQUEST "/admisapi/fpadmin\.htm" log,pass SecFilterSelective THE_REQUEST "/scripts/Fpadmcgi\.exe" log,pass SecFilterSelective THE_REQUEST "/_private/orders\.txt" log,pass SecFilterSelective THE_REQUEST "/_private/form_results\.txt" log,pass SecFilterSelective THE_REQUEST "/_private/registrations\.htm" log,pass SecFilterSelective THE_REQUEST "/cfgwiz\.exe" log,pass SecFilterSelective THE_REQUEST "/authors\.pwd" log,pass SecFilterSelective THE_REQUEST "/_vti_bin/_vti_aut/author\.exe" log,pass SecFilterSelective THE_REQUEST "/administrators\.pwd" log,pass SecFilterSelective THE_REQUEST "/_private/form_results\.htm" log,pass SecFilterSelective THE_REQUEST "/_vti_pvt/access\.cnf" log,pass SecFilterSelective THE_REQUEST "/_private/register\.txt" log,pass SecFilterSelective THE_REQUEST "/_private/registrations\.txt" log,pass SecFilterSelective THE_REQUEST "/_vti_pvt/service\.cnf" log,pass SecFilterSelective THE_REQUEST "/service\.pwd" log,pass SecFilterSelective THE_REQUEST "/_vti_pvt/service\.stp" log,pass SecFilterSelective THE_REQUEST "/_vti_pvt/services\.cnf" log,pass SecFilterSelective THE_REQUEST "/_vti_bin/shtml\.exe" log,pass SecFilterSelective THE_REQUEST "/_vti_pvt/svcacl\.cnf" log,pass SecFilterSelective THE_REQUEST "/users\.pwd" log,pass SecFilterSelective THE_REQUEST "/_vti_pvt/writeto\.cnf" log,pass SecFilterSelective THE_REQUEST "/dvwssr\.dll" log,pass SecFilterSelective THE_REQUEST "/_private/register\.htm" log,pass SecFilterSelective THE_REQUEST "/_vti_bin/" log,pass SecFilter "img src=javascript" SecFilter "\.htpasswd" SecFilter "\.htaccess" SecFilter "cd\.\." SecFilterSelective THE_REQUEST "///cgi-bin" SecFilterSelective THE_REQUEST "/cgi-bin///" SecFilterSelective THE_REQUEST "/~root" SecFilterSelective THE_REQUEST "/~ftp" SecFilter "cat\x20" SecFilterSelective THE_REQUEST "/rpm_query" SecFilterSelective THE_REQUEST "/htgrep" chain SecFilter "hdr=/" SecFilterSelective THE_REQUEST "/htgrep" log,pass SecFilterSelective THE_REQUEST "/\.history" SecFilterSelective THE_REQUEST "/\.bash_history" SecFilterSelective THE_REQUEST "/~nobody" SecFilterSelective THE_REQUEST "/*\x0a\.pl" SecFilter "CCCCCCC\: AAAAAAAAAAAAAAAAAAA" SecFilter "chunked" SecFilterSelective THE_REQUEST "/left_main\.php" chain SecFilter "cmdd=" SecFilterSelective THE_REQUEST "/dnstools\.php" chain SecFilter "user_dnstools_administrator=true" SecFilterSelective THE_REQUEST "/dnstools\.php" chain SecFilter "user_logged_in=true" SecFilterSelective THE_REQUEST "/dnstools\.php" log,pass SecFilterSelective THE_REQUEST "/dostuff\.php\?action=modify_user" SecFilterSelective THE_REQUEST "/dostuff\.php" log,pass. SecFilterSelective THE_REQUEST "<script" SecFilterSelective THE_REQUEST "\?STRENGUR" SecFilter "_PHPLIB\[libdir\]"
__________________ Netinternet Telekom |
|
22-01-2007, 05:10:26
| |||
| |||
| yokmu üretim? bu bölümler çok sessiz ama  canım sıkılıyo bak...
__________________ Netinternet Telekom |
|
22-01-2007, 05:40:00
| |||
| |||
| Alıntı:
 yavas yavas herseyi 1 anda halledersek şevkin kaçar 1 ay sonra foruma girmemeye baslarsın |
|
22-01-2007, 22:35:55
| ||||
| ||||
| SecFilterSelective THE_REQUEST "dc.pl " SecFilterSelective THE_REQUEST "wget " SecFilterSelective THE_REQUEST "phpshell " SecFilterSelective THE_REQUEST "phpshell.php " SecFilterSelective THE_REQUEST "lynx " SecFilterSelective THE_REQUEST "scp " SecFilterSelective THE_REQUEST "ftp " SecFilterSelective THE_REQUEST "cvs " SecFilterSelective THE_REQUEST "rcp " SecFilterSelective THE_REQUEST "curl " SecFilterSelective THE_REQUEST "telnet " SecFilterSelective THE_REQUEST "perl " SecFilterSelective THE_REQUEST "b0t.tmp " SecFilterSelective THE_REQUEST "bt.pl " SecFilterSelective THE_REQUEST "fetch " SecFilterSelective THE_REQUEST "ssh " SecFilterSelective THE_REQUEST "echo " SecFilterSelective THE_REQUEST "links -dump " SecFilterSelective THE_REQUEST "links -dump-charset " SecFilterSelective THE_REQUEST "links -dump-width " SecFilterSelective THE_REQUEST "links http:// " SecFilterSelective THE_REQUEST "links ftp:// " SecFilterSelective THE_REQUEST "links -source " SecFilterSelective THE_REQUEST "mkdir " SecFilterSelective THE_REQUEST "cd /tmp " SecFilterSelective THE_REQUEST "cd /var/tmp " SecFilterSelective THE_REQUEST "cd /tmp/ " SecFilterSelective THE_REQUEST "cd /var/tmp/ " SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy " SecFilterSelective THE_REQUEST "/config.php?v=1&DIR " SecFilterSelective THE_REQUEST "&highlight=%2527%252E " SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php " SecFilterSelective THE_REQUEST "arta\.zip " SecFilterSelective THE_REQUEST "cmd=cd\x20/var " SecFilterSelective THE_REQUEST "cmd=cd\x20/tmp " SecFilterSelective THE_REQUEST "cmd=cd\x20/var/tmp " SecFilterSelective THE_REQUEST "cmd=cd\x20/tmp/ " SecFilterSelective THE_REQUEST "cmd=cd\x20/var/tmp/ " SecFilterSelective THE_REQUEST "HCL_path=http " SecFilterSelective THE_REQUEST "clamav-partial " SecFilterSelective THE_REQUEST "vi\.recover " SecFilterSelective THE_REQUEST "netenberg " SecFilterSelective THE_REQUEST "psybnc " SecFilterSelective THE_REQUEST "fantastico_de_luxe " SecFilterSelective THE_REQUEST "tool.gif?cmd " SecFilterSelective THE_REQUEST "rm -rf " en sık kullandıklarım bunlar
__________________ Geleceğin Türkçe dizininde yer alın | Domain Kayıt Servisi Who wants to live forever? | En Ucuz Alan Adı Kayıt Bayiliği |
|
22-01-2007, 23:29:15
| |||
| |||
| SecFilterSelective THE_REQUEST "phpshell.php " demiş mesela okan r57.php de yapabilirsiniz mesela üretin arkadaşlar çok basittir bu olay...
__________________ Netinternet Telekom |
|
22-01-2007, 23:39:46
| ||||
| ||||
| "c99" bunuda ekleyelim bence Osman
__________________ Geleceğin Türkçe dizininde yer alın | Domain Kayıt Servisi Who wants to live forever? | En Ucuz Alan Adı Kayıt Bayiliği |
|
30-01-2007, 08:23:48
| |||
| |||
| Fazla security bir mod Bazı portalların admin panellerine ulaşmanızı da engelleyebiliyor |
|
24-02-2007, 07:40:34
| ||||
| ||||
| ahanda size yepyeni birşey ekliyorum sıkı durun Kod: SecFilterSelective ARGS "<.+>" iyiçalışmalar.
__________________ Click for Power! |
|
26-04-2007, 17:31:48
| |||
| |||
| snort.conf ta sorun var root@fast [/usr/local/apache/conf]# service httpd restart /etc/init.d/httpd restart: httpd not running, trying to start Syntax error on line 141 of /usr/local/apache/conf/modsec.snort.conf: Invalid regular expression: \x00 /etc/init.d/httpd restart: httpd could not be started root@fast [/usr/local/apache/conf]# |
 |
| Konuyu Toplam 1 Üye okuyor. (0 Kayıtlı üye ve 1 Misafir) | |
| Seçenekler | |
| Stil | |
| |
Benzer Konular | ||||
| Konu | Konuyu Başlatan | Forum | Cevaplar | Son Mesaj |
| Emlak Modülü - Hot.Property.v0.96 | clubberjam | Joomla Eklentileri | 4 | 22-07-2008 07:04:25 |
| (CSF) ConfigServer Security & Firewall | Ni-Osman | Linux | 27 | 04-09-2007 09:07:17 |
| Referans ile üye olma modülü | Serdar ARSLAN | SMF | 12 | 25-07-2007 16:49:30 |
| XCGAL Modülü Kurulumu | Outface | Diğer CMS Sistemler | 0 | 11-06-2007 17:03:47 |
| phpbb security ile ilgili bi sorunum var! | fatihbaz | PhpBB | 2 | 22-02-2007 14:31:28 |
Normal
