instalasi web server di linux
Tutorial ini menggunakan sistem operasi linux fedora core 12 dan versi terbaru dari apache: httpd-2.2.15.tar.bz2, php: php-5.3.2.tar.bz2, modsecurity: modsecurity-apache_2.5.12.tar.gz, modsecurity core rules: modsecurity-crs_2.0.6.tar.gz
instalasi apache:
hapus apache bawaan fedora core 12
$ rpm -qa |grep httpd
httpd-tools-2.2.13-4.fc12.i686
httpd-2.2.13-4.fc12.i686
$ rpm -e gnome-user-share httpd httpd-tools
download apache terbaru
$ wget http://apache.the.net.id/httpd/httpd-2.2.15.tar.bz2
$ tar xjfv httpd-2.2.15.tar.bz2
$ cd httpd-2.2.15
Untuk menyamarkan web server yang dipakai (security in obscurity):
$ cd httpd-2.2.15/include
$ vi ap_release.h
#define AP_SERVER_BASEVENDOR “Apache Software Foundation” -> #define AP_SERVER_BASEVENDOR “software inc.”
#define AP_SERVER_BASEPRODUCT “Apache” -> #define AP_SERVER_BASEPRODUCT “webserv”
save and exit vi dengan perintah :wq
$ cd ..
$ ./configure –-prefix=/usr/local/apache2 –enable-so –enable-ssl –with-ldap –enable-ldap –enable-auth-ldap –disable-info –disable-status –disable-autoindex –disable-imap –disable-include –disable-userdir –enable-rewrite –enable-unique-id
$ make
$ make install
$ cat /etc/passwd |grep apache
jika ditemukan apache:
$vi /usr/local/apache2/conf/httpd.conf
ganti User dan Group daemon menjadi:
User apache
Group apache
save and exit vi
instalasi modsecurity:
$ wget http://nchc.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.5.12/modsecurity-apache_2.5.12.tar.gz
$ tar xzfv modsecurity-apache_2.5.12.tar.gz
$ cd modsecurity-apache_2.5.12/apache2
$ ./configure –with-apxs=/usr/local/apache2/bin/apxs
terjadi error sebagai berikut :
…
…
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /usr/local/apache2/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script… no
configure: *** pcre library not found.
configure: error: pcre library is required
$ wget ftp://fr2.rpmfind.net/linux/fedora/releases/12/Everything/i386/os/Packages/pcre-devel-7.8-3.fc12.i686.rpm
$ rpm -ivh pcre-devel-7.8-3.fc12.i686.rpm
$ ./configure –with-apxs=/usr/local/apache2/bin/apxs
terjadi error lagi sebagai berikut :
…
…
configure: using ‘-lpcre’ for pcre Library
checking for libapr config script… no
configure: *** apr library not found.
configure: error: apr library is required
$ ./configure –with-apxs=/usr/local/apache2/bin/apxs –with-apr=/usr/local/apache2/bin/apr-1-config –with-apu=/usr/local/apache2/bin/apu-1-config
$ make
$ make install
$ vi httpd.conf
tambahkan baris-baris berikut :
LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua-5.1.so
LoadModule security2_module modules/mod_security2.so
save and exit vi
instalasi modsecurity core rules :
$ cd /usr/local/apache2
$ wget http://nchc.dl.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.0.6.tar.gz
$ tar xzfv modsecurity-crs_2.0.6.tar.gz
$ mv modsecurity-crs_2.0.6 modsecurity-crs
$ vi httpd.conf
tambahkan baris-baris berikut :
Include conf/modsecurity-crs/*.conf
Include conf/modsecurity-crs/base_rules/*.conf
save and exit vi
membuat startup script untuk apache :
$ vi /etc/rc.d/init.d/httpd2
tambahkan baris-baris berikut :
#!/bin/sh
#
# Startup script for the Apache Web Server
# chkconfig: 345 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /var/run/httpd.pid
# config: /usr/local/apache2/conf/access.conf
# config: /usr/local/apache2/conf/httpd.conf
# config: /usr/local/apache2/conf/srm.conf
# Source function library.
. /etc/rc.d/init.d/functions
case “$1″ in
’start’)
/usr/local/apache2/bin/apachectl start
;;
’stop’)
/usr/local/apache2/bin/apachectl stop
;;
‘restart’)
/usr/local/apache2/bin/apachectl restart
;;
*)
echo “Usage: $0 {start|stop|restart}”
exit 1
esac
exit 0
save and exit vi
$ chkconfig –add httpd2
$ service httpd2 start
httpd: Syntax error on line 55 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/lib/liblua5.1.s into server: /usr/lib/liblua5.1.s: cannot open shared object file: No such file or directory
$ wget ftp://fr2.rpmfind.net/linux/fedora/releases/12/Everything/i386/os/Packages/lua-devel-5.1.4-4.fc12.i686.rpm
$ rpm -Uvh lua-devel-5.1.4-4.fc12.i686.rpm
$ service httpd2 start
instalasi PHP :
$ wget http://id.php.net/distributions/php-5.3.2.tar.bz2
$ tar xjfv php-5.3.2.tar.bz2
$ cd php-5.3.2
$ ./configure –with-apxs2=/usr/local/apache2/bin/apxs –enable-magic-quotes –with-openssl –with-zlib –with-bz2 –enable-ftp –with-gd –enable-mbstring –with-freetype-dir –with-jpeg-dir
terjadi error sebagai berikut :
….
checking for fabsf… yes
checking for floorf… yes
configure: error: libjpeg.(a|so) not found.
insert fedora DVD and mount
$ cd /mnt/Packages
$ ls *jpeg*
$ rpm -Uvh libjpeg-6b-46.fc12.i686.rpm libjpeg-devel-6b-46.fc12.i686.rpm
lakukan configure lagi
$ make
$ make test
$ make install
$ cp php.ini-development /usr/local/lib/php.ini
$ vi /usr/local/lib/php.ini
sesuaikan beberapa opsi sebagai berikut :
expose_php = Off
display_erros = Off
short_open_tag = On
date.timezone = Asia/Jakarta
save and exit vi
$ mkdir /var/log/httpd
$ vi /usr/local/apache2/conf/httpd.conf
tambahkan baris-baris berikut :
LoadModule php5_module modules/libphp5.so
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
ErrorLog “/var/log/httpd/error_log”
CustomLog “/var/log/httpd/access_log” combined
DirectoryIndex index.php index.html
save and exit vi
$ service apache2 restart
$ cd /usr/local/apache2/conf/modsecurity-crs/base_rules
$ vi modsecurity_crs_50_outbound.conf
untuk menampilkan nomor baris pada vi berikan perintah :set number lalu cari baris 85 seperti berikut:
SecRule RESPONSE_BODY “!@pmFromFile modsecurity_50_outbound.data” \
“phase:4,rev:’2.0.6′,t:none,capture,t:urlDecodeUni,t:htmlEntityDecode,nolog,skipAfter:END_OUTBOUND_CHECK”
lalu edit menjadi :
SecRule RESPONSE_BODY “!@pmFromFile modsecurity_50_outbound.data” \
“phase:4,rev:’2.0.6′,t:none,capture,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,skipAfter:END_OUTBOUND_CHECK”
save and exit vi
$ cd /usr/local/apache2/conf/modsecurity-crs/
$ vi modsecurity_crs_10_config.conf
SecDefaultAction “phase:2,deny”
SecRuleEngine On
SecAuditEngine RelevantOnly
SecUploadDir /var/log/modsecurity/SecUploadDir
SecAuditLog /var/log/modsecurity/modsec_audit.log
SecAuditLogParts ABIFHZ
SecAuditLogStorageDir /var/log/modsecurity/SecAuditLogStorageDir
SecDebugLog /var/log/modsecurity/modsec_debug.log
SecDataDir /var/log/modsecurity/SecDataDir
SecTmpDir /var/log/modsecurity/SecTmpDir
SecDebugLogLevel 3
save and exit vi
$ mkdir /var/log/modsecurity
$ mkdir /var/log/modsecurity/SecTmpDir
$ mkdir /var/log/modsecurity/SecDataDir
$ mkdir /var/log/modsecurity/SecUploadDir
$ chown -R apache.apache /var/log/modsecurity
$ service apache2 restart
test instalasi dengan :
$ vi ls /usr/local/apache2/htdocs/test.php
<?php
echo “testing”;
?>
save and exit vi
dari browser panggil http://192.168.5.18/test.php. jika instalasi berhasil maka akan muncul testing
Firefox Indonesia 501 (Not Implemented) akses ke apache+modsecurity
Seorang bernama Romi Hardiyanto yang mengaku sebagai anggota pelokalan Mozilla Firefox Bahasa Indonesia mengirimkan email yang memberitahukan bahwa web server kami menjawab 501 (Not Implemented) jika diakses dari Firefox Bahasa Indonesia. Menurut beliau ada yang harus dihapus sedikit pada rules modsecurity. Lakukan back up sebelum melakukan perubahan.
Rules yang dimaksud adalah nomer 950006 pada file modsecurity_crs_40_generic_attacks.conf sebagai berikut:
# Command injection
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:’/(Cookie|Referer|X-OS-Prefs)/’|REQUEST_COOKIES|REQUEST_COOKIES_NAMES “(?:\b(?:(?:n(?:et(?:\b\W+?\blocalgroup|\.exe)|(?:map|c)\.exe)|t(?:racer(?:oute|t)|elnet\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\.exe|echo\b\W*?\by+)\b|c(?:md(?:(?:32)?\.exe\b|\b\W*?\/c)|d(?:\b\W*?[\\\/]|\W*?\.\.)|hmod.{0,40}?\+.{0,3}x))|[\;\|\`]\W*?\b(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)\b|g(?:\+\+|cc\b))|\/(?:c(?:h(?:grp|mod|own|sh)|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|g(?:\+\+|cc)|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)(?:[\'\"\|\;\`\-\s]|$))” \
“capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’System Command Injection. Matched signature <%{TX.0}>’,,id:’950006′,severity:’2′”
Ada 2 bagian yang harus dihapus, yang saya beri cetak tebal dan dicoret (|id) sehingga menjadi :
# Command injection
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:’/(Cookie|Referer|X-OS-Prefs)/’|REQUEST_COOKIES|REQUEST_COOKIES_NAMES “(?:\b(?:(?:n(?:et(?:\b\W+?\blocalgroup|\.exe)|(?:map|c)\.exe)|t(?:racer(?:oute|t)|elnet\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\.exe|echo\b\W*?\by+)\b|c(?:md(?:(?:32)?\.exe\b|\b\W*?\/c)|d(?:\b\W*?[\\\/]|\W*?\.\.)|hmod.{0,40}?\+.{0,3}x))|[\;\|\`]\W*?\b(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo)\b|g(?:\+\+|cc\b))|\/(?:c(?:h(?:grp|mod|own|sh)|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|g(?:\+\+|cc)|(?:xte)?rm|ls(?:of)?|telnet|uname|echo)(?:[\'\"\|\;\`\-\s]|$))” \
“capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’System Command Injection. Matched signature <%{TX.0}>’,,id:’950006′,severity:’2′”
Simpan perubahan tersebut dan restart apache. Terima kasih mas Romi.
email di squirrelmail tidak tampil
Hari ini seorang teman menelpon dan bercerita bahwa webmailnya yang menggunakan squirrelmail tidak bisa menampilkan satu pesan dari sang boss. Padahal email tersebut dikirim oleh sang boss untuk beberapa orang. Setiap kali mencoba untuk membuka email itu, yang tampil bukannya pesan dari sang boss tapi hanya halaman kosong.
Saya kemudian mencoba untuk mencari penyebabnya. Awalnya saya mengira penyebabnya adalah format nama file yang tidak biasa. Pesan tersebut memiliki format :
1246937323.M970733P17813V0000000000000803I0008FEF9_0.somedomain.com,S=1317:2,
padahal biasanya format nama file adalah :
1246846105.27436.somedomain.com,S=1207:2,
tapi ternyata tidak juga. karena setelah dibandingkan, pada beberapa penerima formatnya ada yang biasa tapi tidak bisa tampil juga.
Selanjutnya yang bisa jadi penyebab adalah ukuran file yang terlalu besar. Pesan si boss memiliki ukuran file 8,5Mb. Saya lalu mencari-cari di log file untuk menemukan error yang kira-kira ada hubungannya dengan ukuran file yang besar. Di error log apache ada pesan seperti berikut :
Allowed memory size of 33554432 bytes exhausted (tried to allocate 140 bytes)
Agar lebih yakin bahwa pesan error tersebut memang diakibatkan jika membuka email si boss maka saya tail -f error_log lalu mencoba membukan email si boss dari webmail. Ternyata pesan error tersebut muncul lagi.
Mbah google memberi nasihat untuk mengedit php.ini dan mengganti memory_limit dengan angka yang lebih besar. Maka saya ganti menjadi memory_limit = 64M lalu restart apache. Mbah google memang benar, sekarang email dari si boss sudah bisa tampil.
Terima kasih mbah google……
captcha-ready server script tester
just the other day my friend, a programmer, complained that he couldn’t got captcha work for his new application. he thought that it was the web server that had no gd library. so he asked my other friend, the server’s sysadmin, to install the library. and the sysadmin did so. a few moments later the programmer called again and said that it was still not working.
the sysadmin then asked me to check if other library might be needed to make captcha work on the new web server. so i did the check, all requirements seemed to be there already and captcha should be working. why didn’t it work? i asked uncle google for help and i found this website that provides free scripts to generate captcha. it also has a script to test whether a server is good enough for captcha. so i download the script and put it on the web server and execute it.
and whalaa…. the server’s not ready for captcha.
what could be wrong? then i tried my old trick…. restart apache. and finally it worked. my friend forgot to restart apache. we should always restart apache when there’s a configuration change. btw i think the script is very useful to test whether a web server is ready for captcha or not. we can use it to make sure that everything is ok before blaming the programmer that it’s his code that’s broken 
Related articles by Zemanta
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=bfff8e54-0ae2-419b-b909-b45dcc489f5f)
Bad Request caused by modsecurity core rules
today a user tried to import (upload) a mysql database using phpmydmin. an error like this showed up:
Bad Request
Your browser sent a request that this server could not understand
i cheked the apache’s error log file and found some lines indicating that it had something to do with modsecurity. those lines got REQBODY_PROCESSOR_ERROR in them so i checked modsecurity configuration files :
$ grep REQBODY_PROCESSOR_ERROR modsecurity*conf
the search found it in
modsecurity_crs_20_protocol_violations.conf file so i did :
$ vi modsecurity_crs_20_protocol_violations.conf
and found a rule like this :
SecRule REQBODY_PROCESSOR_ERROR “!@eq 0″ “t:none,deny,log,auditlog,status:400,msg:’Invalid request body’,,id:’960912′,severity:’2′”
i then red the modsecurity reference and found answer that deny can be changed with pass to continue processing with the next rule. so i changed deny with pass, saved the file and exit. restart apache to make the change take effect and then tested it. no error, the import process was success.
but i will have to change it back to deny again as soon as the guy finish his database import.
i think this case is not only for phpmyadmin but also any applications that requires uploading.
