instalasi web server di linux

April 7, 2010 by gregor · Leave a Comment
Filed under: PHP, apache, modsecurity 

Tutorial ini menggunakan sistem operasi linux fedora core 12 dan versi terbaru dari apache: httpd-2.2.15.tar.bz2, php: php-5.3.2.tar.bz2, modsecurity: modsecurity-apache_2.5.12.tar.gz, modsecurity core rules: modsecurity-crs_2.0.6.tar.gz

instalasi apache:
hapus apache bawaan fedora core 12
$ rpm -qa |grep httpd

httpd-tools-2.2.13-4.fc12.i686
httpd-2.2.13-4.fc12.i686

$ rpm -e gnome-user-share httpd httpd-tools

download apache terbaru
$ wget http://apache.the.net.id/httpd/httpd-2.2.15.tar.bz2
$ tar xjfv httpd-2.2.15.tar.bz2
$ cd httpd-2.2.15

Untuk menyamarkan web server yang dipakai (security in obscurity):

$ cd httpd-2.2.15/include
$ vi ap_release.h

#define AP_SERVER_BASEVENDOR “Apache Software Foundation” -> #define AP_SERVER_BASEVENDOR “software inc.”
#define AP_SERVER_BASEPRODUCT “Apache” -> #define AP_SERVER_BASEPRODUCT “webserv”

save and exit vi dengan perintah :wq
$ cd ..

$ ./configure –-prefix=/usr/local/apache2 –enable-so –enable-ssl –with-ldap –enable-ldap –enable-auth-ldap –disable-info –disable-status –disable-autoindex –disable-imap –disable-include –disable-userdir –enable-rewrite –enable-unique-id

$ make
$ make install
$ cat /etc/passwd |grep apache

jika ditemukan apache:

$vi /usr/local/apache2/conf/httpd.conf

ganti User dan Group daemon menjadi:

User apache
Group apache

save and exit vi

instalasi modsecurity:
$ wget http://nchc.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.5.12/modsecurity-apache_2.5.12.tar.gz
$ tar xzfv modsecurity-apache_2.5.12.tar.gz
$ cd modsecurity-apache_2.5.12/apache2
$ ./configure –with-apxs=/usr/local/apache2/bin/apxs

terjadi error sebagai berikut :


configure: looking for Apache module support via DSO through APXS
configure: found apxs at /usr/local/apache2/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script… no
configure: *** pcre library not found.
configure: error: pcre library is required

$ wget ftp://fr2.rpmfind.net/linux/fedora/releases/12/Everything/i386/os/Packages/pcre-devel-7.8-3.fc12.i686.rpm
$ rpm -ivh pcre-devel-7.8-3.fc12.i686.rpm
$ ./configure –with-apxs=/usr/local/apache2/bin/apxs

terjadi error lagi sebagai berikut :


configure: using ‘-lpcre’ for pcre Library
checking for libapr config script… no
configure: *** apr library not found.
configure: error: apr library is required

$ ./configure –with-apxs=/usr/local/apache2/bin/apxs –with-apr=/usr/local/apache2/bin/apr-1-config –with-apu=/usr/local/apache2/bin/apu-1-config
$ make
$ make install

$ vi httpd.conf
tambahkan baris-baris berikut :

LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua-5.1.so
LoadModule security2_module modules/mod_security2.so

save and exit vi
instalasi modsecurity core rules :

$ cd /usr/local/apache2
$ wget http://nchc.dl.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.0.6.tar.gz
$ tar xzfv modsecurity-crs_2.0.6.tar.gz
$ mv modsecurity-crs_2.0.6 modsecurity-crs
$ vi httpd.conf
tambahkan baris-baris berikut :

Include conf/modsecurity-crs/*.conf
Include conf/modsecurity-crs/base_rules/*.conf

save and exit vi

membuat startup script untuk apache :

$ vi /etc/rc.d/init.d/httpd2

tambahkan baris-baris berikut :

#!/bin/sh
#
# Startup script for the Apache Web Server
# chkconfig: 345 85 15
# description: Apache is a World Wide Web server.  It is used to serve \
#              HTML files and CGI.
# processname: httpd
# pidfile: /var/run/httpd.pid
# config: /usr/local/apache2/conf/access.conf
# config: /usr/local/apache2/conf/httpd.conf
# config: /usr/local/apache2/conf/srm.conf
# Source function library.
. /etc/rc.d/init.d/functions
case “$1″ in
’start’)
/usr/local/apache2/bin/apachectl start
;;
’stop’)
/usr/local/apache2/bin/apachectl stop
;;
‘restart’)
/usr/local/apache2/bin/apachectl restart
;;
*)
echo “Usage: $0 {start|stop|restart}”
exit 1
esac
exit 0

save and exit vi

$ chkconfig –add httpd2
$ service httpd2 start

httpd: Syntax error on line 55 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/lib/liblua5.1.s into server: /usr/lib/liblua5.1.s: cannot open shared object file: No such file or directory

$ wget ftp://fr2.rpmfind.net/linux/fedora/releases/12/Everything/i386/os/Packages/lua-devel-5.1.4-4.fc12.i686.rpm
$ rpm -Uvh lua-devel-5.1.4-4.fc12.i686.rpm
$ service httpd2 start

instalasi PHP :
$ wget http://id.php.net/distributions/php-5.3.2.tar.bz2
$ tar xjfv php-5.3.2.tar.bz2
$ cd php-5.3.2
$ ./configure –with-apxs2=/usr/local/apache2/bin/apxs –enable-magic-quotes –with-openssl –with-zlib –with-bz2 –enable-ftp –with-gd –enable-mbstring –with-freetype-dir –with-jpeg-dir

terjadi error sebagai berikut :
….
checking for fabsf… yes
checking for floorf… yes
configure: error: libjpeg.(a|so) not found.

insert fedora DVD and mount
$ cd /mnt/Packages
$ ls *jpeg*
$ rpm -Uvh libjpeg-6b-46.fc12.i686.rpm libjpeg-devel-6b-46.fc12.i686.rpm

lakukan configure lagi

$ make
$ make test
$ make install
$ cp php.ini-development /usr/local/lib/php.ini
$ vi /usr/local/lib/php.ini
sesuaikan beberapa opsi sebagai berikut :

expose_php = Off
display_erros = Off
short_open_tag = On

date.timezone = Asia/Jakarta

save and exit vi

$ mkdir /var/log/httpd
$ vi /usr/local/apache2/conf/httpd.conf

tambahkan baris-baris berikut :

LoadModule php5_module modules/libphp5.so
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
ErrorLog “/var/log/httpd/error_log”
CustomLog “/var/log/httpd/access_log” combined
DirectoryIndex index.php index.html

save and exit vi

$ service apache2 restart
$ cd /usr/local/apache2/conf/modsecurity-crs/base_rules
$ vi modsecurity_crs_50_outbound.conf

untuk menampilkan nomor baris pada vi berikan perintah :set number lalu cari baris 85 seperti berikut:

SecRule RESPONSE_BODY “!@pmFromFile modsecurity_50_outbound.data” \
“phase:4,rev:’2.0.6′,t:none,capture,t:urlDecodeUni,t:htmlEntityDecode,nolog,skipAfter:END_OUTBOUND_CHECK”

lalu edit menjadi :

SecRule RESPONSE_BODY “!@pmFromFile modsecurity_50_outbound.data” \
“phase:4,rev:’2.0.6′,t:none,capture,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,skipAfter:END_OUTBOUND_CHECK”

save and exit vi

$ cd /usr/local/apache2/conf/modsecurity-crs/
$ vi modsecurity_crs_10_config.conf

SecDefaultAction “phase:2,deny”

SecRuleEngine On

SecAuditEngine RelevantOnly
SecUploadDir /var/log/modsecurity/SecUploadDir
SecAuditLog /var/log/modsecurity/modsec_audit.log
SecAuditLogParts ABIFHZ
SecAuditLogStorageDir /var/log/modsecurity/SecAuditLogStorageDir
SecDebugLog /var/log/modsecurity/modsec_debug.log
SecDataDir /var/log/modsecurity/SecDataDir
SecTmpDir /var/log/modsecurity/SecTmpDir
SecDebugLogLevel 3

save and exit vi

$ mkdir /var/log/modsecurity
$ mkdir /var/log/modsecurity/SecTmpDir
$ mkdir /var/log/modsecurity/SecDataDir
$ mkdir /var/log/modsecurity/SecUploadDir
$ chown -R apache.apache /var/log/modsecurity
$ service apache2 restart

test instalasi dengan :

$ vi ls /usr/local/apache2/htdocs/test.php

<?php
echo “testing”;
?>

save and exit vi
dari browser panggil http://192.168.5.18/test.php. jika instalasi berhasil maka akan muncul testing

Tags: , ,

Firefox Indonesia 501 (Not Implemented) akses ke apache+modsecurity

March 2, 2010 by gregor · 3 Comments
Filed under: apache, modsecurity 

Seorang bernama Romi Hardiyanto yang mengaku sebagai anggota pelokalan Mozilla Firefox Bahasa Indonesia mengirimkan email yang memberitahukan bahwa web server kami menjawab 501 (Not Implemented) jika diakses dari Firefox Bahasa Indonesia. Menurut beliau ada yang harus dihapus sedikit pada rules modsecurity. Lakukan back up sebelum melakukan perubahan.

Rules yang dimaksud adalah nomer 950006 pada file modsecurity_crs_40_generic_attacks.conf  sebagai berikut:

# Command injection
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:’/(Cookie|Referer|X-OS-Prefs)/’|REQUEST_COOKIES|REQUEST_COOKIES_NAMES “(?:\b(?:(?:n(?:et(?:\b\W+?\blocalgroup|\.exe)|(?:map|c)\.exe)|t(?:racer(?:oute|t)|elnet\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\.exe|echo\b\W*?\by+)\b|c(?:md(?:(?:32)?\.exe\b|\b\W*?\/c)|d(?:\b\W*?[\\\/]|\W*?\.\.)|hmod.{0,40}?\+.{0,3}x))|[\;\|\`]\W*?\b(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)\b|g(?:\+\+|cc\b))|\/(?:c(?:h(?:grp|mod|own|sh)|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|g(?:\+\+|cc)|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)(?:[\'\"\|\;\`\-\s]|$))” \
“capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’System Command Injection. Matched signature <%{TX.0}>’,,id:’950006′,severity:’2′”

Ada 2 bagian yang harus dihapus, yang saya beri cetak tebal dan dicoret (|id) sehingga menjadi :

# Command injection
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:’/(Cookie|Referer|X-OS-Prefs)/’|REQUEST_COOKIES|REQUEST_COOKIES_NAMES “(?:\b(?:(?:n(?:et(?:\b\W+?\blocalgroup|\.exe)|(?:map|c)\.exe)|t(?:racer(?:oute|t)|elnet\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\.exe|echo\b\W*?\by+)\b|c(?:md(?:(?:32)?\.exe\b|\b\W*?\/c)|d(?:\b\W*?[\\\/]|\W*?\.\.)|hmod.{0,40}?\+.{0,3}x))|[\;\|\`]\W*?\b(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo)\b|g(?:\+\+|cc\b))|\/(?:c(?:h(?:grp|mod|own|sh)|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|g(?:\+\+|cc)|(?:xte)?rm|ls(?:of)?|telnet|uname|echo)(?:[\'\"\|\;\`\-\s]|$))” \
“capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’System Command Injection. Matched signature <%{TX.0}>’,,id:’950006′,severity:’2′”

Simpan perubahan tersebut dan restart apache. Terima kasih mas Romi.

Tags: , ,