Chebe Apache megide Brute Force ma ọ bụ mwakpo DDoS Iji Mod_Security na Mod_evasive Modules
Maka ndị n'ime gị na azụmahịa nnabata, ma ọ bụ ọ bụrụ na ị na-akwado sava nke gị ma na-ekpughere ha na ịntanetị, ichekwa usoro gị megide ndị na-awakpo ga-abụ ihe kacha mkpa.
mod_security (nchọta intrusion mepere emepe na injin mgbochi maka ngwa webụ nke na-ejikọta nke ọma na sava weebụ) na mod_evasive bụ ngwa abụọ dị oke mkpa enwere ike iji chebe sava weebụ. megide ike brute ma ọ bụ (D) DoS ọgụ.
mod_evasive, dị ka aha ya na-egosi, na-enye ike mgbapụ mgbe a na-awakpo ya, na-eme dị ka nche anwụ na-echebe sava weebụ pụọ na ihe iyi egwu dị otú ahụ.
N'isiokwu a, anyị ga-atụle otu esi etinye, hazie, ma tinye ha na Apache na RHEL/CentOS 8 na 7 yana Fedora. Na mgbakwunye, anyị ga-eṅomi ọgụ iji chọpụta na ihe nkesa na-emeghachi omume.
Nke a na-eche na ị nwere ihe nkesa LAMP arụnyere na sistemụ gị. Ọ bụrụ na ọ bụghị, biko lelee akụkọ a tupu ịga n'ihu.
- Otu esi etinye sava LAMP na CentOS 8
- Otu esi etinye ngwugwu LAMP na RHEL/CentOS 7
Ị ga-achọkwa ịtọlite iptables dị ka njedebe firewall ndabara kama ị na-agba ọsọ RHEL/CentOS 8/7 ma ọ bụ Fedora. Anyị na-eme nke a iji jiri otu ngwá ọrụ na RHEL/CentOS 8/7 na Fedora.
Kwụpụ 1: Wụnye Iptables Firewall na RHEL/CentOS 8/7 na Fedora
Iji malite, kwụsị ma gbanyụọ firewalld:
# systemctl stop firewalld # systemctl disable firewalld
Wee wụnye ngwungwu iptables-services tupu ịmee iptables:
# yum update && yum install iptables-services # systemctl enable iptables # systemctl start iptables # systemctl status iptables
Nzọụkwụ 2: Ịwụnye Mod_Security na Mod_evasive
Na mgbakwunye na ịnwe ntọala LAMP adịlarị, ị ga-emekwa ka ebe nchekwa EPEL dị na RHEL/CentOS 8/7 iji wụnye ngwugwu abụọ a. Ndị ọrụ Fedora adịghị mkpa ịmegharị repo ọ bụla, n'ihi na epel abụworị akụkụ nke Fedora Project.
# yum update && yum install mod_security mod_evasive --------------- CentOS/RHEL 8 --------------- # dnf install https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-1.el8.noarch.rpm # dnf --enablerepo=raven-extras install mod_evasive
Mgbe echichi mechara, ị ga-ahụ faịlụ nhazi maka ngwaọrụ abụọ ahụ na /etc/httpd/conf.d.
# ls -l /etc/httpd/conf.d
Ugbu a, iji jikọta modul abụọ a na Apache ma mee ka ọ buru ha mgbe ọ malitere, jide n'aka na ahịrị ndị a pụtara na mpaghara elu nke mod_evasive.conf na mod_security.conf, n'otu n'otu:
LoadModule evasive20_module modules/mod_evasive24.so LoadModule security2_module modules/mod_security2.so
Rịba ama na modules/mod_security2.so na modul/mod_evasive24.so bụ ụzọ ndị ikwu, site na /etc/httpd ndekọ gaa na faịlụ isi mmalite. nke modul. Ị nwere ike nyochaa nke a (ma gbanwee ya, ọ bụrụ na ọ dị mkpa) site na ịdepụta ọdịnaya nke /etc/httpd/modules ndekọ:
# cd /etc/httpd/modules # pwd # ls -l | grep -Ei '(evasive|security)'
Mgbe ahụ malitegharịa Apache wee chọpụta na ọ na-ebu mod_evasive na mod_security:
# systemctl restart httpd
Tụfuo ndepụta Static na Modul Ekekọrịtara.
# httpd -M | grep -Ei '(evasive|security)'
Kwụpụ 3: Wụnye A Core Rule Set na Configuring Mod_Security
N'okwu ole na ole, Core Rule Set (aka CRS) na-enye sava weebụ ntụziaka maka otu esi eme omume n'okpuru ọnọdụ ụfọdụ. Ụlọ ọrụ mmepụta nke mod_security na-enye CRS n'efu a na-akpọ OWASP(Open Web Application Security Project) ModSecurity CRS nke enwere ike ibudata ma tinye ya dị ka ndị a.
1. Budata OWASP CRS gaa na ndekọ ahaziri maka ebumnuche ahụ.
# mkdir /etc/httpd/crs-tecmint # cd /etc/httpd/crs-tecmint # wget -c https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0.tar.gz -O master
2. Wepụ faịlụ CRS wee gbanwee aha ndekọ aha maka otu n'ime anyị dị mma.
# tar xzf master # mv owasp-modsecurity-crs-3.2.0 owasp-modsecurity-crs
3. Ugbu a ọ bụ oge ịhazi mod_security. Jiri iwu detuo faịlụ nlele (owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example) n'ime faịlụ ọzọ na-enweghị ndọtị .ihe atụ:
# cd owasp-modsecurity-crs/ # cp crs-setup.conf.example crs-setup.conf
ma gwa Apache ka iji faịlụ a yana modul site na ịtinye ahịrị ndị a na faịlụ nhazi isi nke sava weebụ /etc/httpd/conf/httpd.conf faịlụ. Ọ bụrụ n’ịhọrọ ibupu tarball na akwụkwọ ndekọ aha ọzọ, ị ga-achọ idezi ụzọ ndị a na-eso Gụnye ntuziaka:
<IfModule security2_module>
Include crs-tecmint/owasp-modsecurity-crs/crs-setup.conf
Include crs-tecmint/owasp-modsecurity-crs/rules/*.conf
</IfModule>
N'ikpeazụ, a na-atụ aro ka anyị mepụta faịlụ nhazi nke anyị n'ime /etc/httpd/modsecurity.d ndekọ ebe anyị ga-etinye ntụziaka ahaziri (anyị ga-akpọ ya tecmint.conf b> na ihe atụ na-esonụ) kama ịgbanwe faịlụ CRS ozugbo. Ime nke a ga-enye ohere maka nkwalite CRS dị mfe ka ewepụtara ụdị ọhụrụ.
<IfModule mod_security2.c> SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess On SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream SecDataDir /tmp </IfModule>
Ị nwere ike ịtu aka na ebe nchekwa SpiderLabs'ModSecurity GitHub maka ntụzịaka nhazi nkọwa zuru oke nke mod_security.
Kwụpụ 4: Na-ahazi Mod_Evasive
A na-ahazi mod_evasive site na iji ntuziaka na /etc/httpd/conf.d/mod_evasive.conf. Ebe ọ bụ na enweghị iwu imelite n'oge nkwalite ngwungwu, anyị achọghị faịlụ dị iche iji gbakwunye ntụzịaka ahaziri iche, na-emegide mod_security.
Faịlụ mod_evasive.conf nke ndabara nwere ntụzịaka ndị a enyere aka (rịba ama na ekwupụtala nke ukwuu, yabụ anyị ewepụla ihe ndị a iji gosipụta ntuziaka nhazi dị n'okpuru):
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
Nkọwa nke ntuziaka:
- DOSHashTableSize: Ntuziaka a na-akọwapụta nha tebụl hash nke a na-eji echekwa ọrụ na ndabere adreesị IP kwa ọ bụla. Ịbawanye ọnụọgụgụ a ga-enye nyocha ngwa ngwa nke saịtị ndị ahịa gara n'oge gara aga, mana nwere ike imetụta arụmọrụ n'ozuzu ya ma ọ bụrụ na edobere ya nke ukwuu.
- DOSPageCount: Ọnụọgụ ziri ezi nke arịọrọ arịrịọ maka otu URI (dịka ọmụmaatụ, faịlụ ọ bụla Apache na-enye) nke onye ọbịa nwere ike ime n'ofe oge DOSPageInterval.
- DOSSiteCount: Yiri DOSPageCount, mana na-ezo aka n'ozuzu arịrịọ ole enwere ike ịrịọ saịtị ahụ n'ofe oge DOSSiteInterval.
- Oge DOSBlocking: Ọ bụrụ na onye ọbịa gafere oke nke DOSSPageCount ma ọ bụ DOSSiteCount setịpụrụ, a ga-edobe adreesị IP isi mmalite ya n'ime oge DOSBlockingPeriod. N'oge DOSBlockingPeriod, arịrịọ ọ bụla sitere na adreesị IP ahụ ga-ezute mperi 403 amachibidoro.
Enwere onwe gị ịnwale ụkpụrụ ndị a ka sava weebụ gị wee nwee ike ijikwa ego achọrọ na ụdị okporo ụzọ achọrọ.
Naanị obere caveat: ọ bụrụ na edoghị ụkpụrụ ndị a nke ọma, ị na-enwe ihe ize ndụ nke ịkwụsị igbochi ndị ọbịa ziri ezi.
Ị nwekwara ike ịchọ ịtụle ntuziaka ndị ọzọ bara uru:
Ọ bụrụ na ị nwere ihe nkesa ozi na-agba ọsọ, ị nwere ike izipu ozi ịdọ aka ná ntị site na Apache. Rịba ama na ị ga-achọ ịnye onye ọrụ apache SELinux ikike izipu ozi-e ma ọ bụrụ na edobere SELinux ka ọ manye. Ị nwere ike ime ya site n'ịgba ọsọ
# setsebool -P httpd_can_sendmail 1
Ọzọ, tinye ntuziaka a na faịlụ mod_evasive.conf yana ntuziaka ndị ọzọ ndị ọzọ:
DOSEmailNotify [email
Ọ bụrụ na edobere uru a na ihe nkesa ozi gị na-arụ ọrụ nke ọma, a ga-eziga email na adreesị akọwapụtara mgbe ọ bụla adreesị IP ga-edeba aha ojii.
Nke a chọrọ iwu sistemụ dị ka arụmụka,
DOSSystemCommand </command>
Ntuziaka a na-akọwapụta iwu a ga-eme mgbe ọ bụla adreesị IP ga-edeba aha ojii. A na-ejikarị ya na ederede shei na-agbakwụnye iwu firewall iji gbochie njikọ ndị ọzọ na-abịa site na adreesị IP ahụ.
Mgbe adreesị IP ghọrọ aha ojii, anyị kwesịrị igbochi njikọ ndị ga-abịa na ya n'ọdịnihu. Anyị ga-eji edemede shei a na-arụ ọrụ a. Mepụta ndekọ aha ya bụ scripts-tecmint (ma ọ bụ aha ọ bụla ị họọrọ) na /usr/local/bin yana faịlụ akpọrọ ban_ip.sh n'ime ndekọ ahụ.
#!/bin/sh # IP that will be blocked, as detected by mod_evasive IP=$1 # Full path to iptables IPTABLES="/sbin/iptables" # mod_evasive lock directory MOD_EVASIVE_LOGDIR=/var/log/mod_evasive # Add the following firewall rule (block all traffic coming from $IP) $IPTABLES -I INPUT -s $IP -j DROP # Remove lock file for future checks rm -f "$MOD_EVASIVE_LOGDIR"/dos-"$IP"
Ntuziaka anyị DOSSystemCommand kwesịrị ịgụ ka ndị a:
DOSSystemCommand "sudo /usr/local/bin/scripts-tecmint/ban_ip.sh %s"
N'ahịrị dị n'elu, %s na-anọchi anya IP na-akpasu iwe dịka mod_evasive chọtara ya.
Rịba ama na ihe ndị a niile agaghị arụ ọrụ ọ gwụla ma ị nyere ikike onye ọrụ apache iji mee edemede anyị (na naanị edemede ahụ!) na-enweghị ọnụ na paswọọdụ. Dị ka ọ dị na mbụ, ị nwere ike pịnye visudo ka mgbọrọgwụ iji nweta faịlụ /etc/sudoers wee tinye ahịrị 2 ndị a dị ka egosiri na foto dị n'okpuru:
apache ALL=NOPASSWD: /usr/local/bin/scripts-tecmint/ban_ip.sh Defaults:apache !requiretty
DỊ MKPA: Dị ka amụma nchekwa ndabara, naanị ị nwere ike ịgba sudo na ọdụ. Ebe ọ bụ na n'okwu a, anyị kwesịrị iji sudo na-enweghị tty, anyị ga-akọwapụta ahịrị nke e mere ka ọ pụta ìhè na foto a:
#Defaults requiretty
N'ikpeazụ, malitegharịa sava weebụ:
# systemctl restart httpd
Kwụpụ 4: Ịmepụta mwakpo DDoS na Apache
Enwere ọtụtụ ngwaọrụ ị nwere ike iji mee ka mbuso agha mpụga na sava gị. Ị nwere ike naanị google maka \ngwaọrụ maka ịmegharị ọgụ ddos ka ịchọta ọtụtụ n'ime ha.
Rịba ama na gị, na naanị gị, ga-aza ajụjụ maka nsonaazụ simulation gị. Echela echiche ịmalite mbuso agha simulated na sava nke ị na-adịghị akwado na netwọk nke gị.
Ọ bụrụ na ịchọrọ ime otu ihe ahụ na VPS nke onye ọzọ na-akwado, ịkwesịrị ịdọ aka ná ntị nke ọma na onye na-eweta gị ma ọ bụ rịọ ikike maka iju mmiri dị otú ahụ iji gafee netwọk ha. linux-console.net abụghị, n'ụzọ ọ bụla, na-ahụ maka omume gị!
Na mgbakwunye, ịmalite mwakpo DoS simulated sitere na naanị otu onye ọbịa anaghị anọchi anya ọgụ n'ezie. Iji mee ka ihe dị otú ahụ, ị ga-achọ ịchụso ihe nkesa gị n'aka ọtụtụ ndị ahịa n'otu oge.
Gburugburu ule anyị nwere ihe nkesa CentOS 7 [IP 192.168.0.17] yana ndị ọbịa Windows nke anyị ga-esi malite mwakpo ahụ [IP 192.168.0.103]:
Biko kpọọ vidiyo dị n'okpuru ma soro usoro ndị akọwapụtara n'usoro egosipụtara iji mee ka mwakpo DoS dị mfe:
Mgbe ahụ iptables na-egbochi IP na-akpasu iwe:
Mmechi
Site na mod_security na mod_evasive agbanyere, mbuso agha simulated na-eme ka CPU na RAM nwalee na obere oge ojiji kacha elu maka naanị sekọnd ole na ole tupu edobe IPs isi iyi na firewall gbochie ya. Enweghị ngwaọrụ ndị a, ịme anwansị ahụ ga-akụtu ihe nkesa ahụ ngwa ngwa ma mee ka ọ ghara ịdị irè n'oge oge ọgụ ahụ.
Ọ ga-amasị anyị ịnụ ma ị na-eme atụmatụ iji (ma ọ bụ jiri n'oge gara aga) ngwaọrụ ndị a. Anyị na-atụ anya ịnụ gị mgbe niile, yabụ egbula oge ịhapụ nkwupụta gị na ajụjụ gị, ọ bụrụ na ọ bụla, jiri ụdị dị n'okpuru.