Wednesday, June 22, 2022

Nginx Modsecurity OWASP - Redhat 7

Build Nginx + ModSecurity

1.      1.  Build Nginx

mkdir /opt/source

cd /opt/source

 wget http://nginx.org/download/nginx-1.18.0.tar.gz

 git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git

 tar -zxvf nginx-1.18.0.tar.gz

 cd  nginx-1.18.0

  ./configure --with-compat --add-dynamic-module=/usr/local/src/ModSecurity-nginx/

  make && make install

sudo ln -s /usr/lib64/nginx/modules /etc/nginx/modules

sudo useradd --system --home /var/cache/nginx --shell /sbin/nologin --comment "nginx user" --user-group nginx


sudo vim /etc/systemd/system/nginx.service

                [Unit]

                Description=nginx - high performance web server

                Documentation=https://nginx.org/en/docs/

                After=network-online.target remote-fs.target nss-lookup.target

                Wants=network-online.target

                [Service]

                Type=forking

                PIDFile=/var/run/nginx.pid

                ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf

                ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf

                ExecReload=/bin/kill -s HUP $MAINPID

                ExecStop=/bin/kill -s TERM $MAINPID

                [Install]

                WantedBy=multi-user.target

 

systemctl enable nginx

systemctl start nginx

 -----------------------------------------------------------------------------------------------------------------

1.     2.  Configure Nginx 

 

vi /etc/nginx/nginx.conf

load_module /usr/lib64/nginx/modules/ngx_http_modsecurity_module.so;

 

add the following code under the HTTP {} section as follows:

modsecurity on;

modsecurity_rules_file /etc/nginx/modsec/modsec-config.conf;

 

mkdir /etc/nginx/modsec


  cp /usr/local/src/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf

 

vi /etc/nginx/modsec/modsecurity.conf

               

                SecRuleEngine DetectionOnly

                SecRuleEngine On

                # Log everything we know about a transaction.

              SecAuditLogParts ABIJDEFHZ

vi /etc/nginx/modsec/modsec-config.conf

Include /etc/nginx/modsec/modsecurity.conf

sudo cp /usr/local/src/ModSecurity/unicode.mapping /etc/nginx/modsec/

 

sudo nginx -t

sudo systemctl restart nginx

 

 

Install OWASP Core Rule Set for ModSecurity

 

cd /etc/nginx/modsec/

wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.2.zip

unzip v3.3.2.zip

vi /etc/nginx/modsec/modsec-config.conf

Include /etc/nginx/modsec/coreruleset-3.3.2/crs-setup.conf

Include /etc/nginx/modsec/coreruleset-3.3.2/rules/*.conf

 

sudo nginx -t

sudo systemctl restart nginx

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
  • (no title)
    Nginx Access Logs to Grafana Config NGINX access logs   Add the following code under the HTTP {} section as follows:   vi /etc/ngi...
  • Nginx Modsecurity OWASP - Redhat 7
    Build Nginx + ModSecurity 1.       1.  Build Nginx mkdir /opt/source cd /opt/source   wget http://nginx.org/download/nginx-1.18.0....
  • (no title)
      Nginx ModSecurity OWASP Filebeat Redis Logstash GeoIP Elasticserch  and Grafana   RedHat 7 1.Redis   yum install redis systemctl...