Sedang di susun artikelnya .... brb
[get this widget]
Wednesday, February 15, 2012
Freebsd, Tomcat , Audit Console ( mod security log berbasis grafis )
Friday, November 11, 2011
openbsd 4.2 , php4 ( lawas ) dan mod security 1.9
Kalau melihat judul di atas, terlintas pasti di pikiran bro n sis "ini artikel jadul bgt .. " ... hiks 3x * benar bgt ding *
Yah boleh jadi karena teman sebelah ( baca : *progra**er" ) sudah terlalu overload beban kerjanya, sehingga tidak sempat merubah kode program yang jalan di php4 ke php 5.2 atau 5.3.
Permasalahan pertama timbul dgn dukungan support untuk php4 yg rata2 sudah usang. Untuk freebsd cuman support cukup sampai di versi 6.4 saja. Install php4, php4-extension dari port gagal ditengah jalan cuman begitu masuk paket libxml2 selalu muncul pesan error sbb : ../../.libs/libxml2.so: undefined reference to `pthread_equal' .... *hammer this bug* , di 6.3 pun sama pesan error tetap muncul.
Untuk freebsd terpaksa saya menyerah ( karena diriku sudah terlanjur cinta dengan port ), malas pasang paket dari tarball :D
Beralih ke Openbsd yang kata orang2 pintar di per "IT" an itu mainannnya para Geek ( saya mah dari dulu newbie terus, gak pernah naik level )
Di ikan buntal ini php4 terakhir di support pada openbsd 4.2, versi 4.3 sudah full migrasi ke php5.
Untuk PKG_PATH ketemu disini :
http://ftp.ciputra.ac.id/pub/OpenBSD/4.2/packages/
kalau pakai merk kampus cap gajah duduk punya sering putus n bwnya dilimit ... hihihi
Mengenai detil installasi ada di 1 dan 2
paket dasarnya cukup yg php4-core-4.x.x.tar.gz
Mengenai mod security, karena sudah terbiasa pakai yg versi 2.1 dan 2.5 di apache 22 ( freebsd ). Cukup terkaget2 juga karena openbsd hanya support mod sec 1.9 yg hanya jalan di apache 1.3, google sana sini rupanya Theo cs kurang sreg dengan licensi GPL nya apache 2.0 dan 2.2. Makanya tetap saja panteng di versi 1.3.26 terus.
Untuk mod sec 1.9 jangan berharap dukungan modsecurity*.conf seperti yg ada di versi 2.1 dan 2.5, kalau mau ambil dari pihak ketiga
Sempat keki juga sudah pakai rule dari gotroot.com sedikit sekali yg berhasil difilter ... *gedubrakkkk*
[11/Nov/2011:14:15:57 +0700] [xxx.xxxxxx.ac.id/sid#7f04788c][rid#83a2f034][/password][1] Warning. Pattern match ".*" at REQUEST_URI [id "330000"][rev "1"] [msg "Notice: The rules you are running are extremely out of date, visit http://www.gotroot.com to download supported and up to date rules."] [severity "ALERT"]
[11/Nov/2011:14:18:40 +0700] [xxx.xxxxxx.ac.id/sid#7f04788c][rid#83a2f034][/6797666.aspx][1] Warning. Pattern match ".*" at REQUEST_URI [id "330000"][rev "1"] [msg "Notice: The rules you are running are extremely out of date, visit http://www.gotroot.com to download supported and up to date rules."] [severity "ALERT"]
........
........
........
Capek deh pakai aplikasi yg sudah gak di support lagi :(
Tetap semangat, google sana sini ... trial - error , akhirnya ketemu settingan rule yang bagus dimana rule ini embedded lsg ke httpd.conf tidak terpisah spt di versi 2.1 dan 2.5
berikut syntaxnya :
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly
SecFilterEngine On
# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "~guess "
SecFilterSelective THE_REQUEST "~nobody "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links dumpcharset "
SecFilterSelective THE_REQUEST "links dumpwidth "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "/../../ "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1
SecServerResponseToken Off
#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"
# Accept almost all byte values
SecFilterForceByteRange 1 255
# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "HIHIHIHIHI ... WIS OJO NESU-NESU"
#SecUploadDir /tmp
#SecUploadKeepFiles Off
# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
# You normally won't need debug logging
SecFilterDebugLevel 1
SecFilterDebugLog logs/modsec_debug_log
#Use one rules - Remove # to active Rules
# V1.0
Include /var/www/htdocs/modsec/apache1/jitp.conf
# V2.0
Include /var/www/htdocs/modsec/apache1/rules.conf
# V3.0
#Include /etc/modsecurity/mini3.conf
# V4.0
#Include /etc/modsecurity/mini.conf
# V5.0
#Include /etc/modsecurity/mini.conf
ini hasilnya :
[11/Nov/2011:15:03:01 +0700] [xxx.xxxxxx.ac.id/sid#7f04788c][rid#83a2f034][/admin/index.php][1] Access denied with code 500. Pattern match "../" at REQUEST_URI [severity "EMERGENCY"]
[11/Nov/2011:15:03:01 +0700] [xxx.xxxxxx.ac.id/sid#7f04788c][rid#83a2f034][/profile.php][1] Access denied with code 500. Pattern match "../" at REQUEST_URI [severity "EMERGENCY"]
[11/Nov/2011:15:03:01 +0700] [xxx.xxxxxx.ac.id/sid#7f04788c][rid#83a2f034][/memberlist.php][1] Access denied with code 500. Pattern match "select.+from" at REQUEST_URI [severity "EMERGENCY"]
[11/Nov/2011:15:03:01 +0700] [xxx.xxxxxx.ac.id/sid#7f04788c][rid#83a2f034][/index.php][1] Access denied with code 500. Pattern match "../" at POST_PAYLOAD [severity "EMERGENCY"]
Rgds :)
[get this widget]
Monday, October 17, 2011
8 Lagu yang paling saya benci !
1. Lenka - Trouble is a friend
2. Kotak - Pelan pelan saja
3. Hijau daun - Suara
4. Zivillia Band - Aishiteru
5. Indra Lesma - Selamat tinggal
6. Drive - Bersama bintang
7. ST12 - Puspa
8. Melinda - Cinta satu malam
[get this widget]
Subscribe to:
Posts (Atom)
