Yeni bir güvenlik acigi duyruldugu an merakli crakerlerin ilgili programin güvenlik acigi olan versiyonunu bir yerlerde bulabilmek icin bas vurduklari ilk arac arama motorlaridir. Ayni sekilde degisik admin panelerine arama motorlari üzerinden ulasip DoS atak denemeleri ile admin sifresini kirmayi denemek bilinen saldiri sekilerindendir.
kurulu olmadigini varsayarak sistemimize mysql kuruyoruz (more…)
Bu yazi dahilinde degisik tekniklerle Linux üzerinde olasi sistem yada ag hatalarini nasil testip edebilecegimizden söz edecegim.
debian üzerine snort kurulumunu anlatmis. su aralar vaktim yok bir ara okur hatta kurarim dahi..
hangi isletim sistemini kurarsaniz kurun. kurulum sonrasi yapmaniz gereken bir ton angarya is vardir. ubuntu kurdugunuzda bu konuda yükünüzü hafifleticek bir oyuncak gelistirmisler. easyubuntu. kurulumu oldukca kolay olan bu oyuncagi surdan tegmin edebilirsiniz.
http://easyubuntu.freecontrib.org/
su sekilde de kurabilirsiniz.
wget -q http://medibuntu.sos-sts.com/repo/medibuntu-key.gpg -O- | sudo apt-key add -
wget http://easyubuntu.freecontrib.org/files/easyubuntu_latest.deb
sudo dpkg -i easyubuntu_latest.deb
sonra shell'inizde asagidaki komutu calistirin
easyubuntu
acilan programda hangi oyuncaklarin kurulmasi gerektigi konusunda karar verin ve okeyleyin.
The following signatures couldn’t be verified because the public key is not available: diye baslayip devam eden debian sorunsalina en guzel cözüm..
apt-get install debian-keyring
apt-get update
buda kesmez ise su sekilde halledebilirsiniz..
cd /tmp/
wget http://ftp-master.debian.org/ziyi_key_2006.asc
apt-key add ziyi_key_2006.asc
finito….
ilk önce apachemize ssl kuralim..
sertifika olustur. (karsiniza cikicak olan sorularda server ismini tam ve dogru olarak verin)
apache2-ssl-certificate
ssl mod'unu aktif hale getirelim.
a2enmod ssl
olan default http ayarlarini https icin kopyalayip degistirelim.
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default-ssl
ilgili kismi su sekilde degistirin
NameVirtualHost *:443# SSL (START) SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLCertificateKeyFile /etc/apache2/ssl/ZUFALLSNAME SSLProtocol all SSLCipherSuite HIGH:MEDIUM
apache2′yi port 443 dinleyecek sekilde ayarlayin. Bunun icin /etc/apache2/ports.conf dosyaya su satiri ekleyin.
Listen 443
yeni sitemizi aktif hale getirelim.
a2ensite default-ssl
ve apache'yi yeniden calistiralim.
apache2ctl restart
akabinde hemen rewrite mod aktive edelim.
a2enmod rewrite
sadece https den erisilmesini istediginiz dizine su .httacces koyun
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI}hepsi bu
faydalanilan kaynak :
http://www.debianhowto.de/doku.php/de:howtos:sarge:lamp_suphp
bir cok debian ubuntu kullanicisinin ilgisini cekecegine inandigim debian ipuclari sitesi
not: diger *nixcilerde tadabilir..
debain icin modsecury kurulumu
apt-get install libapache2-mod-security
vi /etc/apache2/mods-available/mod-security.conf
# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
# SecFilterEngine DynamicOnly
# Turn the filtering engine On or OffSecFilterEngine On
# Reject requests with status 404
SecFilterDefaultAction “deny,log,status:404″
# Some sane defaults
SecServerResponseToken Off
SecFilterScanPOST Off
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off# If you want to scan the output, uncomment these
# SecFilterScanOutput On
# SecFilterOutputMimeTypes “(null) text/html text/plain”
# Accept almost all byte valuesSecFilterForceByteRange 1 255
# Only record the interesting stuffSecAuditEngine RelevantOnly
SecAuditLog /var/log/apache2/audit_log
# You normally won’t need debug loggingSecFilterDebugLevel 0
SecFilterDebugLog /var/log/apache2/modsec_debug_log
# Include rules
Include /etc/apache2/modsecurity/filter.conf
kurallari include ile eklemis oldugumuz dosyanin icine yazicagiz bunun icin
mkdir /etc/apache2/modsecurity/
vi /etc/apache2/modsecurity/filter.conf
#
# —————————————————————————–
#
# Start Rules (Gerneric)
#
# —————————————————————————–# Enforce proper HTTP requests
SecFilterSelective THE_REQUEST “!HTTP\/(0\.9|1\.0|1\.1)$”
# check for bad meta characters in User-Agent fieldSecFilterSelective HTTP_USER_AGENT “.*\’”
# Require Content-Length to be provided with every POST request
SecFilterSelective REQUEST_METHOD “^POST$” chain
SecFilterSelective HTTP_Content-Length “^$”
# Don’t accept transfer encodings we know we don’t handle (and you don’t need it anyway)
SecFilterSelective HTTP_Transfer-Encoding “!^$”
# Don’t accept chunked encodings
SecFilterSelective HTTP_Transfer-Encoding “chunked”
# must have a useragent stringSecFilterSelective “HTTP_USER_AGENT|HTTP_HOST” “^$”
# Again, this is better protected by removing these functions in php.ini
SecFilterSelective ARGS “(system|exec|passthru|popen|shell_exec|proc_open|fopen|fwrite)\s*\(”# Prevent path traversal (..) attacks
SecFilter “\.\./”
# generic recursion signatureSecFilterSelective THE_REQUEST “\.\./\.\./”
# generic attack sigSecFilterSelective THE_REQUEST “cd\x20*\;(cd|\;|echo|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|id|uname|cvs|svn|(s|r)(cp|sh)|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)”
# generic filter to prevent SQL injection attacks
SecFilter “[[:space:]]+(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|*| |\,]”
# generic PHP remote file inclusion attack
SecFilter “\.php\?” chainSecFilter “(http|https|ftp)\:/” chain
SecFilter “cmd=(cd|\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|id|uname|cvs|svn|(s|r)(cp|sh)|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)”
# generic sig for more bad PHP functions
SecFilterSelective THE_REQUEST “chr\(([0-9]{1,3})\)”
SecFilterSelective THE_REQUEST “chr\([0-9a-fA-Fx]+\)”
# SQL injection attacks
SecFilter “delete[[:space:]]+from”
SecFilter “insert[[:space:]]+into”
SecFilter “select.+from”# SQL injection in cookies
SecFilterSelective COOKIE_sessionid “.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|*||\,]+[[:space:]]+(from|into|table|database|index|view)”# —————————————————————————–
# Start Rules (experimental)# —————————————————————————–
# experimental generic remote download sig foo IP or FQDN or foo http/https/ftp://whatever
SecFilterSelective THE_REQUEST “(perl|t?ftp|links|elinks|lynx|ncftp|(s|r)(cp|sh)|wget|curl|cvs|svn).*\x20((http|https|ftp)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/)”
SecFilterSelective THE_REQUEST “( |\;|/|\’|,|\&|\=|\.)((s|r)(sh|cp)) *(.*@.*|(http|https|ftp)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/)”
enson olarak mod secury aktive edip apacheyi yeniden calistiralim.
a2enmod mod-security
/etc/init.d/apache2 restart
su url’yi kendi internet gezgininizden cagirip. apache error.log’larini inceleyin..
http://deineDomain.de/?query=”insert into users (id, name) values (1,’stefan’)”
mod secur calisiyor ise bunu loglardan konrtol edebilirsiniz. ayriyetten sayfa bulunamadi seklinde 404 hatasi verilir…
kaynak:
http://www.sspace.de/archives/52-Mod-Security-Apache2-Debian-Sarge.html
Linux dünyasinda BSD güvenlik duvari olan PF olmamasi ve Linux dünyasina bu kompenantin tasinmasi oldukca zor olmasi ve sirf PF icin yeni bir UNIX sürümünün dertleri ile ugrasmak zorunda kalma ikilemi uzun zamandir canimi sikiyordu.. Neyseki simdi kFreeBSD var. Debian GNU/kFreeBSD Freebsd kerneli baz alinarak yapilmis bir Debian sürümü. Dahaden cok yeni olan proje simdiden bir live cd cikarmis. Ileride Linux debiani arkada birakicagina inandigim proje hakkinda su siteden bilgi edinebilirsiniz..
http://www.debian.org/ports/kfreebsd-gnu/
live cd’sini buradan indirip deniyebilirsiniz..
Powered by WordPress