Mar 26, 2007

Free software and Me

Linux is the fastest growing operating system in the world. The kernel of the Linux was developed by LINUS BENEDICT TORVALDS a finnish student. He was made it as his academic project. Its as UNIX like operating system also a predominant example of Freesoftware. It is now considered as the most secured and widely used Server Operating System.

I am not an expert in Linux System Administration. I had installed linux in my home PC on 2002. My friend Jayesh (Now working with Accenture Software Services) installed it for me. It was Redhat Linux 7.2. Since that day I have been using it for Browsing.

From 2002 I had interacted with Linux. I was working with Open software solutions ICS ltd as a supporting staff. On the part of my job I had installed more than 200 linux installations and a very little bit knowledge on networking. I had left the company on October 2005.

I had joined Spectrum softtech solutions Ltd, Keralas leading ISP. This company give me opportunity to interact with Linux servers. This company have more than 30 Linux servers. 18 of them are Qmail server for their collocation customers. 5 of them are exclusive Apache web servers. Others multipurpose linux servers including Relay server, trouble ticketing server etc. I am very much thankful to AnuBhaskar (Now working with Accenture Software Services) and LeenoJose (Now working with Ditro advanced Technologies) who taught me the basics of Linux administration. With the help of these masters I had installed my first Mail server and send an email to my friend sabeesh with a subject line of Sub:I did it.from the id bipin@bipin.com. From these masters I am trying to watch this ocean. I had completed 8 months in this company. In this short interval I had installed 5 Qmail servers, 8 Apache web servers, 1 Trouble ticketing system (OTRS).

2 Mail server migration. Etc. Apart from this I had managed the above said 30 servers for the customers. I had resigned from this company on November 2006.

I joined Ditro Advanced Technologies as Linux Administrator for their overseas client Ran Internet SL, a Spanish ISP. In this company I had met a number of challenging events, like a mail server which running on SENDMAIL/CYRUS/LDAP. Interesting thing is all these servers are running on independent machines. The motive is to share the load of each servers.

Mar 22, 2007

MOD_SECURE APACHE 1.9.4 – HOWTO

MOD_SECURE APACHE 1.9.4 – HOWTO

ModSecurity is an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure. This is also known as rule based Intrusion Detection System.

It is also an open source project that aims to make the web application firewall technology available to everyone.

(I had tested this on a debian sarge with Apache 1.3)

Create a directory for storing the source file.

$mkdir –p /opt/src

$cd /opt/src

Download the latest stable release from the mirror

modsecurity-apache_1.9.4.tar.gz

Untar the pack

$tar –zxvf modsecurity-apache_1.9.4.tar.gz

$cd mod_security-1.9.4/apache1/

$apxs -cia mod_security.c
 
Restart your Webserver.

/etc/init.d/httpd restart
 
If there was no error reporte,your installation successful.
  
FOLLOWING IS THE CONFIGURATION FILE 
(Add to /etc/httpd/httpd.conf)
 
 
    # Turn the filtering engine On or Off
    SecFilterEngine On
 
    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On
 
    # Only allow bytes from this range
    SecFilterForceByteRange 32 126
 
    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis
    SecAuditEngine RelevantOnly
 
    # The name of the audit log file
    SecAuditLog /var/log/httpd/audit_log
 
    SecFilterDebugLog /var/log/httpd/modsec_debug_log
    SecFilterDebugLevel 0
 
    # Should mod_security inspect POST payloads
    #SecFilterScanPOST On
 
    # Action to take by default
    SecFilterDefaultAction "deny,log,status:406"
 
    # Redirect user on filter match
    #SecFilter xxx redirect:http://www.webkreator.com
 
    # Execute the external script on filter match
    #SecFilter yyy log,exec:/home/ivanr/apache/bin/report-attack.pl
 
    # Simple filter
    #SecFilter 111
    
    # Only check the QUERY_STRING variable
    #SecFilterSelective QUERY_STRING 222
 
    # Only check the body of the POST request
    #SecFilterSelective POST_PAYLOAD 333
 
    # Only check arguments (will work for GET and POST)
    #SecFilterSelective ARGS 444
 
    # Test filter
    #SecFilter "/cgi-bin/keyword"
 
    # Another test filter, will be denied with 404 but not logged
    # action supplied as a parameter overrides the default action
    #SecFilter 999 "deny,nolog,status:404"
 
    # Prevent OS specific keywords
    #SecFilter /etc/password
 
    # Prevent path traversal (..) attacks
    SecFilter "\.\./"
 
    # Weaker XSS protection but allows common HTML tags
    SecFilter "<( |\n)*script"
 
    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|\n)+>"
 
    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"
 
    # Require HTTP_USER_AGENT and HTTP_HOST headers
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
 
    # Forbid file upload
    #SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
 
    # Only watch argument p1
    #SecFilterSelective "ARG_p1" 555
 
    # Watch all arguments except p1
    #SecFilterSelective "ARGS|!ARG_p2" 666
 
    # Only allow our own test utility to send requests (or Mozilla)
    #SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
 
    # Do not allow variables with this name
    #SecFilterSelective ARGS_NAMES 777
 
    # Do now allow this variable value (names are ok)
    #SecFilterSelective ARGS_VALUES 888
 
    # Stop spamming through FormMail
    # note the exclamation mark at the beginning
    # of the filter - only requests that match this regex will
    # be allowed
    #
        #SecFilterSelective "ARG_recipient" "!@webkreator.com$"
    #
 
    # when allowing upload, only allow images
    # note that this is not foolproof, a determined attacker
    # could get around this 
    #
        #SecFilterInheritance Off
        #SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
    #
 

Restart the Your Web server again

/etc/init.d/httpd restart.