Owasp-webekci-1.0_en.doc

needmoreneedmoreData Management

Nov 28, 2012 (4 years and 9 months ago)

428 views


W
hat is WeBekci
?


WeBekci is a
web
based

ModSecurity 2.x
management

tool. WeBekci is written in

P
HP
,

Its
backend
is
powered
by

MyS
QL

and
the
frontend by XAJAX framework. It is a
n

OWASP Project.


Goals
:


It will remove management overhead of ModSecurity 2.
x. You can configure
modsecurity.conf, add special rule
s

and watch system, apache and modsecurity log
s

(
o
nly

guardianlog

has been

implemented in this version
).


Features:


It covers

9
0 percent of
the
ModSecurity 2.x configuration

features
.
M
anu
a
l
-

and GUI
-
based rule management
s

are
supported. It permits to add
single
-
argument rules and it
covers
7
0 percent of
the
action parameter
s
. It can
b
e

used in
monitoring system, apache
and ModSecurity guardian log
s
.
As of this version t
he monitoring
utility is rather
basic
and
it give
s

some information about
the
system.


Future Development
:


1.

Configuration

:

Will add all
ModSecurity 2.x

configuration parameter


2.

Rule
generator:

All
ModSecurity 2.x

variables and actions will be modifiable.
It will be possible to add rul
es using multiple variables. Defining chain rules will
also be possible.

3.


Logging:

ModSecurity`s
a
uditlog
and
debuglog

will be
presented in
more
understandable formats
;
it will support
multi apache error and access log
s.

4.

Multiple
-
DB
:

Will add
PostgreSQL

a
n
d
SQL
ite

support.


Requirement
:




Platform Linux/Unix,



Apache + ModSecurty 2.x



Php



Mysql


Web P
age:


https://www.owasp.org/index.php/Category:OWASP_WeBekci_Project


Mail L
ist
:


owasp
-
webekci@lists.owasp.org




Install
ation
:


Download adres
s
:
http://sourceforge.net/projects/webekci/


Primarily
,

create
.htaccess
and

.htpasswd
files
.
These are required
fo
r

WeBekci`s
own
.


Edit .htaccess file:


In the
.htaccess
file
, enter the correct path
for the .htpasswd file in the

AuthUserFile line
in accordance with your own configuration:


Now edit
.
htpasswd
file:



If the us
er name is going to be “webekci” and password “1234”, then enter:


You may enter
your own UID and password.



# tar

zxvf webekci
-
1.0.tar.gz

# mv
webekci /usr/local/www/

# cd /usr/local/www/webekci

# vi .htaccess

AuthUserFile /usr/home/bunyamin/.htpasswd

AuthType Basic

AuthName "Owasp
-
WeBekci Screet Area"


<LIMIT GET POST>

require valid
-
user

</LIMIT>

# vi .htpasswd

webekci:cwc9eWGIM9r5M


Now, you
need

d
e
fine “directory” in the
httpd.conf
file.




Not
e
:
If you are using
mod_rewrite
, then enter


AllowOverride All”

so that

.htaccess
file can be read. Otherwise enter

AllowOverride None”
.


Make necessary modifications in config.php file. Add the following line:


$config['modsecurity_conf']='/usr/local/etc/apache22/extra/mod_security.conf';


It’s important to create the mod_security.conf file and include its path to the httpd.co
nf.
Let’s add the following line into your httpd.conf. Change the path according to your
distribution if necessary.



To give the www user read and write permissions:


Note
: www
user is the user where
apache

runs.
Please check the the following entries
in
h
ttpd
.conf
:



User www

Group www


Alias /webekci/ "/usr/local/www/webekci/"

<Directory "/usr/local
/www/webekci/">


Options None


AllowOverride All


Order Allow,Deny


Allow from all

</Directory>

#
apach
ectl restart

Include etc/apache22/extra/mod_security.conf

# chown www /usr/local/etc/apache22/extra/
mod_security.conf


Some distributions may have different user and/or group names.


After configuring
WeBekci

you need to restart
apach
e
. Do this with these sudo
configurations:

$config['apache_config_test'] = '/usr/local/bin/sudo /usr/local/sbin/httpd
-
t';


$config['apache_restart']='/usr/local/bin/sudo /usr/local/sbin/httpd
-
k restart';


Also alter your
config.php
according to your d
is
tro. Edit sudoers file:


Enter these lines:


Now
www
user can do
“config test”
and
“restart”
operations
restart

apache
without
having
to enter password.


Please make sure
you entered
MySQL

related changes in your
config.php
file; and
browse your site and run the install.php file:


http://www.site.com/webekci/install.php


Do not for
get to delete
install.php

later.
.



A reminder: www user must have read
-
write rights to
a
u
d
it, d
ebug
and

g
uardian log

files.
For instance,
if the
Guardian log

file has the p
ath
as
“/var/log/modsec_guardian.log”

,
then we need to enter thi
s command:


Now the
guardian log

can be seen in the program
.

You have to do chown for other log
files, too.


I express my gratitude to those who helped me with this write
-
up.

# vi /usr/local/etc/sudoers

www ALL=NOPASSWD:/usr/local/sbin/httpd
-
k restart

www ALL=NOPASSWD:/usr/local/sbin/httpd
-
t

# rm install.php

# chown www /var/log/modsec_guardian.log