Gospel. Culture. Technology. Music.

Tag: ModSecurity


Log4J Examples in the Wild

Using my honeypot server, I’ve been able to capture some examples of Log4J attempts against it. What this is showing is that the ModSecurity rules in place, at least in this subset of anecdotal examples, are able to block the various attempts, up to this point.

Setting up ModSecurity with NGINX and Log4J rules: https://davidwesterfield.net/2021/12/log4j-and-modsecurity/

Setting up ModSecurity with Apache and Log4J rules: https://davidwesterfield.net/2021/12/log4j-apache-and-modsecurity/

Log4J, Apache and ModSecurity

(I’ll be updating this post as more rules are available to stop new vulnerabilities.)

Credit to Christian Folini at coreruleset.org for providing the rule.

A major vulnerability has been discovered in Java web apps basic logging function called Log4J/Log4Shell. The best remedy for this is to update Log4j itself, or update the web app platform running Log4j with a newer version provided by the vendor. But that may take a while in many instances to fully implement.

Log4J, NGINX and ModSecurity

(I’ll be updating this post as more rules are available to stop new vulnerabilities.)

Credit to Christian Folini at coreruleset.org for providing the rule.

A major vulnerability has been discovered in Java web apps basic logging function called Log4J/Log4Shell. The best remedy for this is to update Log4j itself, or update the web app platform running Log4j with a newer version provided by the vendor. But that may take a while in many instances to fully implement.

ModSecurity and NGINX Compilation Error in Ubuntu

I had a failure recently when trying to compile ModSecurity as a standalone module for use within NGINX that seemed to be pretty consistent with what others were experiencing, from the limited number of sites that seemed to have information on this particular problem. I knew it was possible to set this up, but I also knew I was missing something.

After scanning the internet for a solution and getting some pointers from Ryan Barnett at Trustwave’s SpiderLabs, I finally found what I was looking for to get this to work.

I went through this http://www.modsecurity.org/projects/modsecurity/nginx/ and kept receiving this error:

configure: looking for Apache module support via DSO through APXS
configure: error: couldn’t find APXS

… even after I went through and made sure I had all these prerequisites installed (thanks for pointing me here Ryan): https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Prerequisites.

So then I was stuck, until I just searched why anyone gets this error at all and discovered this: http://knowledge-republic.com/CRM/2981/ubuntu/ubuntu-missing-apxs-fo-compile-apache-module/

In addition to the prerequisites noted in the last link, you must install apache2-prefork-dev instead of, or in addition to, apache2-threaded-dev in order to utilize the APXS extension tool.

Once I did that, I compiled the module successfully and was able to continue on with the rest.

I’m still waiting for an easy-to-add ModSecurity module for NGINX that I can just pull down using apt-get. 😉

Powered by WordPress & Theme by Anders Norén