Nginx ModSecurity Tutorial | Nginx WAF

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everyone welcome in this video we're going to be taking a look at how to secure nginx with mod security or how to configure mod security to work with nginx now in the previous video where i introduced mod security and its relationship with apache and the fact that it is a native module that was designed for the apache web server technology i also explained very briefly or i you know retorted very briefly that nginx is not officially supported by mod security as a module and when i said that of course i did not explain everything fully so that's why i'm making this video and of course i'll be taking you through the installation process because it's not as straightforward now uh when we talk about nginx and apache apache is probably the most popular and most used web server technology which means it's widely adopted so on and so forth second after that is nginx which is a growing a web server technology and of course you know the differences between the two are going to be things like customer customization configurability you know the fact that nginx has the ability or gives you the ability to set up a web proxy really really easily so again nginx is also being adopted widely now and it's an important it's a very very very good piece of web server technology that i think everyone should be familiar with if you're not familiar with how to use it please check our first series where we talked about we actually talked you through how to install nginx what it is so on and so forth in this video we're going to be focusing only on the mod security aspect of it all right now when i said that the installation is not as straightforward i really didn't mean that and the reason as i said is because mod security is not officially supported by nginx or you know and vice versa but a mod security has actually created a connector and i'll attach this github repository um in the uh in the documentation of this video that'll explain a little bit more so you can see the mod security engine x connector is the connection point between nginx and lib mod security which is also mod security version three the one that we were using in the previous video with apache said another way this project provides a communication channel between nginx and libmod security the connector is required to use libmod security with nginx so again it's not natively supported the mod security engine x connector takes the form of an nginx module so the connector takes the form of the module and the module simply serves as a layer of communication between nginx and mod security so they're working as two different systems that's the key thing to understand here okay now uh again you can you can actually take a look at the differences between uh the old mod security add-on um and this particular project here so the old version uses mod security standalone which is a wrapper for apache internals to link mod security to nginx this current version is closer to nginx consuming the the new libmod security which is no longer dependent on apache as i said in the previous video again and i keep stressing this it started out as a module for apache but it's you know it's grown into something more as a result this current version has less dependencies fewer bugs and is faster okay and there's a whole compilation uh instructions here which i if you're a beginner i don't recommend you follow that's why i'm making this video so we can actually get started now what i've done is i've set up an ubuntu server with nothing installed so no stack and we're gonna i'll take you through installing nginx and we'll get started you know with installing all the compilation tools and utilities which again will be added as a as a supplement to this video in the form of documentation so here we are on our server and i'm just going to log in we'll just get the ip here so we'll get that here so ssh root and i will log in directly yes and i'll type in the password that i had set up and there we go so the first thing we want to do is uh apt update and apt upgrade and that will make sure we have the latest uh repositories and uh we have you know the latest packages because it's always important to uh to ensure all your packages are upgraded whenever you get started with a new server okay and uh that should be done there we are it's gonna ask me now for the to accept the packages to be upgraded and we you know the installation process of nginx on ubuntu is fairly simple and of course you can follow this if you're on any other distribution this will work this guide will work on any other you know commonly used distribution like centos which is of course uh now being changed into center stream as of recording this video um so that should be done and now we just say apt install nginx all right and the key thing we want to take into consideration here is the version of nginx being installed now i'm currently using an ubuntu 18.04 server and in the latest repositories uh the latest version of nginx that we get is nginx 1.14.0 and i can display this by typing in nginx and hyphen v that is a lowercase v so that tells me i'm running nginx version 1.14.0 so you want to keep that in mind okay and now that we have that done we now need to install all our compilation tools and utilities or the development toolkit that we are going to require and as i said i'll be adding this as a resource to the video and i have it right over here so i'm just going to copy it and it's a ton of tools you don't really need to know what they do exactly so i'll just copy it and paste it it's quite a few tools so we'll just hit yes and it's about 376 megabytes this is all required for the compilation process because we are going to have to compile the modules ourselves and uh yeah so we'll just wait for this to complete installing all right so that is all set up now before we do anything else let's actually test and see if our nginx server is running it should actually give us a welcome here so there it says welcome to nginx and we know the web server is running so we're really not going to be deploying any web applications and it's very easy to test whether mod security is working so there's no need for that um so right we can actually move on now so we can go back into our terminal and the first thing we want to do now is we want to download and compile mod security manually and to do this we'll just go into opt directory which is where we store all third-party software and programs and we'll just clone it so git clone i believe i know the url by head so https github.com and it's under spider labs there we are spyder labs and we then say mod security all right so this is going to compile or just going to clone the repository the mod security repository here and we'll just wait for that to complete and give that a few seconds there we are we can now go into mod security and we'll be working primarily within the opt directory because there's a there's actually quite a few files we need to download and compile so if we list the current uh files and directories within the modsix uh within the mod security directory you can see that we have quite a few we have quite a few uh files and as i said the first thing we want to do is we actually want to get started with the build process but before we do that we need to just ensure that the sub module is initialized so git sub module initialize and we hit enter and then we say git sub module update and we'll wait for that to complete all right so now we can get started with the build process and to do that we just say build.sh because we already have the build script and then we need to configure the environment and then we can run the make and make install commands to actually install it to actually install it for us so there we are it's going to begin uh running the build script so again this uh will take time uh when especially when we talk about the make process so again we now need to configure so we say configure there we go so it's going to check the environment to see whether you have all the necessary dependencies and tools required for the for the actual compilation process so we now want to say make and make is probably going to take uh you know up to five minutes so i'm just gonna wait for this to complete all right so the make process is complete we can now make install which again this time shouldn't take that much time or as long as the make command actually took so we'll say make one second let me actually load this up here and we can then say make install and we hit enter all right so there we are we can see that is complete and um we should have mod security set up and installed now um so that was how to compile uh mod security manually now the next thing we need to do is actually download the mod security uh nginx connector which we actually actually showed you here and that was using the github repository so if i can just open that up there we are and all we need to do is copy this or um actually just uh copy this directory here and we can then clone it so i'll just clone it into the opt directory once again so we will say um that is we'll just say git clone and https i think i remember the url myself so that is github.com and we're going to say spyderlabs and that is under mod security engine x so mod security and we say nginx all right and that should clone it for us and if we list out the files now and we just um sorry we're just going to take a step back here we want to access the mod security nginx connector directory and uh yep that looks fine so we'll not touch that right now what we're going to do next is we now need to compile the mod security module for nginx and the way we do this is by firstly understanding or downloading the version of nginx that we currently have installed and of course i know we already have nginx installed but we need that particular version so again to display the version we simply say nginx hyphen v and that'll say it's nginx version 1.1 4.0 so we need to actually download that so we can use wget and again we're doing this within the opt directory so wget http and the this should be under nginx.org under downloads so download and this should be under engine x and we just specify the version so in this case it's uh 1.14.0 and it's a tar it's actually a tar ball so we'll just say w get that and that is done and again you want to download the version that you actually have installed uh this version of nginx is not the latest version but it's the is the latest version uh that is currently within the ubuntu 18.04 repository so it's very important that you keep that in mind so we're going to say dar we're just going to extract this so we're going to use star and we say extract and we'll just extract that file there because this is a tar bolt so nginx and that should extract it into its appropriate directory which is nginx version 1.1 4.0 so we'll just go into that directory and within this directory uh we actually need to start performing our we actually need to configure and what's we actually need to configure environment and of course once that is complete it's going to give us our modules that we require in this case the nginx mod security module to do this we need to run the configure command but before we do that we need to run the configure command with particular with particular arguments and in this particular case we're going to be using the mod security connector because remember we already cloned that so it's very very simple it shouldn't be there too complicated however one of the options that we require or one of the arguments that is required during the configure process is the actual um the actual arguments and dependencies uh that were used to compile this version of nginx and we can display this by saying nginx and we use the capital v option now and you can see it gives us the configure arguments which we want to copy so you want to copy all of these config arguments and this is going to be different based on whatever distribution you're running or whatever version of nginx you're actually running on your system so it's very important that you copy your particular configure arguments so now we can say configure and we'll just say configure like so and we then want to paste in the config arguments that we specified and now we also need to add dynamic modules which are included within the mod security nginx connector directory which is within the opt directory so all we need to do is say add um we're going to say add dynamic modules and we then should uh we then provide the directory which in this case is two steps back and we then say the file name is mod security and engine x that is the directory and we then hit enter um that should be okay so add dynamic module and we hit ok and that is going to check or configure so it's going to start off by checking whether we have all the dependencies and the build tools required okay so we can see that it says we error we have the http xslt module requires the following package so we need to install this package we can install it really easily and this error is quite easy to fix all we need to do is say sudo apt install and we provide the actual name which in this case is going to be lib x st so xslt sorry lib xslt which i believe should be in most of the repositories on your distribution if you're using ubuntu it should be there so we'll install that and let's see if that actually works um so that will install it we can then run the configure uh we can actually run the configure command again so we'll just bring that up in our terminal and hit enter and let's see if we need to install any other dependency or any other packages that are required so it says we require the http image filter so to install this i think that is we need to install another library so we say sudo apt install um lib gd and that is the dev uh the dev version so we hit yes we want to install that and let's see if it works now and all of these commands will be included within the documentation of this particular video so we'll just wait for this to complete and we can then run the configure command again after which we should actually we should be able to make the modules which is what we want so we'll say hit enter all right it looks like it's we have everything required now so there we are it looks like we have everything ready so what we can do now is simply type in make modules and that's going to begin making the various modules so we're going to hit enter again this shouldn't take more than a few minutes and once we have the modules all we need to do is copy the mod security module that is created for nginx and this particular module is what is going to uh is going to facilitate the connection between the between mod security and engine x okay so uh all the modules it's actually completed all the modules are stored within the ob the objects directory so if we list this out you can see the module that we're looking for is going to be the uh the nginx http mod security module so we want to copy this into the nginx modules directory so into our local nginx modules directory so we're going to create that so make directory etsy and we go under nginx and we'll just create a directory called modules right and then we want to copy the we want to copy the nginx http mod security module to this particular to this particular directory here so that we have that module there and then we can load this particular module so we'll say uh objects and we're looking for ngx http mod security module.so and we want to move that into etsy nginx and under modules all right fantastic so that should be good to we should be good to go on the module front uh what we now need to do is we now need to load that particular module into the nginx configuration file so the default nginx configuration file is found under etsy nginx and nginx.conf and we just need to load it here so we'll just do it under the include option so the include option essentially allows the loading of modules uh the loading of modules that have been developed for um for nginx specifically similar to what we did with apache so all we need to do to load a particular module is say load uh module and then we provide the directory of the module which in this case is going to be under etsy nginx and under modules right we then provide the name which in this case is going to be uh ngx http underscore where i think it was mod security uh mod security module dot so and we use a semi colon right over there all right so we should that should load the mod security module into nginx and we should be able to use it however if you remember before we can start using mod security because in its current state we actually don't have any particular modules uh we don't have any particular rules set up or the security rule engine hasn't been enabled yet so to do all of this what we need to do first is we actually need to get the os core rule set which again we'll just download into our opt directory because we have to make a few more configurations so we'll just go to the core rule set and install that and i've already covered what this is in the apache video so you can check that out there so we'll copy the link to the repository and we can just say git clone and we'll paste that in there and we'll just paste it into a folder called we'll just clone it into a folder called mod security crs right so we'll keep the naming nomenclature the same as in the previous video so mod security crs uh what we need to do now is we need to go into mod security crs and we need to rename the crs setup.conf file we need to get rid of the example um we need to get rid of the example extension so we're going to say move mod security sorry move crs setup.conf to crs setup dot um uh dot conf right over here and that should uh that that should actually give us the configuration file now and it should be active uh right so after we've done this we now need to modify a few of the rules if you remember in the previous video so we need to modify the request exclusion rules and we of course are just getting rid of the example extension so we're going to say move rules and this is under the rule is a request rule so these are request exclusion rules you want to get rid of the example extension and we're saying move it uh just change the name to rules and we're just going to maintain the same name so request and we're just getting rid of the example extension so there we are which is example and we'll we'll just add the example extension here because that's the file name that we're actually changing we're going to hit enter and we should be good on that front in regards to the actual configurations we now need to move this particular directory the mod security um the mod security crs directory which contains the core rule set into the user uh we're actually moving it into the user local directory so we say move user local and we're moving this to the mod security directory into the user local uh directory so we hit enter and that should move the core rule set there so we want to remember that particular directory uh over here so we know that the core rule set is within the user local directory so excellent we can now move on to configuring modsec or mod security or the main mod security configuration so we do this by creating a directory under etsy nginx and we'll just call it modsec that is the preferred nomenclature and now what we want to do is we want to copy the we want to copy a few configuration files are the default configuration file uh from the mod uh from the mod security uh github repository that we cloned remember this is um this is not the connector but the actual mod security directory so what we're gonna do now is we are just going to move it so i'll just uh we'll just clear the screen here and we can actually get started now so we're going to move we're going to say opt mod security and the first thing the first file we want to move is the unicode mapping into etsy nginx and we say modsec and we want to move it into this directory here so that's the unicode mapping for compatibility and then of course we need to move the actual file uh if we did rename it so if we check the directory now we need to rename uh modsecurity.conf recommended to just mod security.com so we're going to say move mod security dot conf and we're going to just change the name to mod security.conf and we then want to copy this particular file so copy mod security.conf into the etsy nginx mod security folder right and we hit enter and we have the configuration the mod security configuration within that particular directory right over here all right so that might be a little bit confusing but don't worry it'll make sense in a few seconds so the first thing we want to do now is we want to go into the etsy directory under nginx and mod security so modsec and we want to edit the mod security configuration file so mod security.conf and this is where we can make our changes similar to the previous video so we'll change the sec rule engine to on instead of detection only so in this particular case what this means is that the detection engine will be able to actively sorry the sacral engine will be able to actively defend your web server from attacks instead of just monitoring all right so we'll save those changes and now that we now that that is done we now need to create the main configuration file for mod security and that is done within the etsy nginx and mod sec directory so again in addition to having a mode security configuration file we now need to create a a main configuration file so we'll just say vim main.conf and within this main configuration file is where we'll include all of the various uh configuration files and the uh the core rule set so within here is where we now specify things like the conv the mod security configuration file so we say include etsy nginx modules uh well actually not modules mod sec mod sec and we say mod security dot conf so that's the configuration file and then we we start including the uh the core rule set which we saved under the user local directory so we're gonna say user local um and we're gonna the file name or the directory was mod security crs so that is the core rule set so we're gonna enable the setup so we're gonna say include the setup here um so setup.conf we then want to include the rule sets or the rules themselves so include and that's under the same directly directory just under the um the rules subdirectory so user local and we say mod security um crs and we'll then say that's under rules and we'll use the wildcard symbol to essentially infer that we want all of the rules uh so all configuration files okay so that is done now and we can save that now we have all the configuration files for mod security and we have the module itself under the modules directory so if i just take a step back and let me just explain what we've done here so the first thing we did we actually compiled the modules that we required and of course we are able to compile and install mod security itself not you know in relation to nginx yet because of course to do that we use the nginx connector uh to build our modules and we got the modsec module or the mod security module for nginx which we then copied into modules and then we've created our configuration files on all under the mod sec directory so we have the mod security configuration file and we have a main configuration file which will then be used to uh to actually load the other configuration file and the uh the the core rule set so to activate all of this we need to enable this uh we need to specify the rules file within your site's your site's configuration file so this can be done by going into vim etsc nginx and you want to look for sites enabled well actually your sites available i should say sites available and your default site so this is where you can you actually configure all your servers and your virtual host if you want so within here all we need to do is say mod security on and we then uh provide the directory so the uh mod security rules file so rules so mods security rules file and then we provide the the actual directory so etsy nginx mod sec and the name is main.conf so this contains all the rules for mod security which of course within this particular main file we said uh for the configuration look at the mod security.conf file for the core rule set look under the user uh the the user local directory under mod security crs and you'll find all the rules there so this should include all the options for us so we'll just um we'll say mod security uh modsec main.conf and we use a semicolon and write and save those changes and we're now done and of course the final thing we need to do to confirm that everything is worked uh throughout this process is systemctl restart and nginx and we hit enter and everything looks like it's working and of course the easiest way to test this is to perform some parameter tampering so we'll reload our nginx server and it looks like it's working so to test this we can say um you know we can just run a simple parameter test so we use the question mark of course um and then we say question mark exec is equal to you know bin bash if i was trying to execute or launch a shell session so bin bash and hit enter and you can see it tells us that is forbidden all right so we know that mod security is working in conjunction with nginx so again during this entire process i know it does get quite confusing but the documentation uh on under spider labs under the mod security engine x director explains it quite well essentially what's going on so you can see uh once we have everything set up within our site configuration we can we can either enable mod security we can do that we can say turn it on or turn it off so for example you can actually see right over here under the uh the server configuration we have the we can actually say on or off and we specify the rules file which in our case we created our own rules file that contains our own mod security configuration file and our os mod security core rule set which is the the the the set of rules that will protect your server from you know the os top 10 attacks that i actually explained in the previous video so if i wanted to disable it all i would need to do is just modify my site configuration and simply say mod security um off right and that will disable it and then i restart nginx and now if i go back to nginx and try and execute that you can see it executes it and even though i i don't have a web page you can see nginx still processes it which can be quite harmful if you you know if you're running a custom web application so again just to enable it i just need to turn it on so you can enable it and disable it as you wish it really is very simple i'll just enable it in my case and fantastic so that is how to set up mod security on nginx i know it is quite a process uh the documentation file uh that comes along with this particular video will explain it in in depth and if you have any issues let me know in the comments section or you can contact me on my social networks and i'll be happy to answer any of your questions or solve any of the issues you have you

Info

Channel: HackerSploit

Views: 9,006

Rating: 4.9561644 out of 5

Keywords: hackersploit, hacker exploit, kali linux, apache, linux, modsecurity, hacking, modsecurity apache, modsecurity iis, modsecurity nginx, modsecurity ubuntu, modsecurity installation, modsecurity apache2, apache modsecurity, how to setup modsecurity, modsecurity waf, nginx, nginx modsecurity, nginx modsecurity centos 7, modsecurity nginx ubuntu 20.04, nginx controller, security, modsecurity nginx tutorial, modsecurity nginx ubuntu 18.04, web application firewall

Id: 5eRxOYbaIEI

Channel Id: undefined

Length: 30min 9sec (1809 seconds)

Published: Mon Mar 29 2021