اقوي و احدث رولز لـ mode security
السلام عليكم ورحمة الله وبركاتة
الان موعدنا مع رولز قويه و ممتازه من وجهه نظري المتواضعه ...
يمكنك استخدامها اي كانت مواصفات سيرفرك ...
تحميك من الشل و الكثير من الاشياء اكتشفها بنفسك ...
طريقة التركيب :
انصح بتركيب المود سيكيورتي المدمج مع الاباتشي من علي سيرفرك .
افتح الشل و قم بكتابه الامر التالي :
اذا كان بداخله اي محتويات قم بحذفها و انسخ التالي :
بعد الانتهاء اضغط ctrl +x ثم y ثم enter
بعدها قم بتنفيذ الامر التالي :
الان موعدنا مع رولز قويه و ممتازه من وجهه نظري المتواضعه ...
يمكنك استخدامها اي كانت مواصفات سيرفرك ...
تحميك من الشل و الكثير من الاشياء اكتشفها بنفسك ...
طريقة التركيب :
انصح بتركيب المود سيكيورتي المدمج مع الاباتشي من علي سيرفرك .
افتح الشل و قم بكتابه الامر التالي :
كود:
nano /usr/local/apache/conf/modsec2.user.confاذا كان بداخله اي محتويات قم بحذفها و انسخ التالي :
كود:
[COLOR=#000000][COLOR=#FF8000][FONT=Arial][SIZE=4]#fake server banner - NOYB used - no one needs to know what we are using
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecServerSignature [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"Modevps.com Security Apache"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# Check *******-Length and reject all non numeric ones
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_HEADERS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]:[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]*******[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]-[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]Length [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"!^\d+$" "deny,log,auditlog,msg:'*******-Length HTTP header is not numeric', severity:'2',id:'960016'"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# Do not accept GET or HEAD requests with bodies
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_METHOD [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"^(GET|HEAD)$" "chain,deny,log,auditlog,msg:'GET or HEAD requests with bodies', severity:'2',id:'960011'"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_HEADERS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]:[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]*******[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]-[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]Length [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"!^0?$"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# Require *******-Length to be provided with every POST request.
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_METHOD [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"^POST$" "chain,deny,log,auditlog,msg:'POST request must have a *******-Length header',id:'960012',severity:'4'"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule [/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]&[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]REQUEST_HEADERS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]:[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]*******[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]-[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]Length [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"@eq 0"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# Don't accept transfer encodings we know we don't know how to handle
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule HTTP_Transfer[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]-[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]Encoding [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"!^$" "deny,log,auditlog,msg:'ModSecurity does not support transfer encodings',id:'960013',severity:'5'"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# Check decodings
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_FILENAME[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]ARGS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]ARGS_NAMES[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]REQUEST_HEADERS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|![/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]REQUEST_HEADERS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]:[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]Referer [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"@validateUrlEncoding"
"chain, deny,log,auditlog,msg:'URL Encoding Abuse Attack Attempt',id:'950107',severity:'4'"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_FILENAME[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]ARGS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]ARGS_NAMES[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]REQUEST_HEADERS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|![/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]REQUEST_HEADERS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]:[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]Referer [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# allow request methods
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_METHOD [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"!^((?:(?:POS|GE)T|OPTIONS|HEAD))$"
"phase:1,log,auditlog,msg:'Method is not allowed by policy', severity:'2',id:'960032'"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# Restricted HTTP headers
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_HEADERS_NAMES [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.(?:Lock-Token|Translate|If)$"
"deny,log,auditlog,msg:'HTTP header is restricted by policy',id:'960038',severity:'4'"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# Session fixation
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_FILENAME[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]ARGS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]ARGS_NAMES[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]REQUEST_HEADERS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]|![/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]REQUEST_HEADERS[/SIZE][/FONT][/COLOR][COLOR=#007700][FONT=Arial][SIZE=4]:[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]Referer [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"(?:\.معهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىe\b.*?;\W*?(?:expires|domain)\W*?=|\bhttp-equiv\W+set-معهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىمعهد الحمايه العربىe\b)"
"capture,ctl:auditLogParts=+E,log,auditlog,msg:'Session Fixation. Matched signature <%{TX.0}>',id:'950009',severity:'2'"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# Basic rules with arbitrary command detection
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.htgroup"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.htaccess"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cd\.\."
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"///cgi-bin"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/cgi-bin///"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~root"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~ftp"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/htgrep" [/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]chain
SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/\.history"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/\.bash_history"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~nobody"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"<script"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"psybnc"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cmd=cd\x20/var"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"dir=http"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\?STRENGUR"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/etc/motd"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/etc/passwd"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"conf/httpd\.conf"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/bin/ps"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"bin/tclsh"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"tclsh8\x20"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"udp\.pl"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"linuxdaybot\.txt"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"wget\x20"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"bin/nasm"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"nasm\x20"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/usr/bin/perl"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"links -dump "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"links -dump-(charset|width) "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"links (http|https|ftp)\:/"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"links -source "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cd\x20/(tmp|var/tmp|etc/httpd/proxy|dev/shm)"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cd\.\."
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"///cgi-bin"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/cgi-bin///"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~named(/| HTTP\/(0\.9|1\.0|1\.1)$)"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~guest(/| HTTP\/(0\.9|1\.0|1\.1)$)"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~logs(/| HTTP\/(0\.9|1\.0|1\.1)$)"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~sshd(/| HTTP\/(0\.9|1\.0|1\.1)$)"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~ftp(/| HTTP\/(0\.9|1\.0|1\.1)$)"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~bin(/| HTTP\/(0\.9|1\.0|1\.1)$)"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/~nobody(/| HTTP\/(0\.9|1\.0|1\.1)$)"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/\.history HTTP\/(0\.9|1\.0|1\.1)$"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/\.bash_history HTTP\/(0\.9|1\.0|1\.1)$"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"lynx "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"Fhome"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cvs"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.php\?phpinfo"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.php\?phpini"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.php\?mem"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.php\?cpu"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.php\?users"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.php\?tmp"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.php\?delete"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"curl "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"echo "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"links -dump-width "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"links http:// "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"links ftp:// "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"links -source "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cd /tmp "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cd /var/tmp "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cd /etc/httpd/proxy "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"&highlight=%2527%252E "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"changedir=%2Ftmp%2F.php "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"arta\.zip "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cmd=cd\x20/var "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"HCL_path=http "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"clamav-partial "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"vi\.recover "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"netenberg "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"psybnc "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"fantastico_de_luxe "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"2Fpublic_html&"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]".htaccess"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"c99sh_datapipe.pl"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"listDBs"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"%2home%2"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"%2home%"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"%home%"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"%home"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"home%"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"%2Fhome%2"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"%2Fhome%"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"%Fhome%"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"%Fhome"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"Fhome%"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"2Fpublic_html&"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/etc/"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"sqlman"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"act=security"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"act=cmd"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"act=chmod"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"act=ls&d="
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"act=f&f="
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"act=sql"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"Bcc:"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"Bcc:\x20"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cc:"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cc:\x20"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"bcc:"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"bcc:\x20"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"bcc: "
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"cd "
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]#SecRule REQUEST_URI "id "
# Miscellaneous malicious requests
# These rules can be very effective, however "general" rules such as the following
# have issues with false positives in some environments. Comment out as needed.
#XSS attempts for STYLE, VBSCRIPT, JAVASCRIPT, EXPRESSION, and XML
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\<IMG.*/\bonerror\b[\s]*=/Ri"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"TYPE\s*=\s*[\'\"]text\/javascript/i"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"TYPE\s*=\s*[\'\"]application\/x-javascript/i"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"TYPE\s*=\s*[\'\"]text\/jscript/i"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"TYPE\s*=\s*[\'\"]text\/vbscript/i"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"TYPE\s*=\s*[\'\"]application\/x-vbscript/i"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"TYPE\s*=\s*[\'\"]text\/ecmascript/i"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"STYLE[\s]*=[\s]*[^>]expression[\s]*\(/i"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"[\s]*expression[\s]*\([^}]}[\s]*<\/STYLE>/i"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_URI [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"<!\[CDATA\[<\]\]>SCRIPT"
[/SIZE][/FONT][/COLOR][COLOR=#FF8000][FONT=Arial][SIZE=4]# For deny Shells opening
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_FILENAME [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"/(r57shell|TrYaG|TrYg|m0rtix|r0nin|c99shell|phpshell|sa3ekashell|crackit|c777|void\.ru|phpremoteview|directmail|bash_history|\.ru/|brute|c991)\.php"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_FILENAME [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\.pl"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_FILENAME [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"perl .*\.pl(\s|\t)*\;"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule REQUEST_FILENAME [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"\;(\s|\t)*perl .*\.pl"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule RESPONSE_BODY [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"TrYaG"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule RESPONSE_BODY [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"shell"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule RESPONSE_BODY [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"Sniper"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule RESPONSE_BODY [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"SnIpEr_SA"
[/SIZE][/FONT][/COLOR][COLOR=#0000BB][FONT=Arial][SIZE=4]SecRule RESPONSE_BODY [/SIZE][/FONT][/COLOR][COLOR=#DD0000][FONT=Arial][SIZE=4]"c99" [/SIZE][/FONT][/COLOR][/COLOR]بعد الانتهاء اضغط ctrl +x ثم y ثم enter
بعدها قم بتنفيذ الامر التالي :
كود:
httpd restart
اسم الموضوع : اقوي و احدث رولز لـ mode security
|
المصدر : حمـــاية السيــرفرات والمواقـــع