ࡱ > j l i 5@ bjbj22 e X X 8 \ $ t 6 2 L %6 '6 '6 '6 '6 '6 '6 7 R : J '6 " '6 <6 * * * X %6 * %6 * * * : 50 , 0 >s % a0
14 R6 0 6 k0 R P:
) Z P: 0 P: 0 t * '6 '6 d* X What is WeBekci?
WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. It is an OWASP Project.
Goals:
It will remove management overhead of ModSecurity 2.x. You can configure modsecurity.conf, add special rules and watch system, apache and modsecurity logs (only guardianlog has been implemented in this version).
Features:
It covers 90 percent of the ModSecurity 2.x configuration features. Manual- and GUI-based rule managements are supported. It permits to add single-argument rules and it covers 70 percent of the action parameters. It can be used in monitoring system, apache and ModSecurity guardian logs. As of this version the monitoring utility is rather basic and it gives some information about the system.
Future Development:
Configuration : Will add all ModSecurity 2.x configuration parameter
Rule generator: All ModSecurity 2.x variables and actions will be modifiable. It will be possible to add rules using multiple variables. Defining chain rules will also be possible.
Logging: ModSecurity`s auditlog and debuglog will be presented in more understandable formats; it will support multi apache error and access logs.
Multiple-DB: Will add PostgreSQL and SQLite support.
Requirement:
Platform Linux/Unix,
Apache + ModSecurty 2.x
Php
Mysql
Web Page:
HYPERLINK "https://www.owasp.org/index.php/Category:OWASP_WeBekci_Project" https://www.owasp.org/index.php/Category:OWASP_WeBekci_Project
Mail List:
HYPERLINK "mailto:owasp-webekci@lists.owasp.org" owasp-webekci@lists.owasp.org
Installation:
Download adress: HYPERLINK "http://sourceforge.net/projects/webekci/" http://sourceforge.net/projects/webekci/
# tar zxvf webekci-1.0.tar.gz
# mv webekci /usr/local/www/
# cd /usr/local/www/webekciPrimarily, create .htaccess and .htpasswd files. These are required for WeBekci`s own.
Edit .htaccess file:
# vi .htaccess In the .htaccess file, enter the correct path for the .htpasswd file in the AuthUserFile line in accordance with your own configuration:
AuthUserFile /usr/home/bunyamin/.htpasswd
AuthType Basic
AuthName "Owasp-WeBekci Screet Area"
require valid-user
Now edit .htpasswd file:
# vi .htpasswdIf the user name is going to be webekci and password 1234, then enter:
webekci:cwc9eWGIM9r5MYou may enter your own UID and password.
Now, you need define directory in the httpd.conf file.
Alias /webekci/ "/usr/local/www/webekci/"
Options None
AllowOverride All
Order Allow,Deny
Allow from all
Note: If you are using mod_rewrite, then enter AllowOverride All so that .htaccess file can be read. Otherwise enter AllowOverride None.
# apachectl restartMake necessary modifications in config.php file. Add the following line:
$config['modsecurity_conf']='/usr/local/etc/apache22/extra/mod_security.conf';
Its important to create the mod_security.conf file and include its path to the httpd.conf. Lets add the following line into your httpd.conf. Change the path according to your distribution if necessary.
Include etc/apache22/extra/mod_security.confTo give the www user read and write permissions:
# chown www /usr/local/etc/apache22/extra/mod_security.confNote: www user is the user where apache runs. Please check the the following entries in httpd.conf:
User www
Group www
Some distributions may have different user and/or group names.
After configuring WeBekci you need to restart apache. Do this with these sudo configurations:
$config['apache_config_test'] = '/usr/local/bin/sudo /usr/local/sbin/httpd -t';
$config['apache_restart']='/usr/local/bin/sudo /usr/local/sbin/httpd -k restart';
Also alter your config.php according to your distro. Edit sudoers file:
# vi /usr/local/etc/sudoersEnter these lines:
www ALL=NOPASSWD:/usr/local/sbin/httpd -k restart
www ALL=NOPASSWD:/usr/local/sbin/httpd -tNow www user can do config test and restart operations restart apache without having to enter password.
Please make sure you entered MySQL related changes in your config.php file; and browse your site and run the install.php file:
HYPERLINK "http://www.site.com/webekci/install.php" http://www.site.com/webekci/install.php
Do not forget to delete install.php later..
# rm install.phpA reminder: www user must have read-write rights to audit, debug and guardian log files. For instance, if the Guardian log file has the path as /var/log/modsec_guardian.log , then we need to enter this command:
# chown www /var/log/modsec_guardian.logNow the guardian log can be seen in the program. You have to do chown for other log files, too.
I express my gratitude to those who helped me with this write-up.
# ( 9 C _ a c e j r u } 7 8 e f h i l x ˮ˵˪˪˪˪˪Ғم~~~s~o~ hjl h1 h@ B*ph h0 h@ h0 h-+` 5B*ph h0 hb 5B*ph h1 h0 B*ph h0 h0 h0 h1 hV B*ph h1 hd B*ph h0 hV h0 hb h0 hb 5B*ph h0 hM\e 5B*ph h0 h0 5B*ph * 6 7 K L I
!
6
&