ÇØÄ¿Áî´º½º / ÇØÄ¿´ëÇÐ

Donation bitcoin(±âºÎ¿ë ºñÆ®ÄÚÀÎ ÁÖ¼Ò)

¡¡
1Pq3K39XM5xx4CifGKgppXeavtWNNHH7K4
¡¡
±âºÎÇϽŠºñÆ®ÄÚÀÎÀº "º¸¾È Ãë¾à °èÃþ"À» À§ÇØ »ç¿ëµÇ°í ÀÖ½À´Ï´Ù.
¡¡
¡¡

Donation bitcoin(±âºÎ¿ë ºñÆ®ÄÚÀÎ ÁÖ¼Ò)

¡¡
1Pq3K39XM5xx4CifGKgppXeavtWNNHH7K4
¡¡
±âºÎÇϽŠºñÆ®ÄÚÀÎÀº "º¸¾È Ãë¾à °èÃþ"À» À§ÇØ »ç¿ëµÇ°í ÀÖ½À´Ï´Ù.
¡¡

°øÁö

¡¡

1. MS ¿§Áö ºê¶ó¿ìÀú¿¡¼­ÀÇ °æ°íâÀº 'À©µµ¿ì µðÆæ´õ'¸¦ ²ô½Ã¸é µË´Ï´Ù.

             'À©µµ¿ì µðÆæ´õ ²ô±â'

2. Å©·Ò ºê¶ó¿ìÀú·Î Á¢¼Ó½Ã ³ª¿À´Â ¾Ç¼ºÄÚµå °æ°íâÀº ±¸±Û Å©·ÒÀÇ ¿¡·¯, Áï ¿ÀŽ(ŽÁö ¿À·ù)À̹ǷΠ¹«½ÃÇÏ½Ã¸é µË´Ï´Ù.

3. ÀÌ »çÀÌÆ®´Â ¾ÈÀüÇÏ¸ç ±ú²ýÇÏ´Ù´Â °ÍÀ» ¾Ë·Á µå¸³´Ï´Ù.

4. ¹«°íÇÑ »çÀÌÆ®µé¿¡ ´ëÇÑ °ø·æ ±â¾÷ ºê¶ó¿ìÀúµéÀÇ ¹«Â÷º°ÀûÀÎ 'ŽÁö ¿À·ù ȾÆ÷'°¡ »ç¿ëÀÚµéÀÇ Á¤º¸ °øÀ¯ÀÇ ÀÚÀ¯¸¦ ħÇØÇÏ°í ÀÖ½À´Ï´Ù. ÀÌ¿¡ ´ëÀÀÇÏ¿© ÀÌ ±â¾÷µéÀ» »ó´ë·Î ¼Ò¼ÛÀ» ÁغñÇÏ°í ÀÖ½À´Ï´Ù.

¡¡


ÇØÄ¿Áî´º½º Á¦°ø ¸®´ª½º + ½º¸¶Æ®ÆùÀÇ ¸ðµç°Í
 
 
No, 6025
±¸ºÐ: È°¿ëÆÁ
»çÀÌÆ®: ÇØÄ¿Áî´º½º
Á¾·ù: ¾ÆÆÄÄ¡
Á¶È¸: 544
Server Header Á¤º¸¿¡¼­ SW¸í ¿ÏÀü °¡¸®±â!  
1. °³¿ä

WEB º¸¾È ¼³Á¤À¸·Î ²À ÇÏ´Â °Í Áß¿¡ Server Header Á¤º¸ ³ëÃâ Á¦ÇÑÀÌ ÀÖÁÒ!

Apache 2.4 ±âÁØÀ¸·Î ¾Æ·¡¿Í °°ÀÌ ¼³Á¤À» ÇÏ°Ô µË´Ï´Ù.

 * ¼³Á¤ ÆÄÀÏ : conf/extra/httpd-default.conf

ServerTokens Prod
ServerSignature Off

ÇÏÁö¸¸, ÀÌ ¼³Á¤ÀÇ ÃÖ¼±Àº ÀÌ·±°ÅÁÒ.. Apache ¸¦ ¾²°í ÀÖ´Ù´Â °Ç ¾Ë°ÔµË´Ï´Ù. ¤Ð_¤Ð

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2019 05:59:25 GMT
Server: Apache
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html

It works!

HTTPD ¼Ò½º¸¦ ¼öÁ¤ÇÏ¿© ÀçÄÄÆÄÀÏÀ» ÅëÇØ ÇØ´ç ¹®ÀÚ¿­À» ¹Ù²Ü ¼ö´Â ÀÖÁö¸¸, ´ÙÀ½ÀÇ ¸ðµâÀ» »ç¿ëÇϸé Server Çì´õ Á¤º¸¸¦ ¿ì¸®°¡ ¿øÇÏ´Â ¹®ÀÚ¿­·Î º¯°æÇÒ ¼ö ÀÖ½À´Ï´Ù! :)


2. mod_security ¸ðµâ

¡Ø Âü°í »çÀÌÆ® : https://modsecurity.org/

ÀÌ ¸ðµâÀ» Apache HTTP Server ¿£Áø ÇÏÀ§ÀÇ ¸ðµâ¿¡ º¹»çÇØ´Ù ³Ö°í ¸î°¡Áö ¼³Á¤¸¸ ÇØÁÖ¸é!

Server Çì´õ¿¡¼­ ¿µ¿µ Apache Á¶Â÷µµ Áö¿ö¹ö¸± ¼ö°¡ ÀÖ´Ù°í ÇÕ´Ï´Ù. ¤¾¤¾

±×·¡¼­ Å×½ºÆ®¸¦ ÁøÇàÇØ º¸¾Ò½À´Ï´Ù. ¹Ì¸® ¼Ò½º ¼³Ä¡ÇØ µÎ¾ú´ø Apache HTTP Server 2.4 ÀνºÅϽº¿¡ Àû¿ëÇغ¸°Ú½À´Ï´Ù. :) 

 ±âÁ¸ ȯ°æ(httpd -V ·Î È®ÀÎ) : Apache HTTP Server 2.4.39 / Server loaded:  APR 1.6.5, APR-UTIL 1.6.1
 2-1. ÀÏ´Ü »çÀÌÆ®¿¡¼­ È®ÀÎÇÑ °¡À̵å´ë·Î ¸ðµâ ¼³Ä¡¸¦ ÁøÇàÇØ º¾´Ï´Ù.

 1) Á¦ Å×½ºÆ® ¼­¹ö´Â CentOS¿¡¿ä. ¸ðµâÀº yumÀ¸·Î ¼³Ä¡Çß½À´Ï´Ù. ±×·±µ¥, ¹«¾ð°¡ µðÆæ´ø½ÃµéÀÌ ¸¹ÀÌ ¼³Ä¡°¡ µÇ³×¿ä. apr À̶û apr-util ¹öÀüµµ Á¦°¡ Apache ¼³Ä¡ ½Ã ÇÔ²² ÄÄÆÄÀÏ ¼³Ä¡Çß´ø ¸ðµâÀÇ ¹öÀü°ú »óÀÌÇغ¸ÀÔ´Ï´Ù. ÀÏ´Ü ÁøÇà!

# yum install mod_security

=================================================================
Package         Arch     Version                Repository   Size
=================================================================

Installing:
mod_security    x86_64   2.9.2-1.el7            base        249 k

Installing for dependencies:
apr             x86_64   1.4.8-3.el7_4.1        base        103 k
apr-util        x86_64   1.5.2-6.el7            base         92 k
httpd           x86_64   2.4.6-89.el7.centos    updates     2.7 M
httpd-tools     x86_64   2.4.6-89.el7.centos    updates      90 k
mailcap         noarch   2.1.41-2.el7           base         31 k

»ý¼ºµÈ  mod_security2.so ¸ðµâÀ» ±âÁ¸¿¡ ¼³Ä¡ÇØ µÎ¾ú´ø Apache¿£ÁøÀÇ modules µð·ºÅ丮 ÇÏÀ§¿¡ º¹»çÇØ µÓ´Ï´Ù.

 

 2) ±×¸®°í httpd.conf ÆÄÀÏ¿¡ ¾Æ·¡ÀÇ ¼³Á¤À» Ãß°¡ÇØ ÁÖ¾ú¾î¿ä.

LoadModule security2_module modules/mod_security2.so


    SecRuleEngine on
    ServerTokens Prod
    ServerSignature Off
    SecServerSignature "WhoamI?"

 3) Syntax üũ Çغ¾´Ï´Ù. bin/apachectl -t ¸í·É¾î·Î¿ä. ±×·±µ¥... ¾Æ·¡¿Í °°Àº ¿¡·¯°¡ ¹ß»ýÇϳ׿ä. ¿ª½Ã apr°ú ¿¬°üÀÌ ÀÖ´Â °ÍÀ̾ú³×¿ä! yum ¼³Ä¡ÇÑ ¸ðµâÀº ÀÌÁ¦ ¾µ¸ð°¡ ¾ø¾îÁ® ¹ö·È½À´Ï´Ù..¤Ð_¤Ð

httpd: Syntax error on line 154 of /engn001/apache2.4/conf/httpd.conf: Cannot load modules/mod_security2.so into server: /engn001/apache2.4/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
 2-2. ¼Ò½º¸¦ ´Ù¿î¹Þ¾Æ ¸ðµâÀ» ÄÄÆÄÀÏ Çغ¸¾Ò½À´Ï´Ù. 

 

 1) ¼­¹ö¿¡¼­ ¾Æ·¡ ÁּҷκÎÅÍ mod_security ¼Ò½º ÆÄÀÏÀ» ³»·Á¹Þ½À´Ï´Ù.

 

wget https://www.modsecurity.org/tarball/2.9.3/modsecurity-2.9.3.tar.gz

 

¡Ø ÀÌ ¼Ò½º¸¦ ÄÄÆÄÀÏ ÇÏ·Á¸é libxml2-devel ¸ðµâÀÌ ÇÊ¿äÇØ¿ä! ÄÄÆÄÀÏ ÀÌÀü¿¡ ¾Æ·¡¿Í °°ÀÌ ¼³Ä¡¸¦ ÁøÇàÇÕ´Ï´Ù.

 

# yum install libxml2-devel
...

Installed:
  libxml2-devel.x86_64 0:2.9.1-6.el7_2.3

Dependency Installed:
  xz-devel.x86_64 0:5.2.2-1.el7

 

 2) ÀÌÁ¦ mod_security2.so ÆÄÀÏÀ» ¸¸µé¾î³¾ Â÷·ÊÀÔ´Ï´Ù.

 

 ³»·Á¹Þ¾Ò´ø modsecurity-2.9.3.tar.gz ÆÄÀÏÀ» Ç®°í, Ç®¸° µð·ºÅ丮 ¾ÈÀ¸·Î µé¾î°¡¸é configure ½ÇÇà ÆÄÀÏÀÌ º¸ÀÔ´Ï´Ù. Á¦°¡ Àû¿ëÇÒ Apache ¿£Áø°ú °ü·ÃµÈ apr, apxs, pcre µîÀÇ °æ·ÎµéÀ» ÁöÁ¤ÇØÁÖ¾î ÄÄÆÄÀÏÇÕ´Ï´Ù.

 

# ./configure  --with-apr=/engn001/apache2.4/apr  --with-apxs=/engn001/apache2.4/bin/apxs --with-pcre=/engn001/apache2.4/pcre

 ... ¸í·É °á°úµéÀº »ý·«ÇÕ´Ï´ç..¤¾¤¾

# make
# make install 

 

 ÀνºÅç ·Î±×¿¡ º¸´Ï ¾Æ·¡¿Í °°ÀÌ ¼³Ä¡µÈ °æ·Î°¡ º¸ÀÔ´Ï´Ù. ¿ÀÈ£ so ÆÄÀÏÀÌ »ý¼ºµÇ¾ú³×¿ä!!

 

Libraries have been installed in:
   /usr/local/modsecurity/lib


# ls -atlr /usr/local/modsecurity/lib
total 2364
drwxr-xr-x 4 root root      28 Jul 16 15:42 ..
-rwxr-xr-x 1 root root 2417424 Jul 16 15:42 mod_security2.so
drwxr-xr-x 2 root root      30 Jul 16 15:42 .

 

 3) ÀÌ ¸ðµâÀ» ´Ù½Ã Apache ¿£Áø ÇÏÀ§ÀÇ modules µð·ºÅ丮¿¡ º¹»çÇÏ°í httpd.conf ¿¡ ¼³Á¤Çß´ø ³»¿ëÀ» ´Ù½Ã Çѹø È®ÀÎÇÕ´Ï´Ù. ±×¸®°í ´Ù½Ã Syntax üũ!

 

# ./apachectl  -t
Syntax OK

 

 4) Apache ¸¦ Àç½ÃÀÛ ÇÏ°í È®ÀÎÇغ¸¾Ò´Âµ¥, ¿©ÀüÈ÷ Server Çì´õ¿¡ "Apache" ¹®ÀÚ¿­ÀÌ ³ªÅ¸³³´Ï´Ù. ¤Ð_¤Ð ¹¹°¡ ¹®Á¦Àϱî¿ä? 

 

 5) httpd.conf ¿¡ ¼³Á¤Çß´ø ³»¿ë ´Ù½Ã Çѹø È®ÀÎÇغ¸°Ú½À´Ï´Ù. "ServerTokens Prod" ¸¦ "ServerTokens Full" ·Î ¼öÁ¤, Àç½ÃÀÛÇÏ¿© ´Ù½Ã Å×½ºÆ® ÇغýÀ´Ï´Ù. :)

 

LoadModule security2_module modules/mod_security2.so


    SecRuleEngine on
    ServerTokens Full
    ServerSignature Off
    SecServerSignature "WhoamI?"

 

 6) µåµð¾î!!! Á¦°¡ ¿øÇÏ´ø´ë·Î Server ¿¡ "WhoamI?" ·Î Ãâ·ÂµÆ½À´Ï´Ù!

 

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2019 06:15:37 GMT
Server: WhoamI?
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html

It works!

 

 

3. °á·Ð

 mod_security¸ðµâ ÀÌ¿ëÇÏ¿© Server Header Á¤º¸ ³ëÃâÀ» Á¦ÇÑÇÏ°íÀÚ ÇÒ¶§!

 1) Àû¿ë ´ë»ó WEB(Apache HTTP Server)ÀÌ ÄÄÆÄÀÏ ¼³Ä¡µÈ °æ¿ì, ÄÄÆÄÀÏ ½Ã »ç¿ëµÈ apr ¶óÀ̺귯¸®ÀÇ ¹öÀü°ú (Ȥ½Ã ¸ð¸£´Ï)¼³Ä¡ °æ·Î¸¦ ²À È®ÀÎÇØÁÖ¼¼¿ä~

 2) mod_security ¸ðµâµµ ÄÄÆÄÀÏ ¼³Ä¡ÇÏ´Â °Å·Î ÇØ¿ä~ apr ¹öÀüÀ» Ÿ´õ¶ó±¸¿ä~~

 3) ¸ðµâ ¼³Á¤ ½Ã ServerTokens Full ·Î ¼³Á¤ÇØÁà¾ß ÁöÁ¤ÇØÁØ ¹®ÀÚ¿­ÀÌ Ãâ·ÂµÈ´ä´Ï´Ù!


                    ¼öÁ¤/»èÁ¦     ÀÌÀü±Û ´ÙÀ½±Û    
¹øÈ£Á¦ ¸ñÁ¾·ùÀÛ¼ºÀÏ
6027   ¹öÃß¾ó¹Ú½º¿Í º£À̱׷±Æ®·Î °¡»ó ¸Ó½Å »ý¼ºÇϱ⠸®´ª½º  07-22
6026   ¡®³» Æù¾ÈÀÇ ½ÅºÐÁõ¡¯ ½Ã´ë ¿­¸®³ª¡¦À§¡¤º¯Á¶-ÇØÅ·... ½º¸¶Æ®Æù  07-21
6025   Server Header Á¤º¸¿¡¼­ SW¸í ¿ÏÀü °¡¸®±â! ¾ÆÆÄÄ¡  07-20
6024   [Apache HTTP Server] ¾ï¼¼½º ·Î±×¿¡ ƯÁ¤ È®ÀåÀÚ ... ¸®´ª½º  07-19
6023   ¡®º¸¾È¡¯ ´õÇϴ Ƽ¸Æ½º¿À¿¡½º, Â÷º°È­ Àü·« ÅëÇÒ... ¸®´ª½º  07-18
6022   È£½ºÆ®¸í º¯°æÇϱ⠸®´ª½º  07-17
6021   VPNÀ̶õ? ¸®´ª½º  07-16
6020   ¡®³» Æù¾ÈÀÇ ½ÅºÐÁõ¡¯ ½Ã´ë ¿­¸®³ª¡¦À§¡¤º¯Á¶-ÇØÅ·... ½º¸¶Æ®Æù  07-15
6019   [bash: expect] ssh ÀÚµ¿ Á¢¼Ó ¸®´ª½º  07-14
6018   [bash: expect] ´ÙÁß »ç¿ëÀÚ È¯°æ¿¡¼­ º¸¾ÈÀ» ... ¸®´ª½º  07-13
 
 

 
óÀ½ ÀÌÀü ´ÙÀ½       ¸ñ·Ï Ȩ