Fatal编程技术网
  • apache/
  • Apache Mod_安全av_扫描

Apache Mod_安全av_扫描

apache security debian

Apache Mod_安全av_扫描,apache,security,debian,mod,Apache,Security,Debian,Mod,我在Debian Jessie服务器上安装了带有OWASP规则的mod_security,遇到了一个问题,即当我尝试上载文件时,它没有运行“runav.pl”脚本 我修改了脚本,在运行时创建/tmp/filewrite.txt,内容为“testtext”。如果我手动运行它,它会创建一个文件,但是当我上传一个文件时,它不会创建上面提到的测试文件 以下是修改后的runav.pl脚本: #!/usr/bin/perl # # runav.pl # Copyright (c) 2004-2011 Tru

我在Debian Jessie服务器上安装了带有OWASP规则的mod_security,遇到了一个问题,即当我尝试上载文件时,它没有运行“runav.pl”脚本

我修改了脚本,在运行时创建/tmp/filewrite.txt,内容为“testtext”。如果我手动运行它,它会创建一个文件,但是当我上传一个文件时,它不会创建上面提到的测试文件

以下是修改后的runav.pl脚本:

#!/usr/bin/perl
#
# runav.pl
# Copyright (c) 2004-2011 Trustwave
#
# This script is an interface between ModSecurity and its
# ability to intercept files being uploaded through the
# web server, and ClamAV

my $filename = '/tmp/filewrite.txt';
open(my $fh, '>', $filename);
print $fh "Test text\n";
close $fh;

$CLAMSCAN = "clamdscan";

if ($#ARGV != 0) {
    print "Usage: modsec-clamscan.pl <filename>\n";
    exit;
}

my ($FILE) = shift @ARGV;

$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
$input = `$cmd`;
$input =~ m/^(.+)/;
$error_message = $1;

$output = "0 Unable to parse clamscan output [$1]";

if ($error_message =~ m/: Empty file\.?$/) {
    $output = "1 empty file";
}
elsif ($error_message =~ m/: (.+) ERROR$/) {
    $output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: (.+) FOUND$/) {
    $output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: OK$/) {
    $output = "1 clamscan: OK";
}

print "$output\n";
激活的规则位于/etc/modsecurity/Activated_rules下,所有其他规则都运行良好,但“modsecurity_crs_46_av_scanning.conf”除外

有人知道为什么它不处理上传的文件吗

SecServerSignature FreeOSHTTP

SecRequestBodyAccess On

SecRequestBodyLimit 20971520
SecRequestBodyNoFilesLimit 131072

SecRequestBodyInMemoryLimit 20971520

SecRequestBodyLimitAction Reject

SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml
SecResponseBodyLimit 524288
SecResponseBodyLimitAction ProcessPartial
SecTmpDir /tmp/
SecDataDir /tmp/
SecUploadDir /opt/modsecuritytmp/
SecUploadFileMode 0640
SecDebugLog /var/log/apache2/debug.log
SecDebugLogLevel 3
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/apache2/modsec_audit.log
SecArgumentSeparator &
SecCookieFormat 0
SecUnicodeMapFile unicode.mapping 20127
SecStatusEngine On