OWASP ModSecurity (CRS) for everyone on openSUSE.

Posted on by

As an active member of the openSUSE Linux developer community and Chapter Leader for OWASP SP, I am now responsible for maintaining and updating the ModSecurity CRS packages on the openSUSE platform, as well as managing other important packages such as the official ZAP Core. For more information and supporting documentation, please refer to the lin: https://build.opensuse.org/package/view_file/openSUSE:Factory/owasp-modsecurity-crs/owasp-modsecurity-crs.spec

First motivation

The motivation comes from the fact that OWASP ModSecurity Core Rule Set (CRS) v3.3.4 does not detect the presence of several “Content-Type” HTTP header fields. As a result, on some platforms it is possible to cause a CRS installation to process an HTTP request body differently (due to the different content type) than how it would be processed by a backend web application. More information at https://nvd.nist.gov/vuln/detail/CVE-2023-38199.

Version 3.3.5 of CRS was released to address this vulnerability. And so I decided to update the package in the SUSE and openSUSE distribution.

Second motivation

Implementing an effective Web Application Firewall (WAF) is not the sole responsibility of the information security department; it’s a shared duty that we all must take seriously.

Below is a simplified guide for installing ModSecurity for Apache with CRS, stripping away any unnecessary complexity or “black magic.”

After the entire installation, Ricardo Martins (r00t1ng) performed the pentest to ensure the CRS protection features. Thank you!

First install the necessary packages:

# zypper in apache2  apache2-example-page owasp-modsecurity-crs owasp-modsecurity-crs-apache2 apache2-mod_security2

Now with the packages properly installed, add the apache modules:

# a2enmod unique_id
# a2enmod security2

Verify that the /etc/apache2/conf.d/owasp-modsecurity-crs.conf file has the following content:

<IfModule mod_security2.c>
       Include “/etc/owasp-modsecurity-crs/crs-setup.conf”
       Include “/etc/owasp-modsecurity-crs/rules.d/*”
</IfModule>

In your domain’s configuration file, insert the SecRuleEngine line according to the example below:

Now restart apache and READY!

# rcapache2 restart

or

# systemctl restart apache2

Criticisms and suggestions at Cabelo@opensuse.org or alessandro.faria@owasp.org

1 thought on “OWASP ModSecurity (CRS) for everyone on openSUSE.

  1. Pingback: Links 06/09/2023: Manjaro 23 Released and Changes in Zenwalk | Techrights

Leave a comment