반응형
CentOS 7에 Apache2의 확장 모듈인 Evasive를 설치하는 방법
EPEL 저장소 설치
yum install -y epel-release
필수 패키지 설치
yum install -y httpd httpd-devel
Evasive 모듈 설치
yum install -y mod_evasive
Evasive 활성화 및 설정
vim /etc/httpd/conf.d/mod_evasive.conf
LoadModule evasive20_module /usr/lib64/httpd/modules/mod_evasive20.so
apachectl -M | egrep evasive
$ apachectl -M | egrep evasive
evasive20_module (shared)
Evasive 모듈에 대한 설정
- mod_evasive.conf 원본 파일
$ cat /etc/httpd/conf.d/mod_evasive.conf
# mod_evasive configuration
LoadModule evasive20_module modules/mod_evasive24.so
<IfModule mod_evasive24.c>
# The hash table size defines the number of top-level nodes for each
# child's hash table. Increasing this number will provide faster
# performance by decreasing the number of iterations required to get to the
# record, but consume more memory for table space. You should increase
# this if you have a busy web server. The value you specify will
# automatically be tiered up to the next prime number in the primes list
# (see mod_evasive.c for a list of primes used).
DOSHashTableSize 3097
# This is the threshhold for the number of requests for the same page (or
# URI) per page interval. Once the threshhold for that interval has been
# exceeded, the IP address of the client will be added to the blocking
# list.
DOSPageCount 2
# This is the threshhold for the total number of requests for any object by
# the same client on the same listener per site interval. Once the
# threshhold for that interval has been exceeded, the IP address of the
# client will be added to the blocking list.
DOSSiteCount 50
# The interval for the page count threshhold; defaults to 1 second
# intervals.
DOSPageInterval 1
# The interval for the site count threshhold; defaults to 1 second
# intervals.
DOSSiteInterval 1
# The blocking period is the amount of time (in seconds) that a client will
# be blocked for if they are added to the blocking list. During this time,
# all subsequent requests from the client will result in a 403 (Forbidden)
# and the timer being reset (e.g. another 10 seconds). Since the timer is
# reset for every subsequent request, it is not necessary to have a long
# blocking period; in the event of a DoS attack, this timer will keep
# getting reset.
DOSBlockingPeriod 10
# If this value is set, an email will be sent to the address specified
# whenever an IP address becomes blacklisted. A locking mechanism using
# /tmp prevents continuous emails from being sent.
#
# NOTE: Requires /bin/mail (provided by mailx)
#DOSEmailNotify you@yourdomain.com
# If this value is set, the system command specified will be executed
# whenever an IP address becomes blacklisted. This is designed to enable
# system calls to ip filter or other tools. A locking mechanism using /tmp
# prevents continuous system calls. Use %s to denote the IP address of the
# blacklisted IP.
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
# Choose an alternative temp directory By default "/tmp" will be used for
# locking mechanism, which opens some security issues if your system is
# open to shell users.
#
# http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
#
# In the event you have nonprivileged shell users, you'll want to create a
# directory writable only to the user Apache is running as (usually root),
# then set this in your httpd.conf.
#DOSLogDir "/var/lock/mod_evasive"
# You can use whitelists to disable the module for certain ranges of
# IPs. Wildcards can be used on up to the last 3 octets if necessary.
# Multiple DOSWhitelist commands may be used in the configuration.
#DOSWhitelist 127.0.0.1
#DOSWhitelist 192.168.0.*
</IfModule>
- mod_evasive.conf 편집
vim /etc/httpd/conf.d/mod_evasive.conf
# mod_evasive configuration
LoadModule evasive20_module modules/mod_evasive24.so
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify you@yourdomain.com
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSLogDir "/var/log/mod_evasive"
#DOSWhitelist 127.0.0.1
#DOSWhitelist 192.168.0.*
</IfModule>
위의 설정에서는 DDoS 공격으로 간주되는 요청 수, 사이트 수, 탐지 간격 등을 설정할 수 있습니다. 필요에 따라 설정을 조정하고 원하는 이메일 알림 주소와 로그 디렉토리를 지정하세요.
mod_evasive 모듈 테스트
- perl 설치
yum install -y perl
- test.pl 편집
vim /usr/local/src/mod_evasive-master/test.pl
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO::Socket;
use strict;
for(0..100) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto => "tcp",
PeerAddr=> "127.0.0.1:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}
- test.pl 테스트 실행
$ perl /usr/local/src/mod_evasive-master/test.pl
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
- mod_evasive 로그 확인
$ ls -l /var/log/mod_evasive
-rw-r--r-- 1 apache apache 5 Feb 9 16:47 dos-172.18.0.1
$ cat /var/log/mod_evasive/dos-172.18.0.1
1173
728x90
Evasive 소스 파일로 설치하는 방법
작업 디렉토리로 이동
cd /usr/local/src/
1. 모듈 소스 코드 다운로드
wget https://github.com/velope/Evasive/archive/master.zip
2. 소스 파일 압축 해제
unzip master.zip
3. 소스 코드 디렉토리로 이동
cd Evasive-master
4. Evasive 컴파일
make
5. Evasive 설치
make install
---output---
----------------------------------------------------------------------
Libraries have been installed in:
/usr/local/apache2/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the 'LD_RUN_PATH' environment variable
during linking
- use the '-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to '/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/local/apache2/modules/mod_evasive24.so
[activating module `evasive20' in /usr/local/apache2/conf/httpd.conf]
6. Evasive 설치 확인
$ /usr/local/apache2/bin/apachectl -M | grep evasive
evasive20_module (shared)
$ cat /usr/local/apache2/conf/httpd.conf | grep evasive
LoadModule evasive20_module modules/mod_evasive24.so
7. mod_evasive.conf 파일 생성
vim /usr/local/apache2/conf/mod_evasive.conf
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify <YOU@YOURMAIL.COM>
</IfModule>
8. mod_evasive 로그 폴더 생성
mkdir /var/log/httpd/mod_evasive
9. mod_evasive 모듈 테스트(test.pl)
yum install -y perl
vim /usr/local/src/mod_evasive-master/test.pl
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO::Socket;
use strict;
for(0..100) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto => "tcp",
PeerAddr=> "127.0.0.1:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0\n\n";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}
perl /usr/local/src/mod_evasive-master/test.pl
728x90
반응형
'리눅스' 카테고리의 다른 글
리눅스 curl 명령어(curl bash -x) (0) | 2022.02.24 |
---|---|
ssh 접속 시 no matching key exchange method found 에러 (0) | 2022.02.22 |
CentOS 8에서 Webalizer를 설치하는 방법 (0) | 2022.02.04 |
[linux] rpcgen install for centos 8 (0) | 2022.01.27 |
nmap 명령어 (0) | 2022.01.24 |