App Protect
Upload SSH public key to UDF.
Disable SE Linux
sudo sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux sudo setenforce 0
Install App-Protect:
sudo yum install -y epel-release sudo yum install app-protect
Repo
[App_Protect] name=App_Protect baseurl=http://10.1.1.4 enabled=1 gpgcheck=0
Use NGINX conf:
user nginx;
worker_processes 1;
load_module modules/ngx_http_app_protect_module.so;
error_log /var/log/nginx/error.log debug;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8080;
server_name localhost;
proxy_http_version 1.1;
app_protect_enable on;
app_protect_policy_file "/etc/nginx/default_policy.json";
app_protect_security_log_enable on;
app_protect_security_log "/etc/nginx/log-default.json" syslog:server=10.1.1.5:514;
location / {
client_max_body_size 0;
default_type text/html;
proxy_pass http://10.1.1.5:8080$request_uri;
}
}
}
Policy File
{ "name": "/Common/policy1", "template": { "name": "POLICY_TEMPLATE_NGINX_BASE" }, "applicationLanguage": "utf-8", "enforcementMode": "blocking" }
Logging
{ "filter": { "request_type": "all" }, "content": { "format": "default", "max_request_size": "any", "max_message_size": "5k" } } { "filter": { "request_type": "all" }, "content": { "format": "default", "max_request_size": "any", "max_message_size": "5k" } }
Start App Protect
sudo service nginx enable
Test
/?a=<script>
Update Signatures and Threat Campaigns
sudo yum install app-protect-attack-signatures sudo yum install app-protect-threat-campaigns sudo service nginx reload