SEC350‐Lab 5.1 Wazuh WAF - ConnorEast/Tech-Journal GitHub Wiki

>>> Pre-Requisits:

Box Command Reason / Image
[FW01-East](CLI configure) Set firewall name WAN-to-DMZ rule 1 action accept
[FW01-East](CLI configure) set firewall name WAN-to-DMZ rule 1 state establish enabled
[FW01-East](CLI configure) set firewall name DMZ-to-WAN rule 999 action accept
[FW01-East](CLI configure) set firewall name DMZ-to-WAN rule 999 source address 172.16.50.3

Lab Goal:

In this lab we are going to augment web01 by adding a web application firewall (WAF). The wazuh agent should currently be able to forward apache error logs so a good deal of our work is done for us already. We are then going to run malicious http requests against web01 to see how our WAF performs.



Section 1: Installing mod security

Box Command Reason / Image
[Web01-East] sudo yum install mod_security mod_security_crs php php-common php-opcache php-cli php-gd php-curl php-mysqlnd -y
[FW01-East](configure) set firewall rule name WAN-to-DMZ rule 999 disable Disables the firewall rule created. make sure to commit and save following this command
[RW01-East] sudo apt upgrade
[RW01-East] sudo apt update
[RW01-East] sudo apt install curl -y
[Web01-East] vi /var/www/html/index.html
[Web01-East] vi /var/www/html/index.php
[Web01-East] mv index.html index
[Web01-East] rm /etc/httpd/conf.d/welcome.conf
[Web01-East] systemctl restart httpd

Deliverable 1: Security 2 Module test

Deliverable 2:

Deliverable 3: Web command /sbin/ifconfig

Deliverable 4: Shadow Folder Catting

Deliverable 5:

Deliverable 6


Issues:

Issue 1: No curl

The second deliverable requires curl which is not installed on rw01.

Box Command Reason / Image
⚠️ **GitHub.com Fallback** ⚠️