Skip to main content

Установка

  • Подгружаем правила
cd /var/tmp

wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v4.10.0.tar.gz
wget https://github.com/coreruleset/coreruleset/releases/download/v4.10.0/coreruleset-4.10.0.tar.gz.asc
  • Проверяем целостность
gpg --fetch-key https://coreruleset.org/security.asc
gpg --edit-key <RSA KEY ID>

gpg> trust
Your decision: 5 (ultimate trust)
Are you sure: Yes
gpg> quit

gpg --verify coreruleset-4.10.0.tar.gz.asc v4.10.0.tar.gz
  • Устанавливаем правила
mkdir /etc/crs4
tar -xzvf v4.10.0.tar.gz --strip-components 1 -C /etc/crs4
  • Подгружаем файл конфигурации
cd /etc/crs4
mv crs-setup.conf.example crs-setup.conf
  • Подгружаем в ModSecuirty модуль
nano -w /etc/apache2/mods-enabled/security2.conf
        # Include OWASP ModSecurity CRS rules if installed
        #IncludeOptional /usr/share/modsecurity-crs/*.load
        IncludeOptional /etc/crs4/crs-setup.conf
        IncludeOptional /etc/crs4/plugins/*-config.conf
        IncludeOptional /etc/crs4/plugins/*-before.conf
        IncludeOptional /etc/crs4/rules/*.conf
        IncludeOptional /etc/crs4/plugins/*-after.conf
  • Перезагружаем Apache
systemctl restart apache2
systemctl status apache2

Back to top