[CENTOS] After installing SiteGuard, let's set permission for firewall and phpMyAdmin

After installing SiteGuard, let's set permission for firewall and phpMyAdmin

Immediately after installing SiteGuard, access was blocked by firewall, DB editing with phpMyAdmin was blocked, and I stumbled, so make a note: pencil2:

Work procedure

  1. Install SiteGuard
  2. Open 9443 port with firewall
  3. Set SiteGuard signatures to work with phpMyAdmin

https://siteguard.jp-secure.com/product/siteguard-server-edition/howto/install/

Install SiteGurard

Install because java1.8.0 is required for the operating environment.

$ sudo yum -y install java-1.8.0-openjdk

Register as a user on the Official Site and download the installation file. Upload the downloaded file to the user directory by FTP etc. and install from the rpm file.

$ rpm -Uvh siteguard-server-edition-X.XX-X.x86_64.rpm 
option Description
–U Package upgrade(Updated to the latest version)}
–v Display the name of the package being processed
–h Show progress

Run the setup file after installation

# cd /opt/jp-secure/siteguardlite/
# ./setup.sh
please enter Apache Config File. [/etc/httpd/conf/httpd.conf] --> [The path to the apache configuration file. Leave blank]
Apache Config File=[/etc/httpd/conf/httpd.conf]
is correct? [yes]|no --> [Blank]

please enter Apache Binary File (httpd). [/usr/sbin/httpd] --> [Path of the apache executable file. Leave blank]
Apache Binary File (httpd)=[/usr/sbin/httpd]
is correct? [yes]|no --> [Blank]

Is the Web server registered in systemd?
please select. [yes]|no --> [The name of the system daemon that controls the operation of apache. Leave blank]

please enter Apache service name. [httpd] --> [The apache service name used by the system daemon. Leave blank]
Apache service name=[httpd]
is correct? [yes]|no --> [Blank]

do you want to use the web administrative console?
* to use the console, you will need JDK or JRE is installed.
please select. [yes]|no --> [Do you use the management screen on the Web? Java required. Leave blank]

please enter JDK or JRE directory. [/usr/lib/jvm/jre-1.8.0] --> [Java directory path. Leave blank]
JDK or JRE directory=[/usr/lib/jvm/jre-1.8.0]
is correct? [yes]|no --> [Blank]

please enter the port number of the web console for https.
please enter port number. [9443] --> [The port number used on the management screen. Leave blank]
port number=[9443]
is correct? [yes]|no --> [Blank]

please enter the addresses allowed to access the web console for https.
ex:192.168.1.100 10.0.0.0/24
please enter allowed addresses. [all] --> [The IP address to allow access to the management screen. Leave blank]
allowed addresses=[192.168.0.0/24 192.168.0.93]
is correct? [yes]|no --> [Blank]

do you change the ssl certificate files?
please select. yes|[no] --> [SSL server certificate path. You can leave it blank, but SSL will not be possible.]
update server config file done.
update Makefile done.
------------------------------------------------------
  Starting services...
------------------------------------------------------
Starting Tomcat(WebUI for SiteGuard Server Edition):       [  OK  ]
Starting Notify Service:                                   [  OK  ]

Apache restart. Are you sure? [yes]|no --> [Blank]
Stopping :                                                 [  OK  ]
------------------------------------------------------
  clear tmp files
------------------------------------------------------
removing tmp files ...
done.
starting web server ...
Starting :                                                 [  OK  ]
Apache restart done.
------------------------------------------------------
  finished SiteGuard Server Edition setup
------------------------------------------------------
  Please access following URL for starting service.
  https://localhost.localdomain:9443/
  (default user:admin, default password:admin) 

------------------------------------------------------
  SiteGuard Server Edition setup done...
------------------------------------------------------

Basically, each setting can be left as default. However, if you want to restrict IP to the management screen or support SSL on the management screen, you need to set it in the corresponding item. If you execute the setup file again, you can change the settings as needed.

Open port 9443 with firewall

By default, 9443 port is assigned, but since only http (80) / https (443) / ssh (22) is open in the firewall settings, add an open port.

9443 Create a new siteguard as a service to open ports.

# vim /etc/firewalld/services/siteguard.xml

/etc/firewalld/services/siteguard.xml


<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SiteGaurd Server Edition</short>
  <description>Configure SiteGuard Server Edition using the web administration screen.</description>
  <port protocol="tcp" port="9443"/>
  <port protocol="udp" port="9443"/>
</service>

9443 Updated firewall to load siteguard as a service to open ports.

# firewall-cmd –reload

Permanently enable the added siteguard service

$ sudo firewall-cmd --add-service=siteguard --zone=public --permanent

Reboot and reflect the settings

$ sudo firewall-cmd --reload

Check zone information. Make sure services have been added to the public zone.

$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens2f1
  sources: 
  services: dhcpv6-client http https siteguard ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

Set SiteGuard signatures to work with phpMyAdmin

https://[サーバーホスト名(またはIPアドレス)]:9443にアクセスしてログインし、管理アカウント情報を変更する。

Default
ID admin
Password admin

Enable the inspection function. image.png ↓ Click [Apply] image.png

http://[サーバーホスト名(またはIPアドレス)]にアクセスして、正しく表示されることを確認し、http://[サーバーホスト名(またはIPアドレス)]/WAF-TEST-SIGNATURE/で検査機能によって検出した検出メッセージが表示されることを確認する。 If "ErrorDocument 403" is specified in the Apache settings, the message specified in ErrorDocument is displayed. image.png

Confirm that there are traces of blocking with http: // [server host name (or IP address)] / WAF-TEST-SIGNATURE / in the log.

image.png

Enables automatic updates of files used in signature checking (a method of checking a defined configuration file against behavior such as actual access).

image.png

Backup of settings

image.png

Add a custom signature to allow operations in phpMyAdmin.

image.png

Inspection target Connection source IP address: ^ 192 \ .168 \ .0 . For 192.168.0. *. URL: / phpmyadmin / for operations with phpMyAdmin If you want to allow from multiple IP addresses, assign a rule for each IP. (Because multiple conditions are judged by AND)

Thank you for your hard work.

Recommended Posts

After installing SiteGuard, let's set permission for firewall and phpMyAdmin
Things to set after installing RubyMine