Greetings everyone,
Wanted to update you all that I have posted some new configs out to the
OWASP ModSecurity CRS repo that make it easy to turn existing web servers
into pseudo-honeypot sensors -
https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/master/util/honeypo
t_sensor
The idea is pretty simple if you are already running ModSecurity on a
production Apache web server with the OWASP CRS, then you can add these
configs in. They will have Apache listen on additional ports (8000. 8080
and 8888) and listen for traffic. If anything is received, then the CRS
rules are applied and all traffic is logged and forwarded to our central
WASC logging host using mlogc.
If anyone wants to test this out let me know. I would love to get more
sensors online.
Cheers,
Ryan
Greetings everyone,
Wanted to update you all that I have posted some new configs out to the
OWASP ModSecurity CRS repo that make it easy to turn existing web servers
into pseudo-honeypot sensors -
https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/master/util/honeypo
t_sensor
The idea is pretty simple if you are already running ModSecurity on a
production Apache web server with the OWASP CRS, then you can add these
configs in. They will have Apache listen on additional ports (8000. 8080
and 8888) and listen for traffic. If anything is received, then the CRS
rules are applied and all traffic is logged and forwarded to our central
WASC logging host using mlogc.
If anyone wants to test this out let me know. I would love to get more
sensors online.
Cheers,
Ryan
