LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-23-2021, 07:45 AM   #1
n00b_noob
Member
 
Registered: Sep 2020
Posts: 319

Rep: Reputation: Disabled
IDS/IPS vs WAP.


Hello,
An IDS/IPS like Suricata-IDS can't protect a web server like Apache?

Click image for larger version

Name:	WAF.jpg
Views:	11
Size:	173.4 KB
ID:	35696

Is a WAF mandatory to protect a website?

Thank you.
 
Old 02-23-2021, 10:03 AM   #2
uteck
Member
 
Registered: Oct 2003
Location: Elgin,IL,USA
Distribution: GalliumOS on Chrombook
Posts: 614

Rep: Reputation: 199Reputation: 199
Is your website running webapps that can be run in users browsers? Then a WAF can help protect it.
Most websites will not get a lot of benefit from a WAF since they are only doing basic things, like let letting people login and post questions/answers.
If the website is used like a portal to access other servers, then a WAF between the web server and the others will help protect them.
 
Old 02-23-2021, 12:24 PM   #3
n00b_noob
Member
 
Registered: Sep 2020
Posts: 319

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by uteck View Post
Is your website running webapps that can be run in users browsers? Then a WAF can help protect it.
Most websites will not get a lot of benefit from a WAF since they are only doing basic things, like let letting people login and post questions/answers.
If the website is used like a portal to access other servers, then a WAF between the web server and the others will help protect them.
Yes, it is a WordPress website. When people can login and post, then some attacks like XSS and SQL Injection happen!

Last edited by n00b_noob; 02-23-2021 at 12:25 PM.
 
Old 02-23-2021, 01:26 PM   #4
uteck
Member
 
Registered: Oct 2003
Location: Elgin,IL,USA
Distribution: GalliumOS on Chrombook
Posts: 614

Rep: Reputation: 199Reputation: 199
A WAF sits between the webserver and other application servers or databases, so will not help you much in this case since things are all on the same server. Odds are the attacks are coming from security holes in a plugin you installed.

You need some sort of intrusion detection system. If your server has SELinux, you could try setting it to enforcing mode which may prevent exploitation from the plugin exploits. Or better yet, remove the plugin that is causing the breach.
 
Old 02-23-2021, 02:44 PM   #5
n00b_noob
Member
 
Registered: Sep 2020
Posts: 319

Original Poster
Rep: Reputation: Disabled
Quote:
A WAF sits between the webserver and other application servers or databases...
Can you show me an example of the application servers?
About SELinux:
Code:
$ ls -Z /var/www/
    system_u:object_r:httpd_sys_content_t:s0 apache_pb.svg.bak
system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
    system_u:object_r:httpd_sys_content_t:s0 html
 system_u:object_r:httpd_sys_rw_content_t:s0 wp
$ ls -Z /var/www/wp/
    system_u:object_r:httpd_sys_rw_content_t:s0 cgi-bin
    system_u:object_r:httpd_sys_rw_content_t:s0 error_log
    system_u:object_r:httpd_sys_rw_content_t:s0 googlee4e6cdb3b56c49dd.html
   system_u:object_r:httpd_sys_script_exec_t:s0 index.php
unconfined_u:object_r:httpd_sys_rw_content_t:s0 license.txt
    system_u:object_r:httpd_sys_rw_content_t:s0 readme.html
    system_u:object_r:httpd_sys_rw_content_t:s0 ssl
   system_u:object_r:httpd_sys_script_exec_t:s0 wordfence-waf.php
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-activate.php
    system_u:object_r:httpd_sys_rw_content_t:s0 wp-admin
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-blog-header.php
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-comments-post.php
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-config.php
unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-config-sample.php
    system_u:object_r:httpd_sys_rw_content_t:s0 wp-content
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-cron.php
    system_u:object_r:httpd_sys_rw_content_t:s0 wp-includes
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-links-opml.php
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-load.php
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-login.php
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-mail.php
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-settings.php
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-signup.php
    system_u:object_r:httpd_sys_rw_content_t:s0 wp-statistics.log
   system_u:object_r:httpd_sys_script_exec_t:s0 wp-trackback.php
   system_u:object_r:httpd_sys_script_exec_t:s0 xmlrpc.php
    system_u:object_r:httpd_sys_rw_content_t:s0 zhupclient_key.1567309333.html
    system_u:object_r:httpd_sys_rw_content_t:s0 zhupclient_key.1567317901.html
Is it OK?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Linux Wireless IDS/IPS ?? tekhead2 Linux - Security 4 09-21-2011 11:01 AM
Virtualization - OS, Firewall, RAS/NAS, IDS/IPS on one system? akakwangkyu Linux - Security 4 03-27-2011 02:57 AM
IDS/IPS for detecting/preventing unauthorized VPN or encrypted traffic. Maybe SNORT? sipecup Linux - Security 0 09-11-2007 09:23 AM
adding pci device ids to pci.ids xerxex Linux - General 0 01-18-2006 07:36 PM
IDS and IPS in Linux sharma_arpit Linux - Networking 2 10-11-2005 01:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration