Server : Apache System : Linux server1.cgrithy.com 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64 User : nobody ( 99) PHP Version : 8.1.23 Disable Function : NONE Directory : /etc/apache2/conf.d/modsec_vendor_configs/OWASP3/util/honeypot-sensor/ |
The purpose of these files is to turn your current ModSecurity host into
a pseudo-honeypot sensor by doing the following:
1. Instructs Apache to listen for traffic on multiple unused ports
- 8000
- 8080
- 8888
2. Creates Apache virtual host containers to bind to these ports.
3. If any traffic is received on these ports, then ModSecurity will
inspect the traffic by inheriting any rules specified in the main
Apache configuration.
4. ModSecurity's Audit Engine will use the mlogc program to forward
the audit log entry onto the ModSecurity Project's central logging
server.