Step One: Download the latest version of the installation package
https://packages.baidu.com/app/openrasp/release/latest/rasp-php-linux.tar.bz2
Unzip to the directory: / opt / rasp
bzip2 -d rasp-php-linux.tar.bz2
tar -xvf rasp-php-linux.tar
Extract from the folder with the date of the version number is not convenient to set open_base in PHP, so rename the folder to move
mv rasp-php-* /opt/rasp
To the log folder write permissions to other users, or only to run nginx or apache user privileges, or else an attack is detected only interception, do not write the log.
chmod -R 777 /opt/rasp/logs
View php extension in phpinfo in the directory extension_dir
cd /opt/rasp/php
Select the corresponding version of PHP extensions Copy to directory
cp /opt/rasp/php/linux-php5.6-x86_64/openrasp.so /php/56/lib/php/extensions
chmod 755 /php/56/lib/php/extensions/openrasp.so
Modify the php.ini file, add the extension openrasp
Modify php.ini
, or create z-openrasp.ini
a file, add the following:
; BEGIN OPENRASP
[openrasp]
extension=openrasp.so
openrasp.root_dir=/opt/rasp
; Remote Management configuration, no no configuration
; openrasp.backend_url =
; = openrasp.app_id
; openrasp.app_secret =
; =. 1 openrasp.remote_management_enable
; END OPENRASP
Which, openrasp.root_dir represents just selected OpenRASP installation directory, do not fill it can not be loaded. For other configuration parameters, refer to other configuration files to adjust.
Detection plug-in installation
Click here to download the official plug-in plugins / Official / plugin.js , and placed in the <openrasp.root_dir>/plugins/
directory, automatically loaded and entered into force after downloading.
If fastcgi mode to restart php-fpm,
service php-fpm restart
1. Make sure the basic information
In the following web directory, we have established a info.php
, and fill in the following
<?php phpinfo();?>
Visit just created info.php
, check openrasp
whether the module can be loaded successfully, eg
If you do not see a similar message, then the extension failed to load. Common causes
- PHP version and extended version inconsistencies, such as PHP 5.3 version, but PHP 5.6 version you have installed openrasp.so
- INI configuration is incorrect, please refer to the php error.log in the error message
- All error messages are to
[OpenRASP] 错误码
begin with, easy to distinguish, and other logs - For apache / nginx, you can view similar
/var/log/nginx/error.log
path
- All error messages are to
After confirming a successful installation, delete info.php
this file, in order to avoid disclosure of sensitive information.
OpenRASP normal block attacks, but no log alarm.log
Suppose OpenRASP mounted to /opt/rasp
,
- Check if you have write access logs directory
- If you do not have permission, you can do
chmod 777 /opt/rasp/logs
to increase permissions - Check SELinux is turned on, you can do
setenforce 0
close
- If you do not have permission, you can do
- Check that the php error_log log OpenRASP related errors
- If not configured, turn on in php.ini, eg
error_log = /tmp/php_error.log
- If not configured, turn on in php.ini, eg
- Check php open_basedir is closed (or the / opt / rasp added to the path allows's)
- Our alarm log is written using PHP stream, will be affected by this configuration, eg
PHP Warning: scandir(): open_basedir restriction in effect. File(/www/rasp/logs/alarm/alarm.lo
- Our alarm log is written using PHP stream, will be affected by this configuration, eg