SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
This use case simulate an SQL injection attack against an Ubuntu endpoint and detect it in Argus
Architecture
Endpoint
Description
Ubuntu
Victim endpoint running an Apache web server
RHEL 9.0
Attacker endpoint that launches the SQL injection attack
Configuration
Ubuntu endpoint
Steps to install Apache and configure the Argus Agent to monitor the Apache logs.
Update local package:
$ sudo apt update
Install Apache web server:
$ sudo apt install apache2
Check the status of the Apache :
$ sudo systemctl status apache2
Use the curl command to view the Apache landing page and verify installation
$ curl http://<Ubuntu-IP>
Add the following to the Argus agent /var/ossec/etc/ossec.conf file. This allows the Argus agent to monitor the access logs of your Apache server: