View Categories

Detecting an SQL injection attack

1 min read

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

This use case simulate an SQL injection attack against an Ubuntu endpoint and detect it in Argus

Architecture

EndpointDescription
UbuntuVictim endpoint running an Apache web server
RHEL 9.0Attacker endpoint that launches the SQL injection attack

Configuration

Ubuntu endpoint

Steps to install Apache and configure the Argus Agent to monitor the Apache logs.

  1. Update local package:
$ sudo apt update
  • Install Apache web server:
$ sudo apt install apache2
  • Check the status of the Apache :
$ sudo systemctl status apache2
  • Use the curl command to view the Apache landing page and verify installation
$ curl http://<Ubuntu-IP>
  • Add the following  to the Argus agent /var/ossec/etc/ossec.conf file. This allows the Argus agent to monitor the access logs of your Apache server:
<ossec_config>      <localfile>      <log_format>apache</log_format>      <location>/var/log/apache2/access.log</location>      </localfile> </ossec_config>
  • Restart the Argus agent
$ sudo systemctl restart wazuh-agent

Leave a Reply

Your email address will not be published. Required fields are marked *