[security] security engine things

 

1. luarock

  luarock 之于 lua,就好比 pip 之于 python

  https://luarocks.org/

 

2.  lua的库

[root@base package]# ls -1 luasec/luarocks/
lrexlib-pcre-2.7.2-1.src.rock
luafilesystem-1.6.3-1.src.rock
lub-1.1.0-1.src.rock
yaml-1.1.2-1.src.rock
[root@base package]#

 

3.  其他

  PCRE库

https://github.com/google/re2/

  BoyerMoore

  base64 decode

  Aho-Corasick

4.  规则

[root@base rules]# ls -1
language_sample.yaml
rule_1127.yaml
sec_advanced.yaml
sec.yaml
waf_rules.yaml
[root@base rules]#

 

5.  bitdefender

  https://www.bitdefender.com/

 

 6.  MessagePack

  http://msgpack.org/

  https://github.com/msgpack/msgpack-c

 

7.   http://www.huorong.cn/

8.   modsecurity

  https://modsecurity.org/

  https://github.com/SpiderLabs/ModSecurity

  https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#ModSecurityreg_Reference_Manual

  读wiki:https://github.com/SpiderLabs/ModSecurity/wiki

  规则:

  https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

  https://modsecurity.org/crs/

  https://github.com/SpiderLabs/owasp-modsecurity-crs

 

  安装 modsecurity to nginx

  https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX

9.   

 

 

 

 

 

 

 

 

 

posted on 2017-06-06 14:25  toong  阅读(182)  评论(0编辑  收藏  举报