user guide · the apache defense module must be installed for wtp. ... [root@testlinux64...

Web Tamper Protection

User Guide

Issue 02

Date 2017-08-25

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2017. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees orrepresentations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://e.huawei.com

Issue 02 (2017-08-25) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://e.huawei.com

Contents

1 Introduction.................................................................................................................................... 11.1 Concepts......................................................................................................................................................................... 11.1.1 WTP.............................................................................................................................................................................11.1.2 File Driver Technology................................................................................................................................................11.2 Functions........................................................................................................................................................................ 11.3 Application Scenarios.....................................................................................................................................................11.4 Accessing and Using WTP............................................................................................................................................. 31.4.1 How to Access WTP....................................................................................................................................................31.4.2 How to Use WTP.........................................................................................................................................................31.4.3 Related Services.......................................................................................................................................................... 3

2 Management................................................................................................................................... 52.1 Installing a WTP Client.................................................................................................................................................. 52.2 Enabling WTP................................................................................................................................................................ 82.3 Adding Files to Be Protected........................................................................................................................................ 112.4 Viewing the ECS List................................................................................................................................................... 122.5 Viewing Protection Records......................................................................................................................................... 142.6 Querying Statistics........................................................................................................................................................152.7 Canceling File Protection............................................................................................................................................. 162.8 Disabling WTP............................................................................................................................................................. 172.9 Uninstalling a WTP Client........................................................................................................................................... 18

3 FAQs...............................................................................................................................................203.1 What Is WTP?.............................................................................................................................................................. 203.2 Why Does Not the Protection Status Change Immediately After I Enable or Disable WTP?..................................... 20

A Change History........................................................................................................................... 21

Web Tamper ProtectionUser Guide Contents


ii

1 Introduction

1.1 Concepts

1.1.1 WTPWeb Tamper Protection (WTP) uses file driver technologies to provide comprehensiveprotection for directories specified by public cloud users. It prevents files in these directories,including web pages, documents, images, and databases, from being tampered with orcorrupted by hackers or viruses.

1.1.2 File Driver TechnologyFile driver technologies enable programs to work at the driver layer of an operating system(OS), thereby monitoring sessions of the OS and hardware devices. Programs developed usingfile driver technologies can provide services for all application software on the OS platform.

1.2 FunctionsWTP provides the following functions:

l Performing real-time tamper detection for website files on Elastic Cloud Servers (ECSs)and using preset rules to prevent them from being tampered with or corrupted.

l Transmitting alarm information when website files on ECSs are tampered with,including the time the tampering occurred, file names, process IDs, names of theprocesses affected, and tampering methods used.

l Collecting statistics on the ECSs, file types, and processes that are currently beingprotected.

1.3 Application ScenariosBy detecting tampering behavior on protected files and sending alarms, WTP preventstampering of specified files on ECSs where WTP clients are installed. In this manner, itprotects website files from tampering and corruption.

Web Tamper ProtectionUser Guide 1 Introduction


1

l WTP supports the following Linux OS versions:

Table 1-1 Supported Linux OS versions

No. OS Version Constraint

1 CentOS 5.11 32bit Database protectionsupports only MySQLcurrently.2 CentOS 5.11 64bit

3 CentOS Linux 5.5 64bit






9 Debian 7.5 32bit

10 Debian 7.5 64bit

11 Debian 8.2 64bit

12 Ubuntu Server 10.04 64bit


14 Ubuntu Server 12.04.2 32bit



l WTP supports the following Windows OS versions:

Table 1-2 Supported Windows OS versions


1 Windows Server Enterprise 2008 Service Pack2 l If a piece of third-partysecurity software, suchas McAfee, has beeninstalled on yourserver, stop itsprotection functionbefore installing aWTP client. After youinstall the client, youcan re-enable theprotection function onthe software.

2 Windows Web Server 2008 R2

3 Windows Server Standard 2008 R2

4 Windows Server Enterprise 2008 R2

5 Windows Server Datacenter 2008 R2

6 Windows 2012 R2 Standard



2


7 Windows 2012 R2 Datacenter l Database protectionsupports only MySQLcurrently.

1.4 Accessing and Using WTP

1.4.1 How to Access WTPYou can use the management console to access WTP. If you have registered a public cloudaccount, log in to the management console, and choose Security > Product Center ofPartners > Web Tamper Protection.

1.4.2 How to Use WTPYou can use the management console to enable WTP and add files for protection for ECSs.On the console, you can view the ECSs' protection records.

1.4.3 Related Services

ECS

WTP protects web site files on ECSs from being tampered with.

CTS

Cloud Trace Service (CTS) provides you with a history of WTP operations. After enablingCTS, you can view all generated traces to review and audit performed WTP operations. Fordetails, see the Cloud Trace Service User Guide.

Table 1-3 WTP operations that CTS supports

Operation Resource Type Trace Name

Enabling WTP wtp openWtp

Disabling WTP wtp stopWtp

Updating WTP policies wtp updateWtpConfig

CES

Cloud Eye (CES) provides you with WTP metrics. After enabling CES, you can view WTPmetrics for ECSs and configure their protection policies based on these metrics. For details,see the Cloud Eye User Guide.



3

Table 1-4 WTP metrics that CES supports

Metric Description Value Range Monitored Object

Number of WTPalarms

Indicates the numberof WTP alarms thatoccurred on amonitored object.

≥ 0 ECS



4

2 Management

2.1 Installing a WTP Client

Scenario

Before using WTP on an ECS, you must install a WTP client. This section describes how todownload and install a WTP client on an ECS.

Prerequisitesl You have obtained an account and its password for logging in to the management

console.

l Agent Status of the ECS is Not installed.

l If a piece of third-party security software, such as McAfee, has been installed on yourserver, stop its protection function before installing a WTP client. After you install theclient, you can re-enable the protection function on the software.

Downloading a WTP Client

Step 1 Log in to the management console.

Step 2 Choose Security > Product Center of Partners > WEB Tamper Protection to navigate tothe ECS List page.

Step 3 Check Agent Status of the ECS. If its Agent Status is Not installed, you must download andinstall a WTP client.

Figure 2-1 Agent status

Web Tamper ProtectionUser Guide 2 Management


5

Step 4 Click download a WTP client above the ECS list and select the client version thatcorresponds to the OS of the ECS. After reading the Safedog application scenarios, select Ihave read and understand the application scenarios of safedog and click OK.

Figure 2-2 Downloading a WTP client

Step 5 In the Download dialog box, click OK to start downloading the client.

After the WTP client installation package is downloaded, upload it to the ECS. An elastic IPaddress (EIP) must have already been bound to this ECS.

To upload the client installation package to your ECS, you must bind your ECS to an EIP,according to Safedog's requirements.

NOTE

After the package is uploaded, you can unbind the EIP.

----End

Installing a WTP Client

You must log in to an ECS before you can install a WTP client on it. To log in to an ECS,click the ECS name, and then click Remote Login in the displayed ECS managementconsole. This section describes how to install a WTP client on an ECS running a 64-bit OS.

l Installing a WTP client on an ECS running Linux

Step 1 Log in to the ECS and run the following command to navigate to the directory containing theinstallation package:

cd directory containing the installation package

Step 2 Run the following command to decompress the installation package:

tar -zxvf name of the installation package



6

For example, if the name of the installation package is HwCloudAgent_linux64.tar.gz, runthe following command:

tar -zxvf HwCloudAgent_linux64.tar.gz

Step 3 Run the following command to switch to the directory containing the decompressed files:

cd HwCloudAgent_linux64

Step 4 Run the following command to run the installation script:

./install.py

If information similar to the following is displayed, the client has been successfully installed:

[root@testlinux64 HwCloudAgent_linux64]# ./install.py 1.1 Start install HwCloudAgent..1.2 Install common file1.3 Start the application1.4 Install apache pluginwill you need to install Apache Defense Module?please input [Y/n]:Ystep 0/0, start install Apache Defense Module..step 0.1, start install Apache Defend Module...step 0.2, copy libraries [ok]step 0.3, copy bin and set boot [ok]step 0.4, Install apache defense module succeed.. [ok]step 0.5, restart the apache server../usr/bin/sdacm: error while loading shared libraries: libQtCore.so.4: cannot open shared object file: No such file or directory[ok]Tips:(1)If you want to change the configuration of apache defense module, please modify the files in /etc/HwCloudAgent/apache/conf;(2)If you want to check apache defense module log, please use command: sdalog;(3)If apache defense module is failed to use, you can try to restart Apache service.1.4 Install Completely!

NOTE

The Apache Defense Module must be installed for WTP. If the question will you need to install ApacheDefense Module? is displayed, enter Y.

Step 5 Run the following command to confirm that the client processes exist:

ps -ef | grep HwCloud

If the following processes are displayed, the client is running properly:

[root@testlinux64 HwCloudAgent_linux64.bak]# ps -ef|grep HwCloudroot 66514 66494 0 15:46 ? 00:00:00 HwCloudAgent -droot 66508 66494 0 15:46 ? 00:00:00 HwCloudUpdate -droot 66628 64918 0 15:50 tty1 00:00:00 grep --color=auto HwCloud

----End

l Installing a WTP client on an ECS running Windows

Step 1 Navigate to the directory containing the installation package and double-click the installationfile. In the installation wizard, click Next.

Step 2 After reading License Agreement, click I Agree.

Step 3 In Destination Folder, select an installation directory and click Next.

Step 4 Click Install to start installing the client.



7

Step 5 After the installation is completed, click Finish.

Check for the client processes HwCloudAgent.exe and HwCloudUpdate.exe in TaskManager. If these processes are displayed, the client has been successfully installed.

----End

2.2 Enabling WTP

ScenarioThis section describes how to enable WTP for one or multiple ECSs.


console.l Agent Status of each ECS is Normal, Abnormal, or Stopped, and its Protection

Status is .

NOTE

The protection status of an ECS may be (enabled) or (disabled).

Procedurel Enabling WTP for one ECS



Step 3 In the row containing the ECS for which you want to enable WTP, click to set its

Protection Status to .

Figure 2-3 Enabling WTP for one ECS

Step 4 In the displayed dialog box, read the WTP Service Statement, select I have read and agree tothe WTP Service Statement, and click OK, as shown in Figure 2-4.



8

Figure 2-4 Enabling WTP

Step 5 In the Add Directory for Protection dialog box that is displayed, specify the directoryinformation.

l Protected Directory: Enter the directory containing files to be protected.

l (Optional) Exclude Subdirectory: Enter a subdirectory you do not want to protect.

l (Optional) Exclude File Type: Enter any file types you do not want to protect.

Figure 2-5 Adding a directory for protection

Step 6 Click OK.



9

NOTE

The default protection status of a newly added directory is . To disable WTP for the directory,

click to set its Protection Status to .

----End

l Enabling WTP for multiple ECSs



Step 3 Select the ECSs for which you want to enable WTP and click Enable.

Figure 2-6 Enabling WTP for multiple ECSs

Step 4 In the displayed dialog box, read the WTP Service Statement, select I have read and agree tothe WTP Service Statement, and click OK, as shown in Figure 2-7.

Figure 2-7 Enabling WTP

Step 5 In the dialog box that is displayed, click OK.

----End



10

2.3 Adding Files to Be Protected

ScenarioThis section describes how to add files to be protected by adding directories on a WTP-enabled ECS.


console.

l Protection Status of the ECS is .

Procedure



Step 3 In the row containing the ECS on which files will be added, click , as shown in Figure2-8.

Figure 2-8 Adding files to be protected

Step 4 Click Add. In the Add Directory for Protection dialog box that is displayed, specify thedirectory information.l Protected Directory: Enter the directory containing files to be protected.l (Optional) Exclude Subdirectory: Enter a subdirectory you do not want to protect.l (Optional) Exclude File Type: Enter any file types you do not want to protect.



11

Figure 2-9 Adding a directory for protection

Step 5 Click OK.

NOTE

The default protection status of a newly added directory is . To disable WTP for the directory,

click to set its Protection Status to .

----End

2.4 Viewing the ECS List

Scenario

This section describes how to view general WTP information about ECSs.

Prerequisites

You have obtained an account and its password for logging in to the management console.

Procedure



The ECS List page displays the ECS names, ECS IP addresses, ECS statuses, agent statuses,protection statuses, and number of WTP times, as shown in Figure 2-10.



12

NOTE

You can filter ECS information by selecting a status from the All ECS statuses and All statuses drop-down lists, or entering a keyword for ECS Name or ECS IP Address.

Figure 2-10 ECS list

Table 2-1 Parameter description

Parameter Description

ECS Name Displays ECS names. You can click an ECS name to switch to theECS management console.

ECS IP address Displays the IP addresses of ECSs.

ECS Status Displays the current status of an ECS. An ECS may be in any of thefollowing statuses:l Runningl Creatingl Faultyl Stopped

Agent Status Displays the current status of an agent. An agent may be in any of thefollowing statuses:l Not installed: The client has not been installed or successfully

started.l Normal: The client is running properly.l Abnormal: The client has been successfully installed but

communication with the ECS has failed.l Stopped: The ECS has been shut down.

Protection Status Displays the status of WTP.

l : WTP is enabled.

l : WTP is disabled.

l : WTP is unavailable.

WTP Times Displays the number of WTP times within the last month that WTPhas been enabled for an ECS.

Operation Allows you to query the protection records of a WTP-enabled ECS.

----End



13

2.5 Viewing Protection Records

Scenario

This section describes how to view the protection records of an ECS for the most recent week.

Prerequisites


Procedure



Step 3 Click View Protection Record to view the protection records of an ECS for the most recentweek. You can view the ECS name, protection status, WTP times, detection time, protectedfiles, process ID, process name, and action, as shown in Figure 2-11.

NOTE

You can click to specify a time period and click Search to query the protection records for thisperiod.

Figure 2-11 Protection record list

Table 2-2 Parameter description

Parameter Description

Detected Displays the time a tampering attempt was detected.

Protected Files Displays the files protected by WTP.

Process ID Displays the ID of the process protected by WTP.

Process Name Displays the name of the process protected by WTP.

Action Displays the actions that were attempted on files and directories,including create, write, re-name, and delete.

----End



14

2.6 Querying Statistics

Scenario

This section describes how to query weekly protection statistics for the last five weeks.

Prerequisites


Procedure



Step 3 Click the Statistics tab page to view detailed protection statistics about ECSs:

l Number of protection times of file types by time: displays the number of times thatdifferent file types were protected, by time.

l Weekly top 7 ECSs with most protection times: displays information about the sevenECSs with the largest number of tampering attempts for the week.

l Weekly top 7 file types with most protection times: displays information about theseven file types with the largest number of tampering attempts for the week.

l Weekly top 7 processes with most protection times: displays information about theseven processes with the largest number of tampering attempts for the week.

Figure 2-12 Statistics

----End



15

2.7 Canceling File Protection

ScenarioThis section describes how to cancel the file protection by deleting directories on a WTP-enabled ECS.


console.l A directory on an ECS has been added to WTP for protection.

Procedure



Step 3 In the row containing the ECS on which file protection will be canceled, click .

Step 4 In the row containing the desired directory, click Delete.

Figure 2-13 Protected directory

Step 5 In the Delete Protected Directory dialog box, click OK.



16

Figure 2-14 Deleting a protected directory

----End

2.8 Disabling WTP

ScenarioThis section describes how to disable WTP for one or multiple ECSs.


console.l Agent Status of each ECS is Normal, Abnormal, or Stopped, and its Protection

Status is .

Procedurel Disabling WTP for one ECS



Step 3 In the row containing the ECS for which you want to disable WTP, click to set its

Protection Status to .



17

Figure 2-15 Disabling WTP for one ECS


----End

l Disabling WTP for multiple ECSs



Step 3 Select the ECSs for which you want to disable WTP and click Disable.

Figure 2-16 Disabling WTP for multiple ECSs


----End

2.9 Uninstalling a WTP Client

Uninstalling a WTP Client from an ECS Running Linux

Step 1 Log in to the ECS from which you want to uninstall the WTP client.

Step 2 Run the following command to navigate to the installation directory:

cd client installation directory

For example, if the client installation directory is /etc/HwCloudAgent_linux64, run thefollowing command:

cd /etc/HwCloudAgent_linux64

Step 3 Run the following command to uninstall the client:

./uninstall.py

If the following information is displayed, the client has been uninstalled:

[root@testlinux64 HwCloudAgent_linux64]# ./uninstall.pyStart uninstall..Stop the application..



18

Uninstall file..Uninstall completely!

----End

Uninstalling a WTP Client from an ECS Running Windows

Step 1 Log in to the ECS from which you want to uninstall the WTP client.

Step 2 Navigate to the client installation directory and double-click uninst.exe to uninstall the client.

Step 3 In the dialog box that is displayed, click Yes to start uninstalling the client.

Step 4 Click Close after the client is completely uninstalled.

----End



19

3 FAQs

3.1 What Is WTP?Web Tamper Protection (WTP) uses file driver technologies to provide comprehensiveprotection for directories specified by public cloud users. It prevents files in these directories,including web pages, documents, images, and databases, from being tampered with orcorrupted by hackers or viruses.

3.2 Why Does Not the Protection Status ChangeImmediately After I Enable or Disable WTP?

WTP must interact with Safedog to enable or disable protection, and this takes a short period

of time. Wait 3 to 5 minutes after you enable or disable WTP, and click to refresh thepage to view the updated protection status.

Web Tamper ProtectionUser Guide 3 FAQs


20

A Change History

Released On Description

2017-08-25 This is the second official release.

Updated some screenshots.

2017-03-30 This is the first official release.

Web Tamper ProtectionUser Guide A Change History


21

user guide · the apache defense module must be installed for wtp. ... [root@testlinux64...

Documents