다운로드: https://github.com/WebGoat/WebGoat/releases
WebGoat은 보안 문제로 localhost에서만 접속 가능하므로, 외부에서도 접속이 가능하도록 apache 웹서버의 Proxy 기능을 사용하여 외부에서 접속이 가능하도록 구성한다.
apt -y install apache2 cp -f /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.orig a2enmod proxy a2enmod proxy_http sed -i "s/<\/VirtualHost>//g" /etc/apache2/sites-available/000-default.conf echo >> /etc/apache2/sites-available/000-default.conf echo -e "\t#######################################" >> /etc/apache2/sites-available/000-default.conf echo -e "\t# Proxy" >> /etc/apache2/sites-available/000-default.conf echo -e "\t#######################################" >> /etc/apache2/sites-available/000-default.conf echo -e "\tProxyRequests Off" >> /etc/apache2/sites-available/000-default.conf echo -e "\tProxyPreserveHost On" >> /etc/apache2/sites-available/000-default.conf echo -e "\t<Proxy *>" >> /etc/apache2/sites-available/000-default.conf echo -e "\t\tOrder deny,allow" >> /etc/apache2/sites-available/000-default.conf echo -e "\t\tAllow from all" >> /etc/apache2/sites-available/000-default.conf echo -e "\t</Proxy>" >> /etc/apache2/sites-available/000-default.conf echo -e "\tProxyPass / http://127.0.0.1:8080/" >> /etc/apache2/sites-available/000-default.conf echo -e "\tProxyPassReverse / http://127.0.0.1:8080/" >> /etc/apache2/sites-available/000-default.conf echo -e "</VirtualHost>" >> /etc/apache2/sites-available/000-default.conf
WebGoat을 systemd 서비스로 추가
#!/bin/bash
CURRENT_DIR=`pwd -P`
CURRENT_TIME=`date "+%Y%m%d_%H%M%S"`
export JAVA_HOME="/opt/jdk-17.0.5"
export SERVICE_NAME="webgoat"
export WEBGOAT_JAR="/opt/webgoat/webgoat-2023.7.jar"
export JAVA_OPTS="-Xms512M -Xmx1G -Xss512K -Dfile.encoding=UTF-8"
#export WEBGOAT_OPTS="--server.address=127.0.0.1 --server.port=8080"
# Check java
if [ ! -f ${JAVA_HOME}/bin/java ]
then
echo "${JAVA_HOME}/bin/java not found !"
exit 1
fi
# Check webgoat.jar
if [ ! -f ${WEBGOAT_JAR} ]
then
echo "${WEBGOAT_JAR} not found !"
exit 1
fi
echo "[Unit]" > /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "Description=A deliberately insecure Web Application" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "After=network.target" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "[Service]" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "Type=simple" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "Environment='JAVA_HOME=${JAVA_HOME}'" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "Environment='TZ=Asia/Seoul'" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "ExecStart=${JAVA_HOME}/bin/java ${JAVA_OPTS} -jar ${WEBGOAT_JAR} ${WEBGOAT_OPTS}" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "ExecStop=pkill -TERM webgoat" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "User=root" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "Group=root" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "UMask=0007" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "RestartSec=10" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "Restart=always" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "[Install]" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
echo "WantedBy=multi-user.target" >> /usr/lib/systemd/system/${SERVICE_NAME}.service
chmod 644 /usr/lib/systemd/system/${SERVICE_NAME}.service
systemctl daemon-reload
systemctl disable ${SERVICE_NAME}.service
웹브라우저에서 http://10.10.10.32/WebGoat 으로 접속