تنصيب mod_security on Apache centos

↑ Grab this Headline Animator

Follow @KAMINDOZ Tweet to @KAMINDOZ

 

 

 

Installing ModSecurity

Before you install ModSecurity, you'll want to have a LAMP stack set up on your Linode. For instructions, see the LAMP Guides.

Ubuntu / Debian

To install ModSecurity on a Linode running Ubuntu or Debian, enter the following commands, one by one:

sudo apt-get install libxml2 libxml2-dev libxml2-utils
sudo apt-get install libaprutil1 libaprutil1-dev
sudo apt-get install libapache-mod-security

ModSecurity is now installed on your Linode.

CentOS / Fedora

To install ModSecurity on a Linode running CentOS or Fedora, perform the following steps:

1. Install the GCC compiler and the dependancies by entering the following commands, one by one:

   sudo yum install gcc make
   sudo yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel
   

2. You'll need to install mod_security from source as there is no maintained package CentOS or Fedora yet. Grab the mod_security package and install it by entering the following commands, one by one:

   cd /usr/src
   wget http://www.modsecurity.org/download/modsecurity-apache_2.6.2.tar.gz
   tar xzf modsecurity-apache_2.6.2.tar.gz
   cd modsecurity-apache_2.6.2
   ./configure
   make install
   cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
   

3. Now you'll need to modify your Apache configuration to load the ModSecurity module. Find the LoadModule section in httpd.conf and add this line to the end:

   File:/etc/httpd/conf/httpd.conf

   LoadModule security2_module modules/mod_security2.so
   

4. Restart Apache by entering the following command:

   sudo /etc/init.d/httpd restart
   

ModSecurity is now installed on your Linode.

OWASP ModSecurity Core Rule Set

For a base configuration, we are going to use the OWASP core rule set. This section explains how to download the latest tarball and move it into place on your Linode.

Ubuntu / Debian

To grab the latest tarball on a Linode running Ubuntu or Debian, enter the following commands, one by one:

cd /etc/apache2
wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
tar xzf modsecurity-crs_2.2.5.tar.gz
mv modsecurity-crs_2.2.5 modsecurity-crs
cd modsecurity-crs

The OWASP core rule set is now in place on your Linode.

CentOS / Fedora

To grab the latest tarball on a Linode running CentOS or Fedora, enter the following commands, one by one:

cd /etc/httpd/conf
wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
tar xzf modsecurity-crs_2.2.5.tar.gz
mv modsecurity-crs_2.2.5 modsecurity-crs
cd modsecurity-crs

The OWASP core rule set is now in place on your Linode.

Configuring ModSecurity

You'll want to use the modsecurity_10_crs_config, so let's copy that from the example:

cp modsecurity_crs_10_config.conf.example modsecurity_crs_10_config.conf

There are five rules directories:

• activated_rules
• base_rules
• experimental_rules
• optional_rules
• slr_rules

Note

The activated_rules directory will be empty in case you wanted to symlink the configuration files for the rules you wish to use into that directory.

There are two ways to configure ModSecurity: use a basic ruleset, or use symbolic links. The following sections explain how to use both methods.

Using a Basic Ruleset

If you want to get started with a basic ruleset and would rather not bother with symbolically linking configuration files, perform the following steps:

1. Modify your httpd.conf file as shown below:

   File:/etc/apache2/httpd.conf (Debian / Ubuntu)

   
       Include modsecurity-crs/*.conf
       Include modsecurity-crs/base_rules/*.conf
   
   

   File:/etc/httpd/conf/httpd.conf (CentOS / Fedora)

   
       Include modsecurity-crs/*.conf
       Include modsecurity-crs/base_rules/*.conf
   
   

2. In the modsecurity_crs_20_protocol_violations.conf file, rename the REQBODY_ERROR variable to REQBODY_PROCESSOR_ERROR.
3. Restart Apache for the updates to take effect:

   Debian / Ubuntu:
   

   /etc/init.d/apache2 restart
   

   CentOS / Fedora:
   

   /etc/init.d/httpd restart
   

You have successfully configured ModSecurity.

Using Symbolic Links

If you would rather symbolically link those configuration files to the activated_rules directory, perform the following steps:

1. Edit the Apache configuration file so IfModule looks like this:

   File:/etc/apache2/httpd.conf (Debian / Ubuntu)

   
       Include modsecurity-crs/modsecurity_crs_10_config.conf
       Include modsecurity-crs/activated_rules/*.conf
   
   

   File:/etc/httpd/conf/httpd.conf (CentOS / Fedora)

   
       Include modsecurity-crs/modsecurity_crs_10_config.conf
       Include modsecurity-crs/activated_rules/*.conf
   
   

2. Create the symbolic links before restarting Apache. A few examples are shown below.

   • To copy all the base_rules over to activated_rules:

     for f in `ls base_rules/` ; do ln -s /usr/local/apache/conf/crs/base_rules/$f activated_rules/$f ; done
     

   • To copy the comment spam rules from the optional_rules directory to the activated_rules directory:

     for f in `ls optional_rules/ | grep comment_spam` ; do sudo ln -s /usr/local/apache/conf/crs/optional_rules/$f activated_rules/$f ; done
     

3. Restart Apache for the updates to take effect:

   Debian / Ubuntu:
   

   /etc/init.d/apache2 restart
   

   CentOS / Fedora:
   

   /etc/init.d/httpd restart
   

You have successfully configured ModSecurity.

منتديات الهكر العراقي , منظمة الاختراق العراقية kamindoz

Share

Tweet

روابط هذه التدوينة قابلة للنسخ واللصق
URL
HTML
BBCode

Tweet Follow @KAMINDOZ Tweet

kamindoz