This is our first series on Apache security, in this article we will guide you’ll how to install and configure
Mod_Security and
Mod_evasive modules for Apache on
RHEL 6.2/6.1/6/5.8,
CentOS 6.2/6.1/6/5.8 and
Fedora 17,16,15,14,13,12 systems using source code.
These two great security modules protect
Apache
server from brute force attacks and DOS attacks. Before, moving for
further installation guide, we would like to provide you a little
description on these tow modules.
Install mod_security and mod_evasive
What is Mod_Security?
Mod_Security is an open source web application firewall (
WAF)
and intrusion detection and prevention system for web applications. It
is used to protect and monitor real time HTTP traffic and web
applications from brute fore attacks.
What is Mod_Evasive?
Mod_Evasive is an open source evasive maneuvers system for
Apache
server to provide evasive action in the event of an HTTP brute force,
Dos or DDos attack. It was designed to use as a network traffic
detection and network management tool and can be easily configured and
integrated into firewalls, ipchains, routers etc. Presently, it sends
abuses reports via email and syslog facilites.
Install Mod_Security and Mod_evasive on RHEL 6.2/6.1/6/5.8, CentOS 6.2/6.1/6/5.8 and Fedora 17,16,15,14,13,12
How to Install Mod_Security on RHEL/CentOS & Fedora
You must have
LAMP setup installed and configured in your system before installing mod_security.
Step 1: Installing Dependencies for mod_security
Firstly, we required to install some dependency packages for mod_security. Run the following commands on your selected OS.
## For RHEL/CentOS 6.2/6.1/6/5.8 ##
# yum install gcc make
# yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel
## For Fedora 17,16,15,14,13,12 ##
# yum install gcc make
# yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel
Step 2: Installing Mod_Security
As I said above that we use source code to install mod_security. Run the following commands as root.
## For RHEL/CentOS 6.2/6.1/6/5.8 ##
# cd /usr/src
# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz
# tar xzf modsecurity-apache_2.6.6.tar.gz
# cd modsecurity-apache_2.6.6
# ./configure
# make install
# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
## For Fedora 17,16,15,14,13,12 ##
# cd /usr/src
# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz
# tar xzf modsecurity-apache_2.6.6.tar.gz
# cd modsecurity-apache_2.6.6
# ./configure
# make install
# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
Step 3: Downloading OWASP Mod_Security Core Rule Set
Mod_Security requires OWASP (Open Web Application Security Project)
core rules for base configuration, these rules are used to protect from
unknown vulnerabilities which often found on web applications. So, here
we are going to download and install rule set for mod_security. Run the
following commands.
## For RHEL/CentOS 6.2/6.1/6/5.8 ##
# cd /etc/httpd/
# wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/aaeaa1124e8efc39eeb064fb47cfc0aa/modsecurity-crs_2.2.5.tar.gz
# tar xzf modsecurity-crs_2.2.5.tar.gz
# mv modsecurity-crs_2.2.5 modsecurity-crs
# cd modsecurity-crs
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf
## For Fedora 17,16,15,14,13,12 ##
# cd /etc/httpd/
# wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/aaeaa1124e8efc39eeb064fb47cfc0aa/modsecurity-crs_2.2.5.tar.gz
# tar xzf modsecurity-crs_2.2.5.tar.gz
# mv modsecurity-crs_2.2.5 modsecurity-crs
# cd modsecurity-crs
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf
Step 4: Configuring Mod_Security
Now, you need to modify your Apache configuration file to load the mod_security module.
# vi /etc/httpd/conf/httpd.conf
Search for the line
LoadModule in your httpd.conf and add this below line at the bottom.
LoadModule security2_module modules/mod_security2.so
Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file.
Include conf.d/modsecurity.conf
Next, restart the Apache service to enable mod_security module and their rules.
# /etc/init.d/httpd restart
For more information on this topic visit the following links for your reference.
- ModSecurity Home Page
- OWASP ModSecurity Core Rule Set
The above installation is tested on CentOS 5.6 and successfully
worked for me, I hope it will also work for you, now let’s move further
installation of mod_evasive module.
How to Install Mod_Evasive in RHEL/CentOS & Fedora
As we already installed required dependency packages above, so let’s install the mod_evasive module.
Step 1: Installing Mod_Evasive
Just run the following commands to install mod_evasive.
## For RHEL/CentOS 6.2/6.1/6/5.8 ##
# cd /usr/src
# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar xzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# apxs -cia mod_evasive20.c
## For Fedora 17,16,15,14,13,12 ##
# cd /usr/src
# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar xzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# apxs -cia mod_evasive20.c
Step 2: Configuring Mod_Evasive
By default installation adds the following line of mod_evasive
configuration to your Apache configuration file. Please verify that it
should be there like similar to below. If you can’t see this below line,
then add this to your httpd.conf file.
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
Now add the mod_evasive configuration parameters to your Apache configuration at the end. Replace
someone@somewhere.com with your Email Id to get email alerts.
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify someone@somewhere.com
Next restart the Apache service to update changes.
# /etc/init.d/httpd restart
For more additional information visit the
mod_evasive Home Page.
Please drop your comments for any queries on installation, we will
love to help you out and don’t forget to Subscribe to our Updates.
