UPWORK/ODESK guru: Tips and Tricks for clients

skype: upwork.link , email: info@upwork.link

ModSecurity2 to Apache HTTP Server (CentOS)

without comments

ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server, IIS and NGINX. ModSecurity is a web application layer firewall. ModSecurity is free software released under the Apache license 2.0.

Steps:

1.

[root@here temp]# httpd -v
Server version: Apache/2.2.15 (Unix)
Server built:   Apr  3 2014 23:56:16
[root@here temp]# 
[root@here temp]# cat /etc/redhat-release 
CentOS release 6.5 (Final)
[root@here temp]# 

2. Install mod_security


[root@here modsecurity-2.8.0]# yum install pcre-devel pcre pcre-static
[root@here modsecurity-2.8.0]# yum install libxml2 libxml2-devel
[root@here modsecurity-2.8.0]# yum install curl libcurl-devel libcurl

[root@here temp]# wget https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz
--2014-09-14 19:06:38--  https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz
Resolving www.modsecurity.org... 204.13.200.240
Connecting to www.modsecurity.org|204.13.200.240|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3940357 (3.8M) [application/x-gzip]
Saving to: “modsecurity-2.8.0.tar.gz”

100%[===============================================================================================================>] 3,940,357    982K/s   in 3.9s    

2014-09-14 19:06:43 (982 KB/s) - “modsecurity-2.8.0.tar.gz” saved [3940357/3940357]


[root@here temp]# tar xvzf modsecurity-2.8.0.tar.gz 
[root@here temp]# cd modsecurity-2.8.0
[root@here modsecurity-2.8.0]# ./configure && make && make install

Files:

[root@here modsecurity-2.8.0]# find ... -type f 
/lib/mod_security2.so
/bin/mlogc-batch-load.pl
/bin/rules-updater.pl
/usr/local/modsecurity/bin/mlogc
/usr/lib64/httpd/modules/mod_security2.so
[root@here modsecurity-2.8.0]# 

[root@here conf.d]# cp -av .../modsecurity-2.8.0/modsecurity.conf-recommended mod_security.conf 
`.../modsecurity-2.8.0/modsecurity.conf-recommended' -> `mod_security.conf'

3. Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration, these rules are used to protect from unknown vulnerabilities which often found on web applications

Downalod the latest version from https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master

[root@here conf.d]# wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
[root@here conf.d]# mv master SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
[root@here conf.d]# tar xvzf SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
[root@here conf.d]# mv SpiderLabs-owasp-modsecurity-crs-ebe8790 modsecurity_crs
[root@here conf.d]# cd modsecurity_crs/
[root@here modsecurity_crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
[root@36lotto conf.d]# cp .../modsecurity-2.8.0/unicode.mapping .

4.

[root@here conf]# egrep 'unique|secu' httpd.conf 
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
[root@here conf]# 

5.Add to mod_security.conf


Include modsecurity-crs/modsecurity_crs_10_setup.conf
Include modsecurity-crs/base_rules/*.conf
...
...
...

Written by spectre

September 14th, 2014 at 12:22 am

Posted in Apache2

Leave a Reply

*