ModSecurity supplies an array of request filtering and other security features to the Apache HTTP Server, IIS and NGINX. ModSecurity is a web application layer firewall. ModSecurity is free software released under the Apache license 2.0.
Steps:
1.
[root@here temp]# httpd -v Server version: Apache/2.2.15 (Unix) Server built: Apr 3 2014 23:56:16 [root@here temp]# [root@here temp]# cat /etc/redhat-release CentOS release 6.5 (Final) [root@here temp]#
2. Install mod_security
[root@here modsecurity-2.8.0]# yum install pcre-devel pcre pcre-static [root@here modsecurity-2.8.0]# yum install libxml2 libxml2-devel [root@here modsecurity-2.8.0]# yum install curl libcurl-devel libcurl [root@here temp]# wget https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz --2014-09-14 19:06:38-- https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz Resolving www.modsecurity.org... 204.13.200.240 Connecting to www.modsecurity.org|204.13.200.240|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 3940357 (3.8M) [application/x-gzip] Saving to: “modsecurity-2.8.0.tar.gz” 100%[===============================================================================================================>] 3,940,357 982K/s in 3.9s 2014-09-14 19:06:43 (982 KB/s) - “modsecurity-2.8.0.tar.gz” saved [3940357/3940357] [root@here temp]# tar xvzf modsecurity-2.8.0.tar.gz [root@here temp]# cd modsecurity-2.8.0 [root@here modsecurity-2.8.0]# ./configure && make && make install Files: [root@here modsecurity-2.8.0]# find ... -type f /lib/mod_security2.so /bin/mlogc-batch-load.pl /bin/rules-updater.pl /usr/local/modsecurity/bin/mlogc /usr/lib64/httpd/modules/mod_security2.so [root@here modsecurity-2.8.0]# [root@here conf.d]# cp -av .../modsecurity-2.8.0/modsecurity.conf-recommended mod_security.conf `.../modsecurity-2.8.0/modsecurity.conf-recommended' -> `mod_security.conf'
3. Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration, these rules are used to protect from unknown vulnerabilities which often found on web applications
Downalod the latest version from https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
[root@here conf.d]# wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master [root@here conf.d]# mv master SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz [root@here conf.d]# tar xvzf SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz [root@here conf.d]# mv SpiderLabs-owasp-modsecurity-crs-ebe8790 modsecurity_crs [root@here conf.d]# cd modsecurity_crs/ [root@here modsecurity_crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf [root@36lotto conf.d]# cp .../modsecurity-2.8.0/unicode.mapping .
4.
[root@here conf]# egrep 'unique|secu' httpd.conf LoadModule unique_id_module modules/mod_unique_id.so LoadModule security2_module modules/mod_security2.so [root@here conf]#
5.Add to mod_security.conf
Include modsecurity-crs/modsecurity_crs_10_setup.conf Include modsecurity-crs/base_rules/*.conf ... ... ...