Install Mod_Security

Powered by Translate

Ask a Question

AdvertiseLinux ServicesAboutArchivesContact Us

HomeLinux Distro’sInterview QuestionsShell ScriptingFree Linux eBooksLinux Commands

Did You Know?

We are pleased to announce the Launch of our New Section "TecMint Ask"

Protect Apache using Mod_Security and Mod_evasive onRHEL/CentOS & Fedora

By Ravi Saive Under: Apache, CentOS, Fedora, Linux Distros, RedHat On: June 27, 2012

Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators

This is our first series on Apache security, in this article we will guide you’ll how to install and configureMod_Security and Mod_evasive modules for Apache on RHEL 6.2/6.1/6/5.8, CentOS 6.2/6.1/6/5.8 andFedora 17,16,15,14,13,12 systems using source code.

These two great security modules protect Apache server from brute force attacks and DOS attacks. Before,moving for further installation guide, we would like to provide you a little description on these tow modules.

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

1

Install mod_security and mod_evasive

What is Mod_Security?

Mod_Security is an open source web application firewall (WAF) and intrusion detection and preventionsystem for web applications. It is used to protect and monitor real time HTTP traffic and web applicationsfrom brute fore attacks.

What is Mod_Evasive?

Mod_Evasive is an open source evasive maneuvers system for Apache server to provide evasive action in theevent of an HTTP brute force, Dos or DDos attack. It was designed to use as a network traffic detection andnetwork management tool and can be easily configured and integrated into firewalls, ipchains, routers etc.Presently, it sends abuses reports via email and syslog facilites.

Install Mod_Security and Mod_evasive on RHEL 6.2/6.1/6/5.8, CentOS 6.2/6.1/6/5.8and Fedora 17,16,15,14,13,12

How to Install Mod_Security on RHEL/CentOS & Fedora

You must have LAMP setup installed and configured in your system before installing mod_security.

Step 1: Installing Dependencies for mod_security

Firstly, we required to install some dependency packages for mod_security. Run the following commands onyour selected OS.

## For RHEL/CentOS 6.2/6.1/6/5.8 ### yum install gcc make# yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

## For Fedora 17,16,15,14,13,12 ### yum install gcc make# yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

Step 2: Installing Mod_Security

As I said above that we use source code to install mod_security. Run the following commands as root.

## For RHEL/CentOS 6.2/6.1/6/5.8 ### cd /usr/src# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz# tar xzf modsecurity-apache_2.6.6.tar.gz# cd modsecurity-apache_2.6.6# ./configure# make install# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

## For Fedora 17,16,15,14,13,12 ### cd /usr/src# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz# tar xzf modsecurity-apache_2.6.6.tar.gz# cd modsecurity-apache_2.6.6# ./configure# make install# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

Step 3: Downloading OWASP Mod_Security Core Rule Set


2

Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration,these rules are used to protect from unknown vulnerabilities which often found on web applications. So, herewe are going to download and install rule set for mod_security. Run the following commands.

## For RHEL/CentOS 6.2/6.1/6/5.8 ### cd /etc/httpd/# wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/aaeaa1124e8efc# tar xzf modsecurity-crs_2.2.5.tar.gz# mv modsecurity-crs_2.2.5 modsecurity-crs# cd modsecurity-crs# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

## For Fedora 17,16,15,14,13,12 ### cd /etc/httpd/# wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/aaeaa1124e8efc# tar xzf modsecurity-crs_2.2.5.tar.gz# mv modsecurity-crs_2.2.5 modsecurity-crs# cd modsecurity-crs# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Step 4: Configuring Mod_Security

Now, you need to modify your Apache configuration file to load the mod_security module.

# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and add this below line at the bottom.

LoadModule security2_module modules/mod_security2.so

Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file.

<IfModule security2_module> Include conf.d/modsecurity.conf </IfModule>

Next, restart the Apache service to enable mod_security module and their rules.

# /etc/init.d/httpd restart

For more information on this topic visit the following links for your reference.

ModSecurity Home PageOWASP ModSecurity Core Rule Set

The above installation is tested on CentOS 5.6 and successfully worked for me, I hope it will also work foryou, now let’s move further installation of mod_evasive module.

How to Install Mod_Evasive in RHEL/CentOS & Fedora

As we already installed required dependency packages above, so let’s install the mod_evasive module.

Step 1: Installing Mod_Evasive

Just run the following commands to install mod_evasive.

## For RHEL/CentOS 6.2/6.1/6/5.8 ### cd /usr/src # wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz# tar xzf mod_evasive_1.10.1.tar.gz# cd mod_evasive# apxs -cia mod_evasive20.c

## For Fedora 17,16,15,14,13,12 ##


3

Bio

# cd /usr/src # wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz# tar xzf mod_evasive_1.10.1.tar.gz# cd mod_evasive# apxs -cia mod_evasive20.c

Step 2: Configuring Mod_Evasive

By default installation adds the following line of mod_evasive configuration to your Apache configuration file.Please verify that it should be there like similar to below. If you can’t see this below line, then add this to yourhttpd.conf file.

LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so

Now add the mod_evasive configuration parameters to your Apache configuration at the end. [email protected] with your Email Id to get email alerts.

<IfModule mod_evasive20.c>DOSHashTableSize 3097DOSPageCount 2DOSSiteCount 50DOSPageInterval 1DOSSiteInterval 1DOSBlockingPeriod 60DOSEmailNotify [email protected]</IfModule>

Next restart the Apache service to update changes.

# /etc/init.d/httpd restart

For more additional information visit the mod_evasive Home Page.

Please drop your comments for any queries on installation, we will love to help you out and don’t forget toSubscribe to our Updates.

Ravi SaiveOwner at TecMint.com

Simple Word a Computer Geek and Linux Guru who loves to share tricks and tips onInternet. Most Of My Servers runs on Open Source Platform called Linux.

Linux Services & Free WordPress Setup

Our post is simply ‘DIY’ aka ‘Do It Yourself, still you may find difficulties and want us to help you out. Weoffer wide range of Linux and Web Hosting Solutions at fair minimum rates. Please submit your orders byClicking Here.


4

1

20

4

43

comments

Free ebook pdf Virus protection software Network security software

Free web design tutorials Free work from home At home work

« Previous Post

Adobe Flash Player 11.3 Released – Install On RHEL/CentOS 6-5 and Fedora 17-12

Next Post »

Red Hat Enterprise Linux (RHEL) 6 Installation Guide with Screenshots

Related Post(s):

TecMint.com Best and Most Viewed Articles from 20121.Fedora 19 ‘Schrödinger’s Cat’ Released – Installation Guide with Screenshots2.Ubuntu 12.10 Server (Quantal Quetzal) Installation Guide with Screenshots3.How to Use Remote Desktop (rdesktop) in Redhat/Fedora/CentOS4.Adobe Flash Player 11.3 Released – Install On RHEL/CentOS 6-5 and Fedora 17-125.20 Linux YUM (Yellowdog Updater, Modified) Commands for Package Management6.

43 Responses

sholeh says:September 5, 2012 at 12:14 pm

Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file ?

Include modsecurity-crs/modsecurity_crs_10_config.confInclude modsecurity-crs/base_rules/*.conf

my configure is error ? please give me example

Thanks

Reply

1.


5

Ravi Saive says:September 5, 2012 at 12:47 pm

Dear Sholeh,

Use command as httpd -t and tell me the output of the error.

Reply

rohit says:October 9, 2012 at 9:02 pm

Syntax error on line 47 of /etc/httpd/modsecurity.d/activated_rules/base_rules/modsecurity_crs_21_protocol_anomalies.conf:ModSecurity: SkipAfter actions can only be specified by chain starter rules.

please help me out in this.

Reply

2.

Ravi Saive says:October 10, 2012 at 5:21 pm

@ Rohit,

The directory activated_rules contains some rules that comes with modsecurity 2.2.5 version and arenot comptaible with the modsecurity version 2.6.6. In version 2.6.6 there is no such activated_rulesdirectory exists. see my article did i mentioned the directory above.

This above artilce is works with modsecurity 2.6.6 only..

Reply

3.

Miguel Mello says:November 28, 2012 at 9:39 am

Works great! Very nice and helpful tutorial. Thank you.

Reply

4.

Séries Parlotte says:December 10, 2012 at 5:18 am

Hello,

Can we install this on Centos 6.3 ?

Reply

Ravi Saive says:December 10, 2012 at 1:02 pm

@Series Parlotte,

5.


6

Yes! You can install it. go ahead..

Reply

Paul Sandel says:December 15, 2012 at 11:35 pm

Thanks for the info, very helpful. Can you recommend a methodology to test the efficacy of the server’ssecurity? I’m not a hacker, and do not have a strong understand of their approach

Reply

6.

sanjeev says:January 8, 2013 at 11:05 am

paul either you can use openvas or nessus(only for non-commercial) tool to check server’s security

Reply

7.

Alex says:January 18, 2013 at 1:43 am

gracias, funciona muy bien.

Reply

8.

Tanas Alexandru Florin says:February 10, 2013 at 10:15 pm

Thanks but with this 2 module my ram usage uts 500 mb with out any site on my VPS.How to uninstall this 2 module ?

Thanks

Reply

9.

Jayb says:March 17, 2013 at 12:19 pm

Is there any simple url script to check if mod security is enabled and working. I tried with genericsamples from the web, but all of them give ‘Not Found’ error instead of Access Denied.

Reply

10.

Victor says:April 10, 2013 at 3:39 pm

Hi,I had a problem saying “Couldn’t find apxs” when trying to do ./configure of modsecurity step 2…this package wasn’t installed on my os… I followed this post to do so :http://www.ehow.com/how_8671217_install-apxs-centos-54.html

It worked just fine so I thought it might help others…

11.


7

Cheers :)

Reply

Stranger says:July 9, 2013 at 9:35 am

i installed mod_evasive as per your instructions and voila it saved me from a 500mb ddos attack, thanksalot

Reply

12.

Behzad says:July 27, 2013 at 12:36 am

HelloI want to install mod_security, when i enter the following command (./configure) I see the followingresult what can I do?checking for a BSD-compatible install… /usr/bin/install -cchecking whether build environment is sane… yeschecking for a thread-safe mkdir -p… /bin/mkdir -pchecking for gawk… gawkchecking whether make sets $(MAKE)… yeschecking build system type… x86_64-unknown-linux-gnuchecking host system type… x86_64-unknown-linux-gnuchecking for style of include used by make… GNUchecking for gcc… nochecking for cc… nochecking for cl.exe… noconfigure: error: in `/usr/src/modsecurity-apache_2.7.4′:configure: error: no acceptable C compiler found in $PATHSee `config.log’ for more details.

My OS is: centos 6.4htppd: Apache/2.2.25 (Unix)

Thanks in advance

Reply

Ravi Saive says:July 27, 2013 at 12:30 pm

Install missing gcc Development Tools using yum package manager.

Reply

13.

Sajjad says:July 29, 2013 at 6:27 am

hey Ravi i need your help to install these mods on my server, i dont want to play with my live site, andim willing to pay for this job,

Reply

14.


8


Ok we setup and install these mods on your server. Just mail me all your server details, so wecould start working on it.

Reply

Sajjad says:July 29, 2013 at 6:59 pm

i dont have you email id

Reply


Use our contact us form..

Reply

15.

Abh says:August 2, 2013 at 6:14 pm

Hi Ravi.

On ./configure i get an error “configure: error: pcre library is required” but thing is “Packagepcre-7.8-6.el6.x86_64 already installed and latest version” so how can i get past it? :)

Reply

16.

Lau says:August 4, 2013 at 6:44 pm

Hi, I got stuck at Step 3 (Step 3: Downloading OWASP Mod_Security Core Rule Set)

# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz. What other link should I use?

–2013-08-04 21:02:40– http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gzResolving downloads.sourceforge.net… 216.34.181.59Connecting to downloads.sourceforge.net|216.34.181.59|:80… connected.HTTP request sent, awaiting response… 404 Not Found2013-08-04 21:02:40 ERROR 404: Not Found.

Reply

Ravi Saive says:August 4, 2013 at 10:02 pm

Sorry, links were outdated, just added new updated links. Please check and let me know.

17.


9

Reply

Les says:September 10, 2013 at 7:58 pm

I’m receiving the same error on the link and do not see an update.

Reply

Lau says:August 4, 2013 at 10:59 pm

Thanks for your quick response. I appreciate it, but I’m still seeing the same link :http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz

Reply

vasu says:October 10, 2013 at 7:55 pm

Hi Lau,

Download that tar pkg from below link

http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/aaeaa1124e8efc39eeb064fb47cfc0aa/modsecurity-crs_2.2.5.tar.gz

Thanx

Reply

18.

Lau says:August 5, 2013 at 1:51 am

Hi again,I got stuck at step 3 because of the invalid link, I couldn’t restart httpd so I want to start again fromzero. How can I uninstall Mod_Security first? I already deleted the lines in httpd . Any help isappreciated.

Reply

Ravi Saive says:August 5, 2013 at 1:17 pm

The article is little outdated due to new release of mod_security. We update it and makecompatible for all distros.

Reply

19.

vasu says:October 10, 2013 at 8:03 pm

Hi Ravi…

20.


10

Thanks for great tutorial. I’ve installed successfully. One small correction at step 4

for :

Include modsecurity-apache/modsecurity.conf

Read :

Include conf.d/modsecurity.conf

But how could we confirm that these both modules are working fine and our site is safe.

Thanx..

Reply


Thanks man, updated the article..

Reply

Nikhil says:October 18, 2013 at 8:39 pm

Hi,

I have installed mod_security in my server. I want to check mod_security is working on my server ornot.

Please tell me how can i check?

Reply


Create a file “phpinfo.php” in your website root directory and add the following lines to it.

<php? phpinfo(); ?>

Add call the file from the browser and search for mod_security term.

Reply

21.

Ferdi Özdamar says:October 23, 2013 at 10:17 pm

When i restart services after i modified “httpd.conf” file i get these problems on the below andwebserver stop responding, what should i do ? (I have Centos 5.9 – VPS)

Stopping httpd: [FAILED]

22.


11

Starting httpd: httpd: Syntax error on line 62 of /etc/httpd/conf/htt tc/httpd/modules/mod_security2.so:cannot open shared object file: No[FAILED]

Stopping httpd: [FAILED]Starting httpd: Syntax error on line 7 of /etc/httpd/conf.d/modsecuriInvalid command ‘SecRuleEngine’, perhaps misspelled or defined by a m

Reply


Let me re-check again, why such error its throwing. Will update you soon..

Reply

Ferdi Özdamar says:October 24, 2013 at 12:30 am

Thanks for the quick reply Ravi, i took back the changes on “httpd.conf” file but webserver still doesn’tresponse. I also mailed you my ssh access info if you would like to take a look. Thanks in advance.

Reply

23.

Jiin says:November 7, 2013 at 7:46 am

Hi Ravi, I installed & configured mod_evasive (I skipped mod_security). No issue encountered. Butwhen I used ab (apachebench) to test the server using 600 concurrent requests it does not send out anyemail (abuse report) or blacklist/block my access . Can you tell me where is the log indicates the actiontaken by the mod_evasive? or any place to find out if it is working correctly. Thanks.

Reply

Ravi Saive says:November 7, 2013 at 6:52 pm

We haven’t enabled log in the article, to enable logs simple place the following line insideifmodule section and restart apache.

DOSLogDir /var/log/mod_evasive

Reply


Thanks Ravi. I added this line and restart apache but still got nothing. /var/log/mod_evasivedid not show up at all. Any pointers you can give to help me debug this?

this is in httpd.conf

DOSHashTableSize 3097DOSPageCount 5

24.


12

DOSSiteCount 50DOSPageInterval 1DOSSiteInterval 1DOSBlockingPeriod 3600DOSLogDir /var/log/mod_evasiveDOSEmailNotify [email protected]

This is the 600 concurrent requests I sent and it went through.$ ab -n 600 -c 600 http://www.invescoperpetual.dev.invesco.net/portal/site/ip/home/This is ApacheBench, Version 2.0.40-dev apache-2.0Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking http://www.invescoperpetual.dev.invesco.net (be patient)Completed 100 requestsCompleted 200 requestsCompleted 300 requestsCompleted 400 requestsCompleted 500 requestsFinished 600 requests

Reply


Just found out my RHEL release is 5.7 (Red Hat Enterprise Linux Server release 5.7 (Tikanga))Will that be the root cause of my issue?

Reply

25.

John says:December 11, 2013 at 8:18 pm

Hi RaviCould you help me with this problemhttpd: Syntax error on line 177 of /usr/local/apache2/conf/httpd.conf: Cannot loadmodules/mod_evasive20.so into server: /usr/local/apache2/modules/mod_evasive20.so: undefinedsymbol: ap_log_rerro

Reply

John says:December 11, 2013 at 8:24 pm

Also in 177 simple i haveLoadModule evasive20_module modules/mod_evasive20.so

Reply

26.

Michael says:January 12, 2014 at 12:22 am

These instructions were great–thank you! Had to add the apxs, httpd-devel, pcre-devel, and curl-devel

27.


13

along the way.

Reply

Leave a Reply

Name (Required)

Mail (will not be published) (Required)

Website

Twitter 1267 TwitterFacebook 22582 FacebookGoogle+ 2010 Google+RSS 2589 Subscribers

Become A TecMint Subscriber to receive latest Updates.

PopularLatestCommentsTags


14

Wine 1.7.9 Released – Install in RHEL, CentOS and Fedora 132 Comments

CentOS 6.4 Step by Step Installation Guide with Screenshots 131 Comments

Install Apache 2.2.15, MySQL 5.5.34 & PHP 5.5.4 on RHEL/CentOS 6.4/5.9 & Fedora 19-12 128Comments

Install Cacti (Network Monitoring) on RHEL/CentOS 6.3/5.8 and Fedora 17-12 111 Comments

CentOS 6.3 Step by Step Installation Guide with Screenshots 89 Comments

Google Chrome 32 Released – Install on RHEL/CentOS 6 and Fedora 19/15 83 Comments

:: Advertise ::


15

:: Download Free Linux eBooks ::

:: Follow Us ::


16

Know More

Submit Order

Advertise Now

:: About ::

TecMint.com is a website that publishes practical and useful out-of-the-box articles for aspirant like you andme. We seek to present exceptional, remarkable tips, tutorials, and resources that the modern web professionalwill appreciate.

:: Our Services ::

We offer wide range of Linux Web Hosting and Management Services includes Linux hosting,WordPress hosting, Joomla Hosting, CMS hosting, Website migration and Custom solutions, making us aone-stop destination for all your possible hosting needs at fair minimum rates.

:: Advertise ::

TecMint.com is visited by tens of thousands of Linux users and has a excellent reputation in thesearch engine ranking. Most of the traffic comes from Google organic search (80%). Spread your messages orproducts to an engaged readers by advertising with us.

Home | Privacy Policy | Copyright Policy© 2012-2013 All Rights Reserved.


17

10 Useful Free Linux eBooks for Newbies and Administrators25 Hardening Security Tips for Linux Servers60 Commands of Linux : A Guide from Newbies to System Administrator15 Command Line Tools to Monitor Linux Performance5 Best Practices to Secure and Protect SSH Server18 Tar Command Examples in Linux20 Linux YUM (Yellowdog Updater, Modified) Commands25 Useful Basic Commands of APT-GET and APT-CACHE20 Funny Commands of Linux or Linux is Fun in Terminal35 Practical Examples of Linux Find Command10 Linux Distributions and Their Targeted Users


18

Documents

Install Mod_Security