Upload
chinku85
View
21
Download
2
Embed Size (px)
DESCRIPTION
mod_security on Apache – Linode Library
Citation preview
Linode HomeQuick Start Guides
Getting StartedMigrate to LinodeSecuring Your ServerHosting a WebsiteAdding DNS RecordsRunning a Mail ServerMonitoring and MaintainingYour ServerBacking Up Your DataTroubleshooting
Linode PlatformAccounts and PasswordsBackup ServiceBilling and PaymentsDisk Images andConfiguration ProfilesDNS ManagerLinode ManagedLishLongviewNodeBalancerRemote AccessRescue and RebuildResizing a LinodeSecurityServer BuildsStackScriptsSupport
Reference ManualsBeginner's GuideLAMP GuidesLEMP GuidesApplication StacksCommunicationsCustom InstancesDatabasesDNS Services
Home :: Web Servers :: Apache
mod_security on ApachePublished: Thursday, November 10th, 2011 by Chris Ciufo
ModSecurity is a web application firewall for the Apache web server. In addition toproviding logging capabilities, ModSecurity can monitor the HTTP traffic in real timein order to detect attacks. ModSecurity also operates as a web intrusion detectiontool, allowing you to react to suspicious events that take place at your web systems.
Contents
Installing ModSecurityUbuntu / DebianCentOS / Fedora
OWASP ModSecurity Core Rule SetUbuntu / DebianCentOS / Fedora
Configuring ModSecurityUsing a Basic RulesetUsing Symbolic Links
More Information
Installing ModSecurityBefore you install ModSecurity, you'll want to have a LAMP stack set up on yourLinode. For instructions, see the LAMP Guides.
Ubuntu / Debian
To install ModSecurity on a Linode running Ubuntu or Debian, enter the followingcommands, one by one:
sudo apt-get install libxml2 libxml2-dev libxml2-utilssudo apt-get install libaprutil1 libaprutil1-devsudo apt-get install libapache-mod-security
ModSecurity is now installed on your Linode.
CentOS / Fedora
To install ModSecurity on a Linode running CentOS or Fedora, perform the followingsteps:
Install the GCC compiler and the dependancies by entering the following1.
mod_security on Apache – Linode Library
1 of 5
Email GuidesFrameworksIntro to Version ControlMigrationLinux ToolsNetworkingSecurityServer MonitoringTroubleshootingUpgradingUsing LinuxWeb ApplicationsWeb Servers
Apache
InstallationConfigurationPHP/CGImod_wsgiProxy GuidesSSL GuidesTroubleshooting
mod_security
mod_evasiveNginxCherokeeLighttpd
Article SubmissionsStyle Guide
Sitemap
commands, one by one:
sudo yum install gcc makesudo yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-de
You'll need to install mod_security from source as there is no maintainedpackage CentOS or Fedora yet. Grab the mod_security package and install itby entering the following commands, one by one:
cd /usr/srcwget http://www.modsecurity.org/download/modsecurity-apache_2.6.2.tartar xzf modsecurity-apache_2.6.2.tar.gzcd modsecurity-apache_2.6.2./configuremake installcp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
2.
Now you'll need to modify your Apache configuration to load the ModSecuritymodule. Find the LoadModule section in httpd.conf and add this line to theend:
File: /etc/httpd/conf/httpd.conf
LoadModule security2_module modules/mod_security2.so
3.
Restart Apache by entering the following command:
sudo /etc/init.d/httpd restart
4.
ModSecurity is now installed on your Linode.
OWASP ModSecurity Core Rule SetFor a base configuration, we are going to use the OWASP core rule set. Thissection explains how to download the latest tarball and move it into place on yourLinode.
Ubuntu / Debian
To grab the latest tarball on a Linode running Ubuntu or Debian, enter the followingcommands, one by one:
cd /etc/apache2wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crstar xzf modsecurity-crs_2.2.5.tar.gzmv modsecurity-crs_2.2.5 modsecurity-crscd modsecurity-crs
The OWASP core rule set is now in place on your Linode.
CentOS / Fedora
mod_security on Apache – Linode Library
2 of 5
To grab the latest tarball on a Linode running CentOS or Fedora, enter the followingcommands, one by one:
cd /etc/httpd/confwget http://downloads.sourceforge.net/project/mod-security/modsecurity-crstar xzf modsecurity-crs_2.2.5.tar.gzmv modsecurity-crs_2.2.5 modsecurity-crscd modsecurity-crs
The OWASP core rule set is now in place on your Linode.
Configuring ModSecurityYou'll want to use the modsecurity_10_crs_config, so let's copy that from theexample:
cp modsecurity_crs_10_config.conf.example modsecurity_crs_10_config.conf
There are five rules directories:
activated_rulesbase_rulesexperimental_rulesoptional_rulesslr_rules
NoteThe activated_rules directory will be empty in case you wantedto symlink the configuration files for the rules you wish to useinto that directory.
There are two ways to configure ModSecurity: use a basic ruleset, or use symboliclinks. The following sections explain how to use both methods.
Using a Basic Ruleset
If you want to get started with a basic ruleset and would rather not bother withsymbolically linking configuration files, perform the following steps:
Modify your httpd.conf file as shown below:
File: /etc/apache2/httpd.conf (Debian / Ubuntu)
<IfModule security2_module> Include modsecurity-crs/*.conf Include modsecurity-crs/base_rules/*.conf</IfModule>
File: /etc/httpd/conf/httpd.conf (CentOS / Fedora)
1.
mod_security on Apache – Linode Library
3 of 5
<IfModule security2_module> Include modsecurity-crs/*.conf Include modsecurity-crs/base_rules/*.conf</IfModule>
In the modsecurity_crs_20_protocol_violations.conf file, rename theREQBODY_ERROR variable to REQBODY_PROCESSOR_ERROR.
2.
Restart Apache for the updates to take effect:
Debian / Ubuntu:
/etc/init.d/apache2 restart
CentOS / Fedora:
/etc/init.d/httpd restart
3.
You have successfully configured ModSecurity.
Using Symbolic Links
If you would rather symbolically link those configuration files to the activated_ruledirectory, perform the following steps:
Edit the Apache configuration file so IfModule looks like this:
File: /etc/apache2/httpd.conf (Debian / Ubuntu)
<IfModule security2_module> Include modsecurity-crs/modsecurity_crs_10_config.conf Include modsecurity-crs/activated_rules/*.conf</IfModule>
File: /etc/httpd/conf/httpd.conf (CentOS / Fedora)
<IfModule security2_module> Include modsecurity-crs/modsecurity_crs_10_config.conf Include modsecurity-crs/activated_rules/*.conf</IfModule>
1.
Create the symbolic links before restarting Apache. A few examples areshown below.
To copy all the base_rules over to activated_rules:
for f in `ls base_rules/` ; do ln -s /usr/local/apache/conf
To copy the comment spam rules from the optional_rules
2.
mod_security on Apache – Linode Library
4 of 5
directory to the activated_rules directory:
for f in `ls optional_rules/ | grep comment_spam` ; do sudo
Restart Apache for the updates to take effect:
Debian / Ubuntu:
/etc/init.d/apache2 restart
CentOS / Fedora:
/etc/init.d/httpd restart
3.
You have successfully configured ModSecurity.
More InformationYou may wish to consult the following resources for additional information on thistopic. While these are provided in the hope that they will be useful, please note thawe cannot vouch for the accuracy or timeliness of externally hosted materials.
ModSecurity Home PageModSecurity WikiOWASP Home PageOWASP ModSecurity Core Rule Set Wiki
This guide is licensed under a Creative Commons Attribution-NoDerivs 3.0 United StatesLicense.
Last edited by Matthew Cone on Tuesday, August 14th, 2012 (r3011).
mod_security on Apache – Linode Library
5 of 5