Enhancing apache with modsecurity
need basically 2 things:
- The source for mod_security
- A basic set of rules, which will be packaged in the RPM
Once you have these files, you’ll just need to unpack the tarball:
[gallegosja@gallegosja gallegosja]$ tar -xvzf mod_security-1.8.4.tar.gz
go to the apache 2 module (you can enter the apache1 directory for the module for apache 1.x too) inside the recently unpacked directory and run apxs (you will need root permissions to do this):
[gallegosja@gallegosja gallegosja]$ cd mod_security-1.8.4/apache2/
[gallegosja@gallegosja apache2]$ sudo /usr/sbin/apxs -cia mod_security.c
/bin/sh /usr/lib/apr/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -march=i386 -mcpu=i686 -DAP_HAVE_DESIGNATED_INITIALIZER -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apr-0 -I/usr/include/httpd -c -o mod_security.lo mod_security.c && touch mod_security.slo
/bin/sh /usr/lib/apr/build/libtool --silent --mode=link gcc -o mod_security.la -rpath /usr/lib/httpd/modules -module -avoid-version mod_security.lo
/usr/lib/httpd/build/instdso.sh SH_LIBTOOL='/bin/sh /usr/lib/apr/build/libtool' mod_security.la /usr/lib/httpd/modules
/bin/sh /usr/lib/apr/build/libtool --mode=install cp mod_security.la /usr/lib/httpd/modules/
cp .libs/mod_security.so /usr/lib/httpd/modules/mod_security.so
cp .libs/mod_security.lai /usr/lib/httpd/modules/mod_security.la
cp .libs/mod_security.a /usr/lib/httpd/modules/mod_security.a
ranlib /usr/lib/httpd/modules/mod_security.a
chmod 644 /usr/lib/httpd/modules/mod_security.a
PATH="$PATH:/sbin" ldconfig -n /usr/lib/httpd/modules
----------------------------------------------------------------------
Libraries have been installed in:
/usr/lib/httpd/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/lib/httpd/modules/mod_security.so
[activating module `security' in /etc/httpd/conf/httpd.conf]
[gallegosja@gallegosja apache2]$
Restart your apache web server…
[gallegosja@gallegosja apache2]$ sudo /sbin/service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] [gallegosja@gallegosja apache2]$
This just restarted your apache server, and placed a file in /etc/httpd/conf.d/mod_security.conf with a set of general rules… very general rules. You will need to change several of these rules and activate/deactivate some of them, you might find this conf file a little bit more useful
Where?
The mod_security.conf file is located in the conf.d directory of the apache configuration directory, and the logs (if you downloaded the .conf file provided above) in /var/log/httpd/audit_log, otherwise you can define in the .conf file where to dump the logs
The configuration file contains a very basic set of rules and although they’re quite useful for a simple site, more complex rules might be in order for your site’s specific needs. If you need more information on how you can create new rules or modify existing rules, read the documentation in the /usr/share/doc/mod_security-1.8.4 directory or read it online at the project’s home page.