Apache and ModSecurity (step by step guide)

Discussion regarding the installation and configuration of Linux distributions.

Apache and ModSecurity (step by step guide)

Postby nasacis » Wed Jul 30, 2008 10:09 pm

Apache and ModSecurity

Introduction
ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out
over the web application level, organisations need all the help they can get in making
their systems secure. WAFs are deployed to establish an increased external security layer
to detect and/or prevent attacks before they reach web applications. ModSecurity provides
protection from a range of attacks against web applications and allows for HTTP traffic
monitoring and real-time analysis with little or no changes to existing infrastructure.

pre-installation check list
libxml2
libpcre
install all above packages before installing modsecurity

Installing and configuring Lua
cd /usr/src
wget http://www.lua.org/ftp/lua-5.1.3.tar.gz
wget http://www.lua.org/ftp/patch-lua-5.1.3
tar zxvf lua.5.1.3.tar.gz
cd lua.5.1.3/src
patch < /usr/src/patch-lua.5.1.3
cd ..
make linux
make test
make linux install
cd /usr/local/lib
gcc -shared -o liblua.5.1.3.so /usr/local/lib/liblua.a
ln -s liblua.5.1.3.so liblua.so

Installing and configure Apache
./configure --prefix=/usr/local/apache --enable-unique-id
make
make install
cp /usr/local/apache/bin/apachectl /etc/rc.d/init.d/httpd
ln -s /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S86httpd
/etc/rc.d/init.d/httpd start

installing and configure modsecurity
./configure --wiith-apxs=/usr/local/apache/bin/apxs
make
make test #optional
make install
vi /usr/local/apache/conf/httpd.conf
#add these lines in your httpd.conf
LoadFile /usr/lib/libxml2.so
LoadFile /usr/local/lib/liblua.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf
mkdir -p /usr/local/apache/conf/modsecurity
chown -R nobody.nobody /usr/local/apache/conf/modsecurity # used appropriate username/group to run your apache server
#for basic configuration of modsecurity, copy these two files from source of modsecurity and for further rules check ruls folder in source directory of modsecurity
cp /usr/src/modsecurity-apache_2.5.5/rules/modsecurity_crs_10_config.conf /usr/local/apache/conf/modsecurity
cp /usr/src/modsecurity-apache_2.5.5/rules/modsecurity_crs_30_http_policy.conf /usr/local/apache/conf/modsecurity
/etc/rc.d/init.d/httpd restart

you should now have modseccurity 2.x up and running
tail -f /usr/local/apache/logs/error_log # you will see below line
[Wed Jul 30 22:27:19 2008] [notice] ModSecurity for Apache/2.5.5 (http://www.modsecurity.org/) configured.

Regards
Nafees Ahmed
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com
nasacis
Battalion Havaldaar Major
 
Posts: 269
Joined: Sat Dec 13, 2003 3:58 pm
ICQ: 22342780
Website: http://www.homepages.com.pk/nafeesahmed
WLM: nafees21
Yahoo Messenger: n_ahmad.rm
Location: Faisalabad

Postby lambda » Thu Jul 31, 2008 12:53 am

isn't it simpler to just install the package from here? most users won't need to compile lua or apache, either (notes).
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby nasacis » Thu Jul 31, 2008 9:28 am

i know that it is option package but modsecurity requires dynamic libraries which are not built by default in the source distribution
Nafees Ahmed

Cell: +92.300.8653568

UAN: 041-111432432

Nexlinx Faisalabad

www.nexlinx.net.pk

nafees29@gmail.com
nasacis
Battalion Havaldaar Major
 
Posts: 269
Joined: Sat Dec 13, 2003 3:58 pm
ICQ: 22342780
Website: http://www.homepages.com.pk/nafeesahmed
WLM: nafees21
Yahoo Messenger: n_ahmad.rm
Location: Faisalabad

Postby nomankhn » Sat Aug 09, 2008 10:50 pm

Hi Nafees,

could tell me a bit more about modsecurity, what about its rule and what is optimum configuration for web server.

Thanks,
Noman liaquat
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby nasacis » Mon Aug 11, 2008 8:32 am

check rules, i just use basic rules in howto
Nafees Ahmed

Cell: +92.300.8653568

UAN: 041-111432432

Nexlinx Faisalabad

www.nexlinx.net.pk

nafees29@gmail.com
nasacis
Battalion Havaldaar Major
 
Posts: 269
Joined: Sat Dec 13, 2003 3:58 pm
ICQ: 22342780
Website: http://www.homepages.com.pk/nafeesahmed
WLM: nafees21
Yahoo Messenger: n_ahmad.rm
Location: Faisalabad


Return to “%s” Installation

Who is online

Users browsing this forum: No registered users and 1 guest

cron