Apache and ModSecurity (step by step guide)

Discussion regarding the installation and configuration of Linux distributions.
Post Reply
nasacis
Battalion Havaldaar Major
Posts: 269
Joined: Sat Dec 13, 2003 3:58 pm
Location: Faisalabad
Contact:

Apache and ModSecurity (step by step guide)

Post by nasacis »

Apache and ModSecurity

Introduction
ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out
over the web application level, organisations need all the help they can get in making
their systems secure. WAFs are deployed to establish an increased external security layer
to detect and/or prevent attacks before they reach web applications. ModSecurity provides
protection from a range of attacks against web applications and allows for HTTP traffic
monitoring and real-time analysis with little or no changes to existing infrastructure.

pre-installation check list
libxml2
libpcre
install all above packages before installing modsecurity

Installing and configuring Lua
cd /usr/src
wget http://www.lua.org/ftp/lua-5.1.3.tar.gz
wget http://www.lua.org/ftp/patch-lua-5.1.3
tar zxvf lua.5.1.3.tar.gz
cd lua.5.1.3/src
patch < /usr/src/patch-lua.5.1.3
cd ..
make linux
make test
make linux install
cd /usr/local/lib
gcc -shared -o liblua.5.1.3.so /usr/local/lib/liblua.a
ln -s liblua.5.1.3.so liblua.so

Installing and configure Apache
./configure --prefix=/usr/local/apache --enable-unique-id
make
make install
cp /usr/local/apache/bin/apachectl /etc/rc.d/init.d/httpd
ln -s /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S86httpd
/etc/rc.d/init.d/httpd start

installing and configure modsecurity
./configure --wiith-apxs=/usr/local/apache/bin/apxs
make
make test #optional
make install
vi /usr/local/apache/conf/httpd.conf
#add these lines in your httpd.conf
LoadFile /usr/lib/libxml2.so
LoadFile /usr/local/lib/liblua.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf
mkdir -p /usr/local/apache/conf/modsecurity
chown -R nobody.nobody /usr/local/apache/conf/modsecurity # used appropriate username/group to run your apache server
#for basic configuration of modsecurity, copy these two files from source of modsecurity and for further rules check ruls folder in source directory of modsecurity
cp /usr/src/modsecurity-apache_2.5.5/rules/modsecurity_crs_10_config.conf /usr/local/apache/conf/modsecurity
cp /usr/src/modsecurity-apache_2.5.5/rules/modsecurity_crs_30_http_policy.conf /usr/local/apache/conf/modsecurity
/etc/rc.d/init.d/httpd restart

you should now have modseccurity 2.x up and running
tail -f /usr/local/apache/logs/error_log # you will see below line
[Wed Jul 30 22:27:19 2008] [notice] ModSecurity for Apache/2.5.5 (http://www.modsecurity.org/) configured.

Regards
Nafees Ahmed
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

isn't it simpler to just install the package from here? most users won't need to compile lua or apache, either (notes).
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
nasacis
Battalion Havaldaar Major
Posts: 269
Joined: Sat Dec 13, 2003 3:58 pm
Location: Faisalabad
Contact:

Post by nasacis »

i know that it is option package but modsecurity requires dynamic libraries which are not built by default in the source distribution
Nafees Ahmed
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

Hi Nafees,

could tell me a bit more about modsecurity, what about its rule and what is optimum configuration for web server.

Thanks,
Noman liaquat
nasacis
Battalion Havaldaar Major
Posts: 269
Joined: Sat Dec 13, 2003 3:58 pm
Location: Faisalabad
Contact:

Post by nasacis »

check rules, i just use basic rules in howto
Nafees Ahmed
Cell: +92.300.8653568
UAN: 041-111432432
Nexlinx Faisalabad
www.nexlinx.net.pk
nafees29@gmail.com
Post Reply