ModSecurity is a great application which will help you to prevent attacks (including injections) to your webserver. On this article I’ll cover the installation of ModSecurity 2.5.1 on CentOS 4.6 with Apache2 running Ensim X.
First you need to meet the requirements:
You can use yum in order to install/upgrade the mentioned packages.
Once you met the requirements you can go and download mod_security from here.
wget http://www.modsecurity.org/download/modsecurity-apache_2.5.1.tar.gz tar -zxvf modsecurity-apache_2.5.1.tar.gz cd modsecurity-apache_2.5.1/apache2 ./configure make make install
By now mod_security should be installed on your system and we are just 1 step away from glory. You need to modify your apache config’s file /etc/httpd/conf/httpd.conf (backup your config first!!!).
Edit your /etc/httpd/conf/httpd.conf file and locate the LoadModule’s section (DSO) and at the following lines:
# load libxml2.so before any other module LoadFile /usr/lib/libxml2.so # here goes the rest of the default modules, I'm only pasting a few as an example LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so ......... # and at the end add the lines needed for mod_security LoadModule unique_id_module modules/mod_unique_id.so LoadModule security2_module modules/mod_security2.so Include conf/modsecurity/*.conf
We are almost done, we have mod_security installed and Apache configured to load mod_security. If you noticed, the last line we added (Include conf/modsecurity/*.conf) makes reference to the default rules mod_security includes in another file modsecurity-core-rules_2.5-1.6.0.tar.gz
cd /usr/local/src wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.0.tar.gz mkdir /etc/httpd/conf/modsecurity cd /etc/httpd/conf/modsecurity tar -zxvf /usr/local/src/modsecurity-core-rules_2.5-1.6.0.tar.gz service httpd restart
If you didn’t get any error/warning check your logs just to make sure apache restarted without issues. If no errors then that means you’ve succesfully installed mod_security on your server hurray! 🙂
Take note that mod_security 2 has it’s default rules which are completely different than mod_security 1, you are free to go to /etc/httpd/conf/modsecurity and change/add rules according to your needs, and I highly recommend you to read ModSecurity documentation before doing that.
I took the best of the following sites to bring you this small HOWTO:
That’s all for today, I’m outta here 😉