Wednesday, December 23, 2009

How to install mod-security in debian etch

ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the "Swiss Army Knife of web application firewalls.

How to install latest mod-security on debian etch, there are .debs available now install it manually.

In my opinion no apache server should be without mod-security, it helps filter out a lot of potential security holes in software to help protect your webserver.
More info on modsecurity here: http://www.modsecurity.org/

Install required packages:
# apt-get install libxml2-dev liblua5.1-0 lua5.1 apache2-threaded-dev
Fetch the latest mod-security (2.5.1 at time of writing)
#wgethttp://www.modsecurity.org/download/modsecurity-apache_2.5.1.tar.gz
Extract mod-security
#tar -xvf modsecurity-apache_2.5.1.tar.gz
Enter mod-security directory
#cd modsecurity-apache_2.5.1/apache2/
Build mod-security
#./configure
#make
#make install

If all is well mod-security should now be in /usr/lib/apache2/modules/ and called mod_security2.so

Create the mod-security load file for apache to load it
#vi /etc/apache2/mods-available/mod-security2.load
and add the following lines:

LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua5.1.so.0
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so

 Restart the apache server
#/etc/init.d/apache2 force-reload
#/etc/init.d/apache2 restart

Tell apache where to load the mod-security config
#vi /etc/apache2/conf.d/mod-security2.conf
and add the following line:

 Include /etc/modsecurity2/*.conf

Create the mod-security directories and logs
#mkdir /etc/modsecurity2
# mkdir /etc/modsecurity2/logs
# touch /etc/modsecurity2/logs/modsec_audit.log
 # touch /etc/modsecurity2/logs/modsec_debug.log

Copy the core rules into the mod-security dirs (more info on the core rules can be found on http://www.modsecurity.org/projects/rules/index.html)

#cp /tmp/modsecurity-apache_2.5.1/rules/*.conf   /etc/modsecurity2

Update the rules so the log locations are correct
#vi /etc/modsecurity2/modsecurity_crs_10_config.conf
Find  SecDebugLog  logs/modsec_debug.log
  Replace with SecDebugLog /etc/modsecurity2/logs/modsec_debug.log
Find  SecAuditLog   logs/modsec_audit.log
  Replace with SecAuditLog /etc/modsecurity2/logs/modsec_audit.log

 Check apache config is ok
#apache2ctl configtest
Restart apache
#/etc/init.d/apache2 restart 
Check mod-security2 is running
#cat /var/log/apache2/error.log | grep ModSecurity 


[Thu Mar 27 14:56:58 2008] [notice] ModSecurity for Apache/2.5.1 (http://www.modsecurity.org/) configured.
Done!
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)