Trace: » mod_security_on_debian
You are here: IspCP Documentation » HowTo's for ispCP » Security » mod_security_on_debian
Translations of this page?:

How to install latest mod-security on debian lenny (probably applicable to other debian based distributions), there are .debs available but they are out of date so you need to install it manually.

In my opinion no apache server should be without mod-security, it helps filter out a lot of potential security holes in software to help protect your webserver, this has saved me a number of times when running beta/old code like vhcs/ispcp or code like phpbb/wordpress/other popular web software.

More info on modsecurity here: http://www.modsecurity.org/

1. Install required packages: 

 
 apt-get install libxml2-dev liblua5.1-0 lua5.1 apache2-threaded-dev

2. Fetch the latest mod-security (2.5.4 from May 6) 

 
 cd /tmp
 wget http://www.modsecurity.org/download/modsecurity-apache_2.5.4.tar.gz

3. Extract mod-security 

 
 tar zxvf modsecurity-apache_2.5.4.tar.gz

4. Enter mod-security directory 

 
 cd modsecurity-apache_2.5.4/apache2/

5. Build mod-security 

 
 ./configure && make && make install
 If all is well mod-security should now be in /usr/lib/apache2/modules/ and called mod_security2.so

6. Create the mod-security load file for apache to load it 

 
 vi /etc/apache2/mods-available/mod-security2.load
 and add the following lines:
 LoadFile /usr/lib/libxml2.so
 LoadFile /usr/lib/liblua5.1.so.0
 LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
 and save it (ESC :wq)

7. Enable the module to load with apache (unique_id is required for mod-security, it should come standard with apache) 

 
 a2enmod mod-security2
 a2enmod unique_id

8. Tell apache where to load the mod-security config 

 
 vi /etc/apache2/conf.d/mod-security2.conf
 and add the following line:
 
 
 Include /etc/modsecurity2/*.conf
 and save it (ESC :wq)

9. Create the mod-security directories and logs 

 
 mkdir /etc/modsecurity2
 mkdir /etc/modsecurity2/logs
 touch /etc/modsecurity2/logs/modsec_audit.log
 touch /etc/modsecurity2/logs/modsec_debug.log

10. Copy the core rules into the mod-security dirs (more info on the core rules can be found on 

 
 http://www.modsecurity.org/projects/rules/index.html)
 
 
 cp /tmp/modsecurity-apache_2.5.4/rules/*.conf /etc/modsecurity2

11. Update the rules so the log locations are correct 

 
 vi /etc/modsecurity2/modsecurity_crs_10_config.conf
 Find SecDebugLog logs/modsec_debug.log
 Replace with SecDebugLog /etc/modsecurity2/logs/modsec_debug.log
 Find SecAuditLog logs/modsec_audit.log
 Replace with SecAuditLog /etc/modsecurity2/logs/modsec_audit.log
 and save it (ESC :wq)

12. Check apache config is ok 

 
 apache2ctl configtest
 (should return Syntax OK)

13. Restart apache 

 
 /etc/init.d/apache2 restart

14. Check mod-security2 is running 

 
 cat /var/log/apache2/error.log | grep ModSecurity
 [Thu Mar 27 14:56:58 2008] [notice] ModSecurity for Apache/2.5.4 (http://www.modsecurity.org/) configured.

Done!

More info on mod-security http://www.modsecurity.org/

These instructions were taken from http://www.debianitalia.org/modules/wfse...icleid=161 and updated/fixed as needed.

Copyright by hxbro — ZooL. 2008/04/19 15:23

 
howto/security/mod_security_on_debian.txt · Last modified: 2008/06/25 09:32 (external edit)
 
Recent changes RSS feed Creative Commons License Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki

| All rights reserved : isp-control.net |