How to install mod_security on Linux server
Definition of mod_security or modsecurity :ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful applications from attacks. ModSecurity supports both branches of the Apache web server.
Requirements:
Apache Web Server 1.3x or 2.x
Note: We have confirmed this security addon works with Cpanel based servers.
Installation :
1. Login to your server through SSH and su to the root user.
2. First your going to start out by grabbing the latest version of mod_security
# wget http://www.modsecurity.org/download/mod_security-1.7.4.tar.gz
3. Next we untar the archive and cd into the directory:
# tar zxvf mod_security-1.7.4.tar.gz
# cd mod_security-1.7.4/
4. Now you need to determine which version of apache you use:
APACHE 1.3.x users
cd apache1/
APACHE 2.x users
cd apache2/
5. Lets Compile the module now:
# /usr/local/apache/bin/apxs -cia mod_security.c
6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
# cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup
7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have
pico /usr/local/apache/conf/httpd.conf
8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for
9. Now add this
# Turn the filtering engine On or Off
SecFilterEngine On
# Change Server: string
SecServerSignature " "
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off
# Only allow bytes from this range
SecFilterForceByteRange 1 255
# The audit engine works independently and
# can be turned On or Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly
# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script" # Prevent XSS attacks (HTML/Javascript injection) SecFilter "<(.|n)+>"
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
10. Save the file Ctrl + X then Y
11. Restart Apache
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start
You've successfully installed mod_security!
posted by The Great Anil @ 5:42 AM
Comments: 0
