Mod_Security is free and open source web application firewall for Apache and Nginx. It is very useful for protecting your web server from various attacks by blocking most of the known exploits using regular expressions and rule sets. Mod_security can detect attacks by monitoring analyzing the HTTP traffic in real time.
In this blog tutorial we will guide you through the process of installing mod_security with the OWASP (Open Web Application Security Project) core rule set on a CentOS.
Modsecurity Installation & Configuration:
1. Download latest mod_security from: http://www.jasonlitka.com/yum-repository/
and copy the RPMS’s to required server.
In this blog tutorial we will guide you through the process of installing mod_security with the OWASP (Open Web Application Security Project) core rule set on a CentOS.
Modsecurity Installation & Configuration:
# rpm -ivh mod_security
# rpm -ivh lua
· 2. Download latest OWASP Mod_Security Rule Set from : https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
# tar -xvf modsecurity-crs.tar.gz
3. Exclude experimental rules set from download modsecurity
complete rule set. ( this is excluded as rules are experimental)
# cp -avf modsecurity-csr/* /etc/httpd/modsecurity.d/
4 Add below entire’s to ssl.conf for the enabling
modsecurity.
# Service httpd restart
Mod_security configuration files:
/etc/httpd/conf.d/mod_security.conf
– main
configuration file for the mod_security Apache module.
/etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.
/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
– Configuration contained in this file should be
customized for your specific requirements before deployment.
/var/log/httpd/modsec_debug.log
– Use debug messages for debugging mod_security
rules and other problems.
/var/log/httpd/modsec_audit.log
– All requests that trigger a ModSecurity
events (as detected) or r error are logged (“RelevantOnly”) are logged into
this file.
/var/log/httpd/modsec_debug.log
– Use debug messages for debugging mod_security
rules and other problems.
/var/log/httpd/modsec_audit.log
– All requests that trigger a ModSecurity
events (as detected) or r error are logged (“RelevantOnly”) are logged into
this file.OR
Another way to use install and configure the Mod_security with the OWASP core rules:
Before we start the installation of mod_security, we need to install the following dependencies first
yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git
Download the mod_security source code from their official website to your server
cd /opt/
wget https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz
Extract the downloaded archive and change the current working directory to the newly extracted directory
tar xzfv modsecurity-2.8.0.tar.gz
cd modsecurity-2.8.0
Now, lets configure, compile and install mod_security from the source code
./configure
make
make install
Copy the default mod_security configuration and the unicode.mapping file to the necessary Apache directory
cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
cp unicode.mapping /etc/httpd/conf.d/
With this step, mod_security is installed on your server. Now we need to configure the Apache web server.
Open the web server configuration file and add the following line
vi /etc/httpd/conf/httpd.conf
LoadModule security2_module modules/mod_security2.so
Save the changes and restart Apache
/etc/init.d/httpd restart
Download and configure OWASP (Open Web Application Security Project) core rule set for a base configuration
cd /etc/httpd
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv owasp-modsecurity-crs modsecurity-crs
cd modsecurity-crs
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf
Open the Apache configuration file again, and add the following lines at the end of the flie
Include modsecurity-crs/modsecurity_crs_10_config.conf
Include modsecurity-crs/base_rules/*.conf
Save the file and restart the web server again
/etc/init.d/httpd restart
That’s all. You have mod_security with the OWASP core rule set installed on your CentOS VPS.
0 comments:
Post a Comment