Install mod_security

modsecurity

############################################################################

Homepage : http://www.modsecurity.org

Documentation : http://www.modsecurity.org/documentation/index.html

Download : http://www.modsecurity.org/download/direct.html

           (latest version : modsecurity-apache_2.5.2.tar.gz  (20080422)

Requirement : liblua5.1.so

OS : CentOS5.1

Webserver : Apache / 2.2.3

############################################################################

###############################################
# >> Install on the apache on the rpm version.#
###############################################

cd /usr/local/src/

wget http://www.modsecurity.org/download/modsecurity-apache_2.5.2.tar.gz

wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.0.tar.gz

tar xvfzp modsecurity-apache_2.5.2.tar.gz

mv modsecurity-apache_2.5.2 webfirewall

cd /usr/local/src/webfirewall/apache2

./configure

======
checking for strerror... yes
checking for strncasecmp... yes
checking for strrchr... yes
checking for strstr... yes
checking for strtol... yes
configure: looking for Apache module support via DSO through APXS
configure: error: couldn't find APXS
=======

[root@Mung apache2]# apxs
-bash: apxs: command not found

yum install httpd-devel

[root@Mung run]# apxs
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...

========

./configure

make

make install

vi /etc/httpd/conf/httpd.conf

#########################################################
# Webfirewall
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so

LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua5.1.so

Include conf.d/firewall/*.conf

#########################################################

/etc/rc.d/init.d/httpd start

===========
Starting httpd: httpd: Syntax error on line 206 of /etc/httpd/conf/httpd.conf: Cannot load /usr/lib/liblua5.1.so into server: /usr/lib/liblua5.1.so: cannot open shared object file: No such file or directory
                                                           [FAILED]

===========

cd /usr/local/src

wget http://www.lua.org/ftp/lua-5.1.3.tar.gz

tar xvfzp lua-5.1.3.tar.gz

cd lua-5.1.3

make linux install

=============

wget http://luaforge.net/frs/download.php/3108/lua5_1_3_Linux26g4_lib.tar.gz

tar xvfzp lua5_1_3_Linux26g4_lib.tar.gz

cp liblua5.1.so /usr/lib/

/etc/rc.d/init.d/httpd start

httpd -M

==============
 version_module (shared)
 security2_module (shared)
 php5_module (shared)
 proxy_ajp_module (shared)
 ssl_module (shared)
Syntax OK
================

mkdir /etc/httpd/conf.d/firewall

cp /usr/local/src/webfirewall/modsecurity.conf-minimal /etc/httpd/conf.d/firewall/modsecurity.conf

cp /usr/local/src/webfirewall/rules/modsecurity_crs_10_config.conf /etc/httpd/conf.d/firewall/

vi /etc/httpd/conf.d/firewall//etc/httpd/conf.d/firewall/

===============
SecServerSignature "Microsoft-IIS/5.0"
#SecServerSignature "Apache/2.2.0 (Fedora)"
===============

/etc/rc.d/init.d/httpd restart

==================================
# without mod_security
==================================
curl --head http://127.0.0.1/

HTTP/1.1 200 OK
Date: Tue, 22 Apr 2008 11:20:18 GMT
Server: Apache/2.2.0 (Fedora)
Last-Modified: Tue, 22 Apr 2008 10:58:44 GMT
ETag: "57e40-5-19900100"
Accept-Ranges: bytes
Content-Length: 5
Connection: close
Content-Type: text/html; charset=UTF-8
X-Pad: avoid browser bug

==================================
# with mod_security
==================================
curl --head http://127.0.0.1/                               
HTTP/1.1 200 OK
Date: Tue, 22 Apr 2008 11:21:01 GMT
Server: Microsoft-IIS/5.0
Last-Modified: Tue, 22 Apr 2008 10:58:44 GMT
ETag: "57e40-5-19900100"
Accept-Ranges: bytes
Content-Length: 5
Connection: close
Content-Type: text/html; charset=UTF-8

#######################
# >> Rule setting     #
#######################

cd /usr/local/src

tar xvfzp modsecurity-core-rules_2.5-1.6.0.tar.gz

cp *.conf /etc/httpd/conf.d/firewall/

/etc/rc.d/init.d/httpd restart