Install the (ModSecurity) centos fedora redhat

Install the (ModSecurity)

cd /usr/local/src/

wget http://www.modsecurity.org/tarball/2.7.2/modsecurity-apache_2.7.2.tar.gz

tar -zxvf modsecurity-apache_2.7.2.tar.gz

cd modsecurity-apache_2.7.2

./configure

configure: *** pcre library not found.
configure: error: pcre library is required

yum -y update pcre

additional package dependencies.
yum -y install pcre-devel
yum -y install libxml2
yum -y install libxml2-devel

mod_unique_id need to use mod_security

cd /software/httpd-2.24/modules/metadata

/Usr/local/apache2/bin/apxs -cia Mod_unique_id.C

cd /software/httpd-2.24/Srclib/apr
./configure
make
make install

cd /software/httpd-2.24/Srclib/apr-util

./configure -with-apr=/usr/local/apr/bin/apr-1-config

make
make install

Recomplie apache for PCRE APR APR-UTI

cd /software/httpd-2.24

make clean

/configure –enable-so \
            –enable-rewrite \
            –enable-mods-shared=”unique_id” \
            –with-pcre \
            –with-apr=/usr/local/apr/bin/apr-1-config \
            –with-apr-util=/usr/local/apr/bin/apu-1-config \
            –prefix=/usr/local/apache2
make
make install

Install Mod security
cd /usr/local/src/

cd modsecurity-apache_2.7.2

make clean

./configure \
          –prefix=/usr/local/apache2 \
          –with-apxs=/usr/local/apache2/bin/apxs \
          –with-apr=/usr/local/apache2/bin/apr-1-config \
          –with-apu=/usr/local/apache2/bin/apu-1-config \
          –with-pcre=/usr/bin/pcre-config \
          –with-libxml=/usr/bin/xml2-config \
           LDFLAGS=-L/usr/local/apache2/lib
make
make install

mkdir /var/modsecurity/
mkdir /var/modsecurity/data
mkdir /var/modsecurity/tmp
mkdir /var/modsecurity/upload
chown root:apache /var/modsecurity
chown apache:root /var/modsecurity/data
chown apache:apache /var/modsecurity/tmp
chown apache:root /var/modsecurity/upload/
chmod 750 /var/modsecurity
chmod 700 /var/modsecurity/data
chmod 750 /var/modsecurity/tmp
chmod 700 /var/modsecurity/upload

cd /usr/local/src

wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master

tar xvfz SpiderLabs-owasp-modsecurity-crs-2.2.7-13-g40b2c75.tar.gz

mkdir /usr/local/apache2/crs

cd /usr/local/apache2/crs
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf
vi modsecurity_crs_10_config.conf

SecRuleEngine On
# SecRequestBodyAccess
SecRequestBodyAccess On
SecResponseBodyAccess Off
# SecRequestBodyLimit
SecRequestBodyLimit 5242880
# SecRequestBodyNoFilesLimit
SecRequestBodyNoFilesLimit 51200
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus “^(?:5|4(?!04))”
SecAuditLogType Serial
SecAuditLog logs/modsec_audit.log
SecAuditLogParts “ABIFHKZ”
SecDebugLog             logs/modsec_debug.log
SecDebugLogLevel        3
SecDataDir      /var/modsecurity/data/
SecTmpDir       /var/modsecurity/tmp/
SecUploadDir    /var/modsecurity/upload/

vi /usr/local/apache2/conf/extra/httpd-modsecurity.conf

LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so

Include crs/modsecurity_crs_10_config.conf
Include crs/base_rules/*.conf

apache stop and start

/usr/local/apache2/bin/apachectl stop
/usr/local/apache2/bin/apachectl start

/usr/local/apache2/bin/apachectl -M

tail -f /usr/local/apache2/log/error.log

ModSecurity for Apache/2.2.4 (http://www.modsecurity.org/) configured.
ModSecurity: APR compiled version=”1.4.5″; loaded version=”1.4.5″
ModSecurity: PCRE compiled version=”8.31 “; loaded version=”5.0 13-Sep-2004”
ModSecurity: Loaded PCRE do not match with compiled!
ModSecurity: LIBXML compiled version=”2.8.0″
Apache/2.2.4 (Linux) CovalentSNMP/3.0.3 configured — resuming normal operations
SNMP: CovalentSNMP/3.0.3 started (user ‘106’ – SNMP address ‘1610’ – pid ‘7

Recent Posts

Pages

Categories

Archives

Recent Comments

Categories

Install the (ModSecurity) centos fedora redhat

Leave a Reply Cancel reply

PRODUCTS