{"id":1944,"date":"2013-03-13T10:23:30","date_gmt":"2013-03-13T02:23:30","guid":{"rendered":"http:\/\/rmohan.com\/?p=1944"},"modified":"2013-03-13T10:35:39","modified_gmt":"2013-03-13T02:35:39","slug":"install-the-modsecurity-centos-fedora-redhat","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=1944","title":{"rendered":"Install the (ModSecurity) centos fedora redhat"},"content":{"rendered":"

Install the (ModSecurity)<\/p>\n

cd \/usr\/local\/src\/<\/p>\n

wget http:\/\/www.modsecurity.org\/tarball\/2.7.2\/modsecurity-apache_2.7.2.tar.gz<\/a><\/p>\n

tar -zxvf modsecurity-apache_2.7.2.tar.gz<\/p>\n

cd\u00a0 modsecurity-apache_2.7.2<\/p>\n

.\/configure<\/p>\n

configure: *** pcre library not found.
configure: error: pcre library is required<\/p>\n

 <\/p>\n

yum -y update pcre<\/p>\n

additional package dependencies.
yum -y install\u00a0 pcre-devel
yum -y install\u00a0 libxml2
yum -y install\u00a0 libxml2-devel<\/p>\n

mod_unique_id need to use mod_security<\/p>\n

cd \/software\/httpd-2.24\/modules\/metadata<\/p>\n

\/Usr\/local\/apache2\/bin\/apxs -cia Mod_unique_id.C<\/p>\n

cd \/software\/httpd-2.24\/Srclib\/apr
.\/configure
make
make install<\/p>\n

cd \/software\/httpd-2.24\/Srclib\/apr-util<\/p>\n

.\/configure -with-apr=\/usr\/local\/apr\/bin\/apr-1-config<\/p>\n

make
make install<\/p>\n

 <\/p>\n

Recomplie apache for PCRE APR APR-UTI<\/p>\n

cd \/software\/httpd-2.24<\/p>\n

make clean<\/p>\n

\/configure –enable-so \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –enable-rewrite \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –enable-mods-shared=”unique_id” \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –with-pcre \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –with-apr=\/usr\/local\/apr\/bin\/apr-1-config \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –with-apr-util=\/usr\/local\/apr\/bin\/apu-1-config \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –prefix=\/usr\/local\/apache2
make
make install<\/p>\n

 <\/p>\n

Install Mod security
cd \/usr\/local\/src\/<\/p>\n

cd\u00a0 modsecurity-apache_2.7.2<\/p>\n

make clean<\/p>\n

.\/configure \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –prefix=\/usr\/local\/apache2 \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –with-apxs=\/usr\/local\/apache2\/bin\/apxs \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –with-apr=\/usr\/local\/apache2\/bin\/apr-1-config \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –with-apu=\/usr\/local\/apache2\/bin\/apu-1-config \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –with-pcre=\/usr\/bin\/pcre-config \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 –with-libxml=\/usr\/bin\/xml2-config \\
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 LDFLAGS=-L\/usr\/local\/apache2\/lib
make
make install<\/p>\n

 <\/p>\n

mkdir \/var\/modsecurity\/
mkdir \/var\/modsecurity\/data
mkdir \/var\/modsecurity\/tmp
mkdir \/var\/modsecurity\/upload
chown root:apache \/var\/modsecurity
chown apache:root \/var\/modsecurity\/data
chown apache:apache \/var\/modsecurity\/tmp
chown apache:root \/var\/modsecurity\/upload\/
chmod 750 \/var\/modsecurity
chmod 700 \/var\/modsecurity\/data
chmod 750 \/var\/modsecurity\/tmp
chmod 700 \/var\/modsecurity\/upload<\/p>\n

cd \/usr\/local\/src<\/p>\n

wget https:\/\/github.com\/SpiderLabs\/owasp-modsecurity-crs\/tarball\/master<\/a><\/p>\n

tar xvfz SpiderLabs-owasp-modsecurity-crs-2.2.7-13-g40b2c75.tar.gz<\/p>\n

mkdir \/usr\/local\/apache2\/crs<\/p>\n

cd \/usr\/local\/apache2\/crs
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf
vi modsecurity_crs_10_config.conf<\/p>\n

SecRuleEngine On
# SecRequestBodyAccess
SecRequestBodyAccess On
SecResponseBodyAccess Off
# SecRequestBodyLimit
SecRequestBodyLimit 5242880
# SecRequestBodyNoFilesLimit
SecRequestBodyNoFilesLimit 51200
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus “^(?:5|4(?!04))”
SecAuditLogType Serial
SecAuditLog logs\/modsec_audit.log
SecAuditLogParts “ABIFHKZ”
SecDebugLog\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 logs\/modsec_debug.log
SecDebugLogLevel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 3
SecDataDir\u00a0\u00a0\u00a0\u00a0\u00a0 \/var\/modsecurity\/data\/
SecTmpDir\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/var\/modsecurity\/tmp\/
SecUploadDir\u00a0\u00a0\u00a0 \/var\/modsecurity\/upload\/<\/p>\n

vi \/usr\/local\/apache2\/conf\/extra\/httpd-modsecurity.conf<\/p>\n

LoadModule unique_id_module modules\/mod_unique_id.so
LoadModule security2_module modules\/mod_security2.so
\u00a0
Include crs\/modsecurity_crs_10_config.conf
Include crs\/base_rules\/*.conf<\/p>\n

apache stop and start<\/p>\n

\/usr\/local\/apache2\/bin\/apachectl stop
\/usr\/local\/apache2\/bin\/apachectl\u00a0 start<\/p>\n

\/usr\/local\/apache2\/bin\/apachectl -M<\/p>\n

tail -f \/usr\/local\/apache2\/log\/error.log<\/p>\n

\u00a0ModSecurity for Apache\/2.2.4 (http:\/\/www.modsecurity.org\/<\/a>) configured.
\u00a0ModSecurity: APR compiled version=”1.4.5″; loaded version=”1.4.5″
\u00a0ModSecurity: PCRE compiled version=”8.31 “; loaded version=”5.0 13-Sep-2004”
\u00a0ModSecurity: Loaded PCRE do not match with compiled!
\u00a0ModSecurity: LIBXML compiled version=”2.8.0″
\u00a0Apache\/2.2.4 (Linux) CovalentSNMP\/3.0.3 configured — resuming normal operations
\u00a0SNMP: CovalentSNMP\/3.0.3 started (user ‘106’ – SNMP address ‘1610’ – pid ‘7<\/p>\n","protected":false},"excerpt":{"rendered":"

Install the (ModSecurity)<\/p>\n

cd \/usr\/local\/src\/<\/p>\n

wget http:\/\/www.modsecurity.org\/tarball\/2.7.2\/modsecurity-apache_2.7.2.tar.gz<\/p>\n

tar -zxvf modsecurity-apache_2.7.2.tar.gz<\/p>\n

cd modsecurity-apache_2.7.2<\/p>\n

.\/configure<\/p>\n

configure: *** pcre library not found.configure: error: pcre library is required<\/p>\n

 <\/p>\n

yum -y update pcre<\/p>\n

additional package dependencies.yum -y install pcre-develyum -y install libxml2yum -y install libxml2-devel<\/p>\n

mod_unique_id need to use mod_security<\/p>\n

cd \/software\/httpd-2.24\/modules\/metadata<\/p>\n

\/Usr\/local\/apache2\/bin\/apxs -cia Mod_unique_id.C<\/p>\n

cd \/software\/httpd-2.24\/Srclib\/apr.\/configuremakemake install<\/p>\n

cd […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1944"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1944"}],"version-history":[{"count":3,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1944\/revisions"}],"predecessor-version":[{"id":1946,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1944\/revisions\/1946"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}