How to Install Mod_Security to Apache HTTP Server on CentOS 6.3

ModSecurity is an open source web application firewall and intrusion detection and prevention system that provide filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

1. Install some dependency packages for mod_security :

[root@centos63 ~]# yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel -y

Compile the modsecurity source code and module to install mod_security in your httpd.conf file. Run the followings commands as root :

[root@centos63 ~]# cd /usr/src/

2. Download mod_security :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz

Examples :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
--2012-09-17 16:06:20--  http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
Resolving www.modsecurity.org... 204.13.200.240
Connecting to www.modsecurity.org|204.13.200.240|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:21--  http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:22--  http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz [following]
--2012-09-17 16:06:23--  http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz
Resolving cdnetworks-kr-1.dl.sourceforge.net... 211.39.135.162
Connecting to cdnetworks-kr-1.dl.sourceforge.net|211.39.135.162|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 785852 (767K) [application/x-gzip]
Saving to: âmodsecurity-apache_2.6.7.tar.gzâ

100%[==========================================================>] 785,852     88.6K/s   in 8.7s

2012-09-17 16:06:32 (88.1 KB/s) - âmodsecurity-apache_2.6.7.tar.gzâ

3. Unpack the ModSecurity archive :

[root@centos63 src]# tar xzvf modsecurity-apache_2.6.7.tar.gz

4. Enter the extracted mod_security’s directory :

[root@centos63 src]# cd modsecurity-apache_2.6.7

5. Run the configure script to generate a Makefile. Typically no options are needed.

[root@centos63 modsecurity-apache_2.6.7]# ./configure

6. Install the ModSecurity module with :

[root@centos63 modsecurity-apache_2.6.7]# make install

7. Copy the The configuration file to /etc/httpd/conf.d directory :

[root@centos63 modsecurity-apache_2.6.7]# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

8. Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration. It’s used to protect from unknown vulnerabilities which often found on web applications :

[root@centos63 ~]# cd /etc/httpd
[root@centos63 httpd]# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# tar xzvf modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# mv modsecurity-crs_2.2.5 modsecurity-crs
[root@centos63 modsecurity-crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

9. Configure Apache httpd config file :

[root@centos63 ~]# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and make sure you load the ModSecurity module with the following line :

..
..
LoadModule security2_module modules/mod_security2.so
..
..

Configure ModSecurity. Add these line at the bottom of http.conf file :

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_setup.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

10. Restart the Apache service to enable mod_security module and their rules :

[root@centos63 ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

11. Verify everything working fine :

[root@centos63 ~]# httpd -t
Syntax OK
[root@centos63 ~]# tail -f /var/log/httpd/error_log
[Mon Sep 17 18:49:58 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Mon Sep 17 20:24:27 2012] [notice] caught SIGTERM, shutting down
[Mon Sep 17 20:24:28 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Mon Sep 17 20:24:28 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Sep 17 20:24:28 2012] [notice] Digest: done
[Mon Sep 17 20:24:28 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7

This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7. Basically, we will...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

Leave a Reply

Your email address will not be published. Required fields are marked *