How to Install Mod_Security to Apache HTTP Server on CentOS 6.3

ModSecurity is an open-source web application firewall and intrusion detection and prevention system that provides filtering and other security features to the Apache HTTP Server. As a web application layer firewall, ModSecurity allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure. This tutorial will guide you through the process of installing ModSecurity to your Apache HTTP Server on CentOS 6.3.

Before we dive into the installation process, it’s important to understand the role of ModSecurity in enhancing the security of your web server. ModSecurity is a crucial component in securing your Apache server.

Step 1: Install Dependency Packages for ModSecurity

First, you need to install some dependency packages for ModSecurity. Run the following command as root:

[root@centos63 ~]# yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel -y

This command installs the necessary packages, including gcc, make, libxml2, libxml2-devel, httpd-devel, pcre-devel, and curl-devel.

Step 2: Download ModSecurity

Next, navigate to the /usr/src/ directory and download the ModSecurity package:

[root@centos63 ~]# cd /usr/src/
[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz

This command downloads the ModSecurity package from the official website.

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
--2012-09-17 16:06:20--  http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
Resolving www.modsecurity.org... 204.13.200.240
Connecting to www.modsecurity.org|204.13.200.240|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:21--  http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:22--  http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz [following]
--2012-09-17 16:06:23--  http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz
Resolving cdnetworks-kr-1.dl.sourceforge.net... 211.39.135.162
Connecting to cdnetworks-kr-1.dl.sourceforge.net|211.39.135.162|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 785852 (767K) [application/x-gzip]
Saving to: âmodsecurity-apache_2.6.7.tar.gzâ

100%[==========================================================>] 785,852     88.6K/s   in 8.7s

2012-09-17 16:06:32 (88.1 KB/s) - âmodsecurity-apache_2.6.7.tar.gzâ

Step 3: Unpack the ModSecurity Archive

After downloading the ModSecurity package, you need to unpack the archive:

[root@centos63 src]# tar xzvf modsecurity-apache_2.6.7.tar.gz

This command extracts the contents of the ModSecurity package.

Step 4: Enter the Extracted ModSecurity Directory

Navigate to the directory where the ModSecurity package was extracted:

[root@centos63 src]# cd modsecurity-apache_2.6.7

This command changes the current directory to the ModSecurity directory.

Step 5: Run the Configure Script

Run the configure script to generate a Makefile. Typically, no options are needed:

[root@centos63 modsecurity-apache_2.6.7]# ./configure

This command runs the configure script.

Step 6: Install the ModSecurity Module

Install the ModSecurity module with the following command:

[root@centos63 modsecurity-apache_2.6.7]# make install

This command installs the ModSecurity module.

Step 7: Copy the Configuration File

Copy the configuration file to the /etc/httpd/conf.d directory:

[root@centos63 modsecurity-apache_2.6.7]# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

This command copies the recommended ModSecurity configuration file to the appropriate directory.

Step 8: Install OWASP Core Rules

ModSecurity requires the OWASP (Open Web Application Security Project) core rules for base configuration. These rules are used to protect from unknown vulnerabilities often found in web applications:

[root@centos63 ~]# cd /etc/httpd
[root@centos63 httpd]# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# tar xzvf modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# mv modsecurity-crs_2.2.5 modsecurity-crs
[root@centos63 modsecurity-crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

These commands download, extract, and set up the OWASP core rules for ModSecurity.

Step 9: Configure Apache HTTPD Config File

Next, you need to configure the Apache HTTPD config file:

[root@centos63 ~]# vi /etc/httpd/conf/httpd.conf

Search for the line “LoadModule” in your httpd.conf and make sure you load the ModSecurity module with the following line:

LoadModule security2_module modules/mod_security2.so

Then, configure ModSecurity by adding these lines at the bottom of the httpd.conf file:

<IfModule security2_module>
 Include modsecurity-crs/modsecurity_crs_10_setup.conf
 Include modsecurity-crs/base_rules/*.conf
</IfModule>

Step 10: Restart the Apache Service

Restart the Apache service to enable the mod_security module and their rules:

[root@centos63 ~]# /etc/init.d/httpd restart

This command restarts the Apache service.

[root@centos63 ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

Step 11: Verify Everything is Working Fine

Finally, verify that everything is working fine:

[root@centos63 ~]# httpd -t
Syntax OK
[root@centos63 ~]# tail -f /var/log/httpd/error_log

These commands check the syntax of your configuration files and display the last few entries of the Apache error log.

[root@centos63 ~]# tail -f /var/log/httpd/error_log
[Mon Sep 17 18:49:58 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Mon Sep 17 20:24:27 2012] [notice] caught SIGTERM, shutting down
[Mon Sep 17 20:24:28 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Mon Sep 17 20:24:28 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Sep 17 20:24:28 2012] [notice] Digest: done
[Mon Sep 17 20:24:28 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations

Commands Mentioned

• yum install – Installs a package.
• cd – Changes the current directory.
• wget – Downloads files from the internet.
• tar xzvf – Extracts a tar.gz file.
• ./configure – Configures software to ensure it can compile correctly.
• make install – Compiles and installs a program.
• cp – Copies files and directories.
• mv – Moves or renames files and directories.
• vi – Opens a text editor for file editing.
• /etc/init.d/httpd restart – Restarts the Apache service.
• httpd -t – Checks the syntax of your Apache configuration files.
• tail -f – Displays the last few entries of a file in real-time.

Conclusion

In conclusion, ModSecurity is an essential tool for enhancing the security of your Apache HTTP Server. By following the steps outlined inthis tutorial, you can successfully install ModSecurity on your CentOS 6.3 system. Remember, the process involves installing necessary dependencies, downloading and unpacking the ModSecurity package, running the configure script, installing the ModSecurity module, copying the configuration file, installing the OWASP core rules, configuring the Apache HTTPD config file, restarting the Apache service, and verifying that everything is working fine.

By implementing ModSecurity, you’re adding an extra layer of protection to your server, making it more resilient against potential threats and attacks. Whether you’re running a dedicated server, a VPS server, or part of a cloud hosting or shared hosting setup, securing your server should always be a top priority.

Remember, the digital landscape is constantly evolving, and so are the threats that come with it. Stay informed, stay updated, and most importantly, stay secure.

FAQs

1. What is ModSecurity?

   ModSecurity is an open-source web application firewall that provides filtering and other security features to the Apache HTTP Server. It allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

2. What are the OWASP core rules?

   The OWASP (Open Web Application Security Project) core rules are a set of rules used by ModSecurity to protect web applications from unknown vulnerabilities. They are used as a base configuration for ModSecurity.

3. How do I install ModSecurity?

   To install ModSecurity, you need to install dependency packages, download and unpack the ModSecurity package, run the configure script, install the ModSecurity module, copy the configuration file, install the OWASP core rules, configure the Apache HTTPD config file, restart the Apache service, and verify that everything is working fine.

4. What is the role of ModSecurity in Apache?

   ModSecurity plays a crucial role in enhancing the security of the Apache HTTP Server. It provides a web application layer firewall that allows for HTTP traffic monitoring and real-time analysis, thereby protecting the server from potential threats and attacks.

5. How do I verify that ModSecurity is working correctly?

   You can verify that ModSecurity is working correctly by checking the syntax of your Apache configuration files using the command “httpd -t”. You can also view the last few entries of the Apache error log with the command “tail -f /var/log/httpd/error_log”.