How to install latest mod-security on debian lenny (probably applicable to other debian based distributions), there are .debs available but they are out of date so you need to install it manually.
In my opinion no apache server should be without mod-security, it helps filter out a lot of potential security holes in software to help protect your webserver, this has saved me a number of times when running beta/old code like vhcs/ispcp or code like phpbb/wordpress/other popular web software.
More info on modsecurity here: http://www.modsecurity.org/
<cli>
apt-get install libxml2-dev liblua5.1-0 lua5.1 apache2-dev build-essential
</cli>
<cli>
cd /tmp
wget http://www.modsecurity.org/download/modsecurity-apache_2.5.7.tar.gz
</cli>
<cli>
tar zxvf modsecurity-apache_2.5.7.tar.gz
</cli>
<cli>
cd modsecurity-apache_2.5.7/apache2/
</cli>
<cli>
./configure && make && make install
</cli>
If all is well mod-security should now be in /usr/lib/apache2/modules/ and called mod_security2.so
<cli> vi /etc/apache2/mods-available/mod-security2.load </cli> and add the following lines:
<cli> LoadFile /usr/lib/libxml2.so LoadFile /usr/lib/liblua5.1.so.0 LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so </cli>
and save it (ESC :wq)
<cli>
a2enmod mod-security2
a2enmod unique_id
</cli>
<cli> vi /etc/apache2/conf.d/mod-security2.conf </cli> and add the following line:
<cli>
Include /etc/modsecurity2/*.conf
</cli>
and save it (ESC :wq)
<cli>
mkdir /etc/modsecurity2
mkdir /etc/modsecurity2/logs
touch /etc/modsecurity2/logs/modsec_audit.log
touch /etc/modsecurity2/logs/modsec_debug.log
</cli>
more info on the core rules can be found on <cli> http://www.modsecurity.org/projects/rules/index.html </cli>
<cli>
cp /tmp/modsecurity-apache_2.5.7/rules/*.conf /etc/modsecurity2
</cli>
<cli>
vi /etc/modsecurity2/modsecurity_crs_10_config.conf
</cli>
Find
<cli>
SecDebugLog logs/modsec_debug.log
</cli>
Replace with
<cli>
SecDebugLog /etc/modsecurity2/logs/modsec_debug.log
</cli>
Find
<cli>
SecAuditLog logs/modsec_audit.log
</cli>
Replace with
<cli>
SecAuditLog /etc/modsecurity2/logs/modsec_audit.log
</cli>
and save it (ESC :wq)
</cli>
<cli>
apache2ctl configtest
</cli>
(should return Syntax OK)
<cli>
/etc/init.d/apache2 restart
</cli>
<cli>
cat /var/log/apache2/error.log | grep ModSecurity
[Thu Mar 27 14:56:58 2008] [notice] ModSecurity for Apache/2.5.4 (http://www.modsecurity.org/) configured. </cli> Done!
More info on mod-security http://www.modsecurity.org/
These instructions were taken from http://www.debianitalia.org/modules/wfse...icleid=161 and updated/fixed as needed.
Copyright by hxbro — ZooL. 2008/04/19 15:23