Table of Contents

HowTo install mod-security2 on Debian

How to install latest mod-security on debian lenny (probably applicable to other debian based distributions), there are .debs available but they are out of date so you need to install it manually.

In my opinion no apache server should be without mod-security, it helps filter out a lot of potential security holes in software to help protect your webserver, this has saved me a number of times when running beta/old code like vhcs/ispcp or code like phpbb/wordpress/other popular web software.

More info on modsecurity here: http://www.modsecurity.org/

1. Install required packages

<cli> apt-get install libxml2-dev liblua5.1-0 lua5.1 apache2-dev build-essential </cli>

2. Fetch the latest mod-security (2.5.7 from 30.09.2008)

<cli> cd /tmp wget http://www.modsecurity.org/download/modsecurity-apache_2.5.7.tar.gz </cli>

3. Extract mod-security

<cli> tar zxvf modsecurity-apache_2.5.7.tar.gz </cli>

4. Enter mod-security directory

<cli> cd modsecurity-apache_2.5.7/apache2/ </cli>

5. Build mod-security

<cli> ./configure && make && make install </cli> If all is well mod-security should now be in /usr/lib/apache2/modules/ and called mod_security2.so

6. Create the mod-security load file for apache to load it

<cli> vi /etc/apache2/mods-available/mod-security2.load </cli> and add the following lines:

<cli> LoadFile /usr/lib/libxml2.so LoadFile /usr/lib/liblua5.1.so.0 LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so </cli>

and save it (ESC :wq)

7. Enable the module to load with apache (unique_id is required for mod-security, it should come standard with apache)

<cli> a2enmod mod-security2 a2enmod unique_id </cli>

8. Tell apache where to load the mod-security config

<cli> vi /etc/apache2/conf.d/mod-security2.conf </cli> and add the following line:

<cli> Include /etc/modsecurity2/*.conf </cli> and save it (ESC :wq)

9. Create the mod-security directories and logs

<cli> mkdir /etc/modsecurity2 mkdir /etc/modsecurity2/logs touch /etc/modsecurity2/logs/modsec_audit.log touch /etc/modsecurity2/logs/modsec_debug.log </cli>

10. Copy the core rules into the mod-security dirs

more info on the core rules can be found on <cli> http://www.modsecurity.org/projects/rules/index.html </cli>

<cli> cp /tmp/modsecurity-apache_2.5.7/rules/*.conf /etc/modsecurity2 </cli>

11. Update the rules so the log locations are correct

<cli> vi /etc/modsecurity2/modsecurity_crs_10_config.conf </cli> Find <cli> SecDebugLog logs/modsec_debug.log </cli> Replace with <cli> SecDebugLog /etc/modsecurity2/logs/modsec_debug.log </cli> Find <cli> SecAuditLog logs/modsec_audit.log </cli> Replace with <cli> SecAuditLog /etc/modsecurity2/logs/modsec_audit.log </cli> and save it (ESC :wq) </cli>

12. Check apache config is ok

<cli> apache2ctl configtest </cli> (should return Syntax OK)

13. Restart apache

<cli> /etc/init.d/apache2 restart </cli>

14. Check mod-security2 is running

<cli>

cat /var/log/apache2/error.log | grep ModSecurity

[Thu Mar 27 14:56:58 2008] [notice] ModSecurity for Apache/2.5.4 (http://www.modsecurity.org/) configured. </cli> Done!

More info on mod-security http://www.modsecurity.org/

These instructions were taken from http://www.debianitalia.org/modules/wfse...icleid=161 and updated/fixed as needed.

Copyright by hxbro — ZooL. 2008/04/19 15:23