how can I install mod security?

Mr.S4m4N

New member
Joined
Aug 3, 2009
Messages
4
hello,
how ican install mod_security in directadmin ?
please help me.
thanks....
 
This does not look like a How-To Guide to me. Please do not post in the wrong sub forum.
 
This worked for me on centos 5.2 using info elsewhere on the DA forums and modsecurity site


For info see http://www.modsecurity.org/document...che/2.1.4/html-multipage/02-installation.html


download latest files from http://www.modsecurity.org/download/index.html

wget http://www.modsecurity.org/download/modsecurity-apache_2.5.9.tar.gz

tar xzvf modsecurity-apache_2.5.9.tar.gz

cd modsecurity-apache_2.5.9/apache2

./configure
make
make test
make install

mkdir -p /etc/modsecurity2/base_rules/
cd /etc/modsecurity2/base_rules/
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz

vi /etc/httpd/conf/httpd.conf

after load php module, add...

#mod_sec
LoadModule security2_module /usr/lib/apache/mod_security2.so

and at end of file...

<IfModule mod_security2.c>
# ModSecurity2 config file.
#
Include /etc/modsecurity2/base_rules/*conf
</IfModule>

then compile into apache with custombuild


cd /usr/local/directadmin/custombuild

mkdir -p custom/ap2

cp configure/ap2/configure.apache custom/ap2/configure.apache

vi custom/ap2/configure.apache

and add...

"--with-mod_security2"

then...

./build clean 

./build apache
 
Include /etc/modsecurity2/base_rules/*conf

shall i create the conf dir and put all the rules files inside it

or what ?!
 
it worked ;-)

thanks jonathanc
what you stated worked flawlessly for me.

I been spending the day trying to install this and every tutorial i found didnt work for me i always got it installed but got errors when i restarted apache.
(Apache not being able to run or access some files I had to state in httpd.conf)

I been getting multible doS attacks, and this is the only steps that worked for me, I have directadmin, and centOS.
 
This worked for me on centos 5.2 using info elsewhere on the DA forums and modsecurity site


For info see http://www.modsecurity.org/document...che/2.1.4/html-multipage/02-installation.html


download latest files from http://www.modsecurity.org/download/index.html

wget http://www.modsecurity.org/download/modsecurity-apache_2.5.9.tar.gz

tar xzvf modsecurity-apache_2.5.9.tar.gz

cd modsecurity-apache_2.5.9/apache2

./configure
make
make test
make install

mkdir -p /etc/modsecurity2/base_rules/
cd /etc/modsecurity2/base_rules/
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz

vi /etc/httpd/conf/httpd.conf

after load php module, add...

#mod_sec
LoadModule security2_module /usr/lib/apache/mod_security2.so

and at end of file...

<IfModule mod_security2.c>
# ModSecurity2 config file.
#
Include /etc/modsecurity2/base_rules/*conf
</IfModule>

then compile into apache with custombuild


cd /usr/local/directadmin/custombuild

mkdir -p custom/ap2

cp configure/ap2/configure.apache custom/ap2/configure.apache

vi custom/ap2/configure.apache

and add...

"--with-mod_security2"

then...

./build clean 

./build apache


This worked for me this morning. CentOS 5.5 Linode VM.
 
Few things missing:

1)
mkdir -p /etc/modsecurity2/base_rules/
cd /etc/modsecurity2/base_rules/
wget http://www.modsecurity.org/download/...5-1.6.1.tar.gz

Remember to untar it - in base_rule directory there should be *.conf files. Latest core files are located at http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/

2) in file /usr/local/directadmin/custombuild
/custom/ap2/configure.apache remember about trailing backslash - syntax shoul be:

Code:
[...]
"--enable-proxy" \
"--enable-expires" \
"--with-ssl=/usr" \
"--enable-headers" \
"--with-mod_security2"


3) customize log path in config - change
Code:
SecAuditLog logs/modsec_audit.log
into
Code:
SecAuditLog /var/log/modsec_audit.log
and

Code:
SecDebugLog             logs/modsec_debug.log
to
Code:
SecDebugLog             /var/log/modsec_debug.log
or whatever suits you
 
After installing I get
httpd: Syntax error on line 176 of /etc/httpd/conf/httpd.conf: Syntax error on line 133 of /root/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_40_generic_attacks.data: /root/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_40_generic_attacks.data:170: <input> was not closed.\n/root/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_40_generic_attacks.data:133: <![cdata[> was not closed.
 
This worked for me on centos 5.2 using info elsewhere on the DA forums and modsecurity site


For info see http://www.modsecurity.org/document...che/2.1.4/html-multipage/02-installation.html


download latest files from http://www.modsecurity.org/download/index.html

wget http://www.modsecurity.org/download/modsecurity-apache_2.5.9.tar.gz

tar xzvf modsecurity-apache_2.5.9.tar.gz

cd modsecurity-apache_2.5.9/apache2

./configure
make
make test
make install

mkdir -p /etc/modsecurity2/base_rules/
cd /etc/modsecurity2/base_rules/
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz

vi /etc/httpd/conf/httpd.conf

after load php module, add...

#mod_sec
LoadModule security2_module /usr/lib/apache/mod_security2.so

and at end of file...

<IfModule mod_security2.c>
# ModSecurity2 config file.
#
Include /etc/modsecurity2/base_rules/*conf
</IfModule>

then compile into apache with custombuild


cd /usr/local/directadmin/custombuild

mkdir -p custom/ap2

cp configure/ap2/configure.apache custom/ap2/configure.apache

vi custom/ap2/configure.apache

and add...

"--with-mod_security2"

then...

./build clean 

./build apache

For Debian users that might be interested in installing mod_security: Following this guide worked for me on Debian 5 64-bit. I normally install mod_security a little bit different on Ubuntu however this worked fine.

I had to move the logs to /var/log though in order for it to work, but that's pretty much it.

Anyways. I need to do some LocationMatch to remove the security rules for a couple of files. Where do i go about adding these? In httpd.conf?

I want to add:
<LocationMatch "(/path/to/script.php)">
SecRuleRemoveById xxxxxx
</LocationMatch>
 
Noooooooooooo! :D

Add them to /etc/httpd/conf/security/modsecurity_crs_48_local_exceptions.conf
or to the custom vhost if it only applies to a domain

Thanks! Created that config file in /etc/modsecurity2/base_rules and it seems to work.
 
hi
i installed the mod_security in DA . how I can know that mod_security successfully installed ?
i dont see mod_security in the DA plugins . where i can see it ?
tnx
 
i see th e phpinfo va command part .
which keyword i search that find mod_security in it ?
tnx
 
i dont find it .
what is the module name that loaded in apache ?
i need thats module name
another question
where is the mod_Security log files ?
tnx
 
I manually added it to /etc/httpd/conf/httpd-includes.conf with
Code:
LoadFile /usr/local/lib/libxml2.so
LoadModule security2_module     /usr/lib/apache/mod_security2.so
<IfModule mod_security2.c>
Include /etc/modsecurity2/*.conf
</IfModule>
Then put the rules in /etc/modsecurity2/

If you can't see it in phpinfo (see attached), its not loaded.
 

Attachments

  • mod_sec.jpg
    mod_sec.jpg
    76.8 KB · Views: 355
Back
Top