Installing Guide of MOD_DOSEVASIVE for DA server

Status
Not open for further replies.

hkivan

Verified User
Joined
Jul 2, 2004
Messages
83
Moderator's Note:

This thread has been closed, and replaced with a new thread for mod-evasive, found here.


1 . Download the file MOD_DOSEVASIVE Stable [ Version 1.8 ] first - http://www.nuclearelephant.com/projects/dosevasive/mod_dosevasive.1.8.tar.gz

2 . extract and copy the file to /usr/local/directadmin/customapache/src/modules/dosevasive/mod_dosevasive.c

3) backup your current httpd.conf file

4) Run ./configure --add-module=src/modules/dosevasive/mod_dosevasive.c

5. make, install

6 . Restart Apache

7 . edit your httpd.conf file and add

<IfModule mod_security.c>
SecFilterEngine On
SecFilterDefaultAction "deny,log,status:403"
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterForceByteRange 1 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit_log
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log
SecFilterSelective REQUEST_METHOD "!^GET$" chain
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecUploadDir /tmp
SecUploadKeepFiles Off
SecFilter "\.\./"
SecFilter /etc/password
SecFilter /etc/group
SecFilter /etc/shadow
SecFilter /bin/ls
SecFilter "delete[:space:]+from"
SecFilter "insert[:space:]+into"
SecFilter "update[:space:]+set"
SecFilter "select.+from"
SecFilterSelective OUTPUT "Fatal error:" deny,status:500
</IfModule>



Does any one has any opinion on it ? :D

It is my first time to write installing Guide , hope it can help those of you :p
 
Last edited:

resolveit

Verified User
Joined
Mar 22, 2004
Messages
764
Good work :), however I believe that you have to restart apache at the end for the changes in httpd.conf to take effect (or at least reload the config file in the DA).

Kind Regards,

Onno Vrijburg
 
Last edited:

Curtis

Verified User
Joined
Oct 17, 2004
Messages
28
I followed the installation procedure above (except the "mod_security" code) and added the following code into /etc/httpd/conf/httpd.conf
<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

AddModule mod_dosevasive.c
but when i restart httpd, it shown the error:

Syntax error on line 122 of /etc/httpd/conf/httpd.conf:
Cannot add module via name 'mod_dosevasive.c': not in list of loaded modules
Any idea to fix that? Thanks. :)
 

TheLinuxGuy

Verified User
Joined
Mar 6, 2004
Messages
26
wget -c http://www.nuclearelephant.com/projects/dosevasive/mod_dosevasive.1.9.tar.gz
tar -zxf mod_dosevasive.1.9.tar.gz
cd mod_dosevasive
/usr/local/apache/bin/apxs -iac mod_dosevasive.c
 

BigWil

Verified User
Joined
Aug 5, 2004
Messages
313
Sorry for the cross post but I think this is a much better place to keep these issues.

Any idea why the EmailNotify and DOSSystemCommand parameters will not work? I have tried everything. The DOSSystemCommand I am using runs fine at the command prompt using an IP in substitution of %s but it won't run from apache.

<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSSystemCommand '/usr/local/bin/php /usr/local/etc/blacklist.php %s'
</IfModule>

Thanks for any insight. This could be a really good addition and if I can get it to run that command it would be sweet since it will automatically add the IP of the offender to the IPF rules for any designated period of time.

BigWil
 

BigWil

Verified User
Joined
Aug 5, 2004
Messages
313
I tried that too but unfortunately it didn't work either. Tried both:

DOSSystemCommand '/usr/local/bin/php /usr/local/etc/blacklist.php %s'

DOSSystemCommand "su - root -c '/usr/local/bin/php /usr/local/etc/blacklist.php %s'"

Unless you see something in these that wouldn't work?

Could the DA Jailing techniques keep this from running from within Apache? Unfortunately I don't know what alterations the jail build makes to suexec.c but I do notice during compile that it does do something. But I am just guessing at this point.

Maybe John can enlighten us with his DA_Vine presence.

Big Wil
 

BigWil

Verified User
Joined
Aug 5, 2004
Messages
313
Not much. Just change the instances of mod_dosevasive to mod_evasive.


Big Wil
 

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
350
I think there are few missing steps for the stupid user (me) to make this work.
Please update this How-To with few changes:

1) Goto: http://www.nuclearelephant.com/projects/mod_evasive/
Download the current file:

As of December 8th, 2005:
Stable [ Version 1.10.1 ] mod_evasive for Apache v1.3 and 2.0, and NSAPI (SunONE)


cd /usr/local/directadmin/customapache/
mkdir src
cd src
mkdir modules
cd modules
wget http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

2) Once the file has downloaded, Run the following commands:

gunzip mod_evasive_1.10.1.tar.gz
then run:


tar -xvf mod_evasive_1.10.1.tar
This will create a new directory called mod_evasive and will contain the files in it.


3) backup your current httpd.conf file:
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.B4.mod_evasive
STOP!

4) Run ./configure --add-module=src/modules/dosevasive/mod_dosevasive.c


NOW WHERE ON EARTH IS THAT CONFIGURE FILE?

From where should this command be ran? from which directory?
I don't have a configure file on its own.

/usr/local/directadmin/customapache # ./configure
-bash: ./configure: No such file or directory


and then comes the rest.....


5. make, install

6 . Restart Apache

7 . edit your httpd.conf file and add
.....

Please attempt to clean up this entire post and use the current values of the version to install as well as the step-by-step I've added (well. you could modify them as needed of course).
And.. complete the missing link. I don't know how to continue the steps, I'm stuck in the meadst of this install.

-Alon.
 
Last edited:

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
350
Is there no Compile involved with the mod_evasive?
I thought there is a need to run make etc.
I'm confused.
 

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
350
@how@ said:
before mod_dosevasive
new mod_evasive
here is main site
http://www.nuclearelephant.com
sorry for still hammering this.

In the How-To you described, there is not Compile. You only add a file that acts as a module and include it in the httpd.conf.

In the begining of this thread, there is a step that has a

./configure
make
make install

which are part of a compile.

So,. I'm confused.

It the mod_evasive need a compile or is it just a httpd.conf setting and placing a file for it to pick up?

Do you not need to compile anything?

Thanks,

-Alon.
 

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
350
Great!!

I followed your instructions and they were very clear!

I'd add just a small change:

In the section of modifying your httpd.conf.


Add this to the instructions:

Code:
now add this in httpd.conf

Edit (use vi or pico)
/etc/httpd/conf/httpd.conf

Search (using / or otherwise) for

#Start DirectAdmin Settings 
(I use /DirectAdmin)

Just above that, you will see:

###</IfDefine>

I would recommend to Paste the following code just above the 

###</IfDefine>

So that it will look 'cleaner'.

##### Mod Evasive Module######
<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify [email]your-email@your-domain.tld[/email]
</IfModule>

1. The stupid me doesn't need to figure out where the httpd.conf file is. So why not add the edit location.

2. for a cleaner look for the stupid me, it helps if I know where to paste the code so that it doesn't end up inside of another module.

Other than that,.. this is great!
Now,. someone needs to delete this thread as it is confusing.

-Alon.
 
Status
Not open for further replies.
Top