Securing apache

[wojo00]

Hello all,

I'm trying to secure my server a bit more.

As I'm just a linux newb I thought it would be smart to first confirm on any changes I make to the system to prevent issues with directadmin and the current server setup.

Yesterday I have done the yum update and custombuild update to get my server updated and now I'm willing to do some security enhancements.

I have found this page on google:

http://www.mysql-apache-php.com/basic-linux-security.htm

I'm now half way the page at the: "Install Mod_Security"

They make a comment about Cpanel but obviously I'm using directdmin so wanted to confirm I can do all these steps to secure my server without messing other things up.

Could anyone tell me if these security steps are advised and if the rest of the steps are worth doing as well (Install Mod_Evasive, Install RkHunter, Install PortsEntry, etc.)?

Will this give any issues or can I just follow this guide and complete these security steps?

Any help would be very much appreciated!

 

[ajo]

Hi,

You can Install mod_security using the steps mentioned below.
--------------------------------------------------------------------------------------------
[root@server]#wget http://nchc.dl.sourceforge.net/proj...pache/2.5.12/modsecurity-apache_2.5.12.tar.gz

[root@server]#tar -xzvf modsecurity-apache_2.5.12.tar.gz

[root@server]#cd modsecurity-apache_2.5.12.tar.gz

[root@server]#cd apache2

[root@server]#./configure --with-apxs=/usr/sbin/apxs

[root@server]#make

[root@server]#make test

[root@server]#make mlogc

[root@server]#make install
--------------------------------------------------------------------------------------------

The installation of Mod_Security is completed. Now you have to configure it inorder to work fine.

Edit the apache configuration file using the command.

vi /etc/httpd/conf/httpd.conf

and insert the following Code: <just after :: Include /etc/httpd/conf/extra/httpd-phpmodules.conf>
----------------------------------------------------------------------------------------
LoadFile /usr/lib/libxml2.so.2
LoadModule security2_module /usr/lib/apache/mod_security2.so
<IfModule mod_security2.c>
Include conf/modsec/*.conf
</IfModule>
----------------------------------------------------------------------------------------

then type the following commands:

------------------------------------------------------
[root@server]#mkdir /etc/httpd/conf/modsec
[root@server]#cd /etc/httpd/conf/modsec
------------------------------------------------------
Now you need to download the mod_sec rule set.... type the following commands:

[root@server]#wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
[root@server]#tar zxvf modsecurity-core-rules_2.5-1.6.1.tar.gz
[root@server]#/etc/init.d/httpd restart

<Normally you will get error and apache wont work, since the path for the logs has not been specified or it does not exist Modify these lines in the /etc/httpd/conf/modsec/modsecurity_crs_10_config.conf>


logs/modsec_debug.log >> replace this with /var/log/modsec_debug.log
logs/modsec_audit.log >> replace this with /var/log/modsec_audit.log

Create the files also using the following commands.

----------------------
[root@server]#touch /var/log/modsec_audit.log
[root@server]#touch /var/log/modsec_debug.log
---------------------------------

Please let us know if you have any queries regarding this.

 

[stars]

To make post above complete and up to date (for centos):
- install libxml2

yum install libxml2

- if You are running 64bit os change

LoadFile /usr/lib/libxml2.so.2

into

LoadFile /usr/lib64/libxml2.so.2

- above wont work because include path is /etc/httpd/conf/modsec/*.conf and all core rules are in /etc/httpd/conf/modsec/modsecurity-crs_2.x.x/*.conf So move rules (.conf files) that You want to use from that folder directly to /etc/httpd/conf/modsec/ especially modsec config file modsecurity_crs_10_config.conf