Friday, May 11, 2012

Ubuntu server Apache Current Mod Security


Introduction

This is designed to be a quick and easy installation for mod-security on Ubuntu 10.04 Server running LAMP.

For some strange reason none of the existing guides work quite right, and it just causes a boatload of problems due to the addition of .data files.

Prerequisites

- Ubuntu 10.04 LTS Server (This will likely work on other versions)

- LAMP stack (with Apache 2.2.x)

- subversion, automake, libtool, build-essential, apache2-threaded-dev, libxml2-dev, libcurl4-dev, libreadline5-dev, lua5.1, luarocks

- About 20 minutes

Satisfy Dependencies

sudo apt-get install subversion automake libtool build-essential apache2-threaded-dev libxml2-dev libcurl4-dev libreadline5-dev lua5.1 luarocks

Installing Mod-Security

This method involves downloading the latest version using subversion, however you can get a static download : here
*note : make sure you extract these files or the rest of the procedure probably won’t make sense

Step 1 : Downloading Mod Security (if you used the static download link above you don’t have to do this)

run the following
sudo svn co https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/trunk modsecurity

Step 2 : Building Mod Security

Now that the most current source is downloaded we must compile and make mod-security.
run the following…
1cd modsecurity
2./autogen.sh
3./configure
4sudo make
5sudo make install

Step 3 : Enabling Mod Security

Edit httpd.conf and add the following lines
1LoadFile /usr/lib/libxml2.so
2LoadFile /usr/lib/liblua5.1.so
3LoadModule security2_module modules/mod_security2.so

Step 4 : Verify Apache2 Starts Without Error

1sudo /etc/init.d/apache2 restart

Installing Core Rules Set

Step 1 : Download Current Mod Security CRS

Static Link : Current Mod Security Core Rule Set

*note : again make sure you extract the files. OR using svn we will do the following

1sudo mkdir /etc/apache2/conf/modsecurity
2cd /etc/apache2/conf.d/modsecurity
3sudo svn co https://mod-security.svn.sourceforge.net/svnroot/mod-security/crs/trunk crs

Step 2 : Configure rules

Configure your rules any way you need to for your web applications, however at very least you need to do the following.
1sudo cp mod_security_crs_10_config.conf.example mod_security_crs_10_config.conf
Then cleanup
1sudo rm README CHANGELOG INSTALL LICENSE

Step 3 : Enable Mod Security

Add the following lines to httpd.conf
1<IfModule security2_module>
2        Include conf/modsecurity/crs/*.conf
3        Include conf/modsecurity/crs/base_rules/*.conf
4    Include conf/modsecurity/crs/activated_rules/*.conf
5</IfModule>

Step 4: Verify Apache restarts

1sudo /etc/init.d/apache2 restart

It should : Enjoy mod security!
Posted by at 6:06 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)