LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 03-13-2007, 06:31 AM   #1
sachin1361
Member
 
Registered: Feb 2007
Posts: 126

Rep: Reputation: 15
apache mod_security module


Pl check it.

Today morning I decided to check about apache secuity. In one of the article I read abt mod_security module. I could locate much docs abt its installation part. After 3-4 hrs of studying , I made these configuration. I want you to check these confs and let me knw where I am lacking/missing and if these confs are OK.

These are the only changes which are made and nothing else.

1.Downloaded the modsecurity-apache_2.1.0.tar.gz from http://www.modsecurity.org web site.

2) copy the modsecurity.conf-minimal file (after extracting .tar.gz file) to /etc/httpd/conf/modsecurity directory.

3)vi /etc/httpd/conf/httpd.conf
enter the following line:

# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf (default)
Include conf/modsecurity/*.conf


4)restart the httpd service and OK


Doubts ???

1)when i copy the file (in step 2 moddsecurity.conf-minimal)and if i renames it to moddsecurity.conf, httpd service display error as:

[root@fruits rules]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: Syntax error on line 3 of /etc/httpd/conf/modsecurity/modsecurity.conf:
Invalid command 'SecRuleEngine', perhaps mis-spelled or defined by a module notincluded in the server configuration
[FAILED]



2)Other thing I want to know , is this modsecurity module is working and should i go for it

This is the first time n day when i m configuring this..any kind of help will be a lot for me
 
Old 03-16-2007, 02:57 PM   #2
Jaqui
Member
 
Registered: Jan 2006
Location: Vancouver BC
Distribution: LFS, SLak, Gentoo, Debian
Posts: 291

Rep: Reputation: 36
put the minimal back in the end, unless the installation instructions said to change the name.
 
Old 03-17-2007, 04:51 PM   #3
md5
LQ Newbie
 
Registered: Jan 2007
Posts: 27

Rep: Reputation: 15
Sounds like you never added...
Code:
LoadModule security2_module modules/mod_security2.so
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[apache] Chroot or mod_security? JockVSJock Linux - Security 1 11-26-2006 03:49 AM
LXer: Secure Your Apache With mod_security LXer Syndicated Linux News 0 07-13-2006 08:33 AM
mod_security for apache zsoltrenyi Linux - Security 0 02-08-2005 06:36 AM
mod_security ridertech Linux - Security 1 09-01-2004 05:16 PM
Apache mod_security logging everything? ridertech Linux - Security 2 08-13-2004 01:10 PM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 07:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration