LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 10-29-2012, 11:33 PM   #1
anthony01
LQ Newbie
 
Registered: Sep 2012
Posts: 21

Rep: Reputation: Disabled
How do I install ModSecurity 2.7.0?


Hi,

I can't find any documentation to install 2.7.0. I already have an earlier version (2.6.3) installed (why did aptitude send me 2.6.3 while 2.7.0 stable is already out?)

Inside the 2.7.0 folder, i get those files:

CHANGES Makefile.in README_WINDOWS.TXT apache2 build doc mlogc stamp-h1 tools
LICENSE NOTICE aclocal.m4 authors.txt configure
ext modsecurity.conf-recommended standalone unicode.mapping
Makefile.am README.TXT alp2 autogen.sh configure.ac iis nginx tests

How do I go about installing 2.7.0?

Thanks a lot in advance

Regards
 
Old 10-30-2012, 12:09 AM   #2
Rodebian
Member
 
Registered: Apr 2012
Posts: 35

Rep: Reputation: Disabled
<<Reply Removed>> I misread your post. Sorry, ignore me.

Last edited by Rodebian; 10-30-2012 at 03:42 AM.
 
Old 10-30-2012, 03:25 AM   #3
knudfl
LQ 5k Club
 
Registered: Jan 2008
Location: Copenhagen, DK
Distribution: pclos2013.07, Slack14.1 DebWheezy, +50+ other Linux OS, for test only.
Posts: 13,183

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
Quote:
why did aptitude send me 2.6.3 while 2.7.0 stable is already out ?
I guess that 2.7.0 could be used in Debian Sid in some months.
So far Fedora 19 has mod_security-2.7.0-2.fc19. Release: June 2013.

cd modsecurity-apache_2.7.0/
patch -p0 < mod_security-fix-build-with-libxml29.patch
./configure --prefix=/usr/ --enable-pcre-match-limit=1000000 \
--enable-pcre-match-limit-recursion=1000000

make
make install

patch, mod_security.conf http://dl.fedoraproject.org/pub/fedo...2.fc19.src.rpm

.

Last edited by knudfl; 10-30-2012 at 03:29 AM.
 
Old 10-30-2012, 12:31 PM   #4
anthony01
LQ Newbie
 
Registered: Sep 2012
Posts: 21

Original Poster
Rep: Reputation: Disabled
Hi
Thanks for your response.

I downloaded the missing patch (mod_security-fix-build-with-libxml29.patch) and successfully patched it.

Then I enter ./configure --prefix=/usr/ --enable-pcre-match-limit=1000000 --enable-pcre-match-limit-recursion=1000000

Then, after many lines starting with "checking", it gives me the following alert:

configure: looking for Apache module support via DSO through APXS
configure: error: couldn't find APXS


What did I do wrong?

Thanks a lot

Last edited by anthony01; 10-30-2012 at 12:39 PM.
 
Old 10-30-2012, 12:50 PM   #5
Rodebian
Member
 
Registered: Apr 2012
Posts: 35

Rep: Reputation: Disabled
What distro are you using, Debia, Ubuntu, Aptosid? IF you are using Debian you could try this (Though if you are using Debian stable I wouldn't recommend this at all.) If it is available in any of the Debian branches repo's you can try this, 2.7.0 might not be there yet. I am using Debian and this process I have only tried on Debian. All that I mention below you can do AT YOUR OWN RISK. Also DO NOT do an dist-upgrade while these newly added repos are active, even if it says updates are available. If you do then your whole system will be updated to the newest versions of the programs. This could break everything badly. Just look for your software, mod_security, then take those repos out of the sources.list if you can find it and install it.

READ WARNING BELOW BEFORE YOU DO ANYTHING!

Backup your data.

If you dont' have unstable in your sources.list(AKA SID) then,

from terminal
su
your_password

cd /etc/apt
(use what ever text editor you want in the terminal. For this example I will use nano)
nano sources.list

add deb http://ftp.debian.org/debian/ unstable main contrib non-free
deb-src http://ftp.debian.org/debian/ unstable main contrib non-free


aptitude update
aptitude search <<package_name_here>>
aptitude install <<package_name_here>>

If you already have the above repo's in your sources.list then try this,

add deb http://ftp.debian.org/debian/ experimental main to /etc/apt/sources.list

then in the terminal tpe

aptitude update
aptitude install -t experimental <<package_name_here>>

Pay attention to any warnings about conflicts. Hit no until you find a solution you like. If you don't find a solution or if you are unsure then hit q for quit.



WARNING: NOW BEFORE YOU TRY THIS. this is experimental, which means it has NOT been tested. You might end up breaking your whole system. If you are unsure on how to do this and can't afford to mess things up than DON'T DO IT. If You are using certain Debian based distro's this MIGHT work as well. IF YOU BREAK ANYTHING I DID WARN YOU.

Last edited by Rodebian; 10-30-2012 at 01:20 PM.
 
Old 10-30-2012, 01:08 PM   #6
anthony01
LQ Newbie
 
Registered: Sep 2012
Posts: 21

Original Poster
Rep: Reputation: Disabled
Hi Rodebian,

Thanks for your message and warning.
I am using Ubuntu 12.04 LTS 64 bits.

I installed the latest OWASP modsecurity set of rules and it requires 2.7.0 otherwise, apache throws an error when it starts.

Does your solution work as well with Ubuntu?

Also, since I'm a beginner in Lunix, should I wait that aptitude puts up an automated update of modsecurity, to make it easier?

Thanks a lot
 
Old 10-30-2012, 01:15 PM   #7
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,861

Rep: Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019
Quote:
Originally Posted by anthony01 View Post
Also, since I'm a beginner in Lunix, should I wait that aptitude puts up an automated update of modsecurity, to make it easier?
Ubuntu 12.04 was released April 2012 and Modsecurity 2.7 was released October 2012, so you will net get an automated update to Modsecurity 2.7 until next April's 13.04 release.
 
Old 10-30-2012, 01:17 PM   #8
Rodebian
Member
 
Registered: Apr 2012
Posts: 35

Rep: Reputation: Disabled
Quote:
Originally Posted by anthony01 View Post
Hi Rodebian,

Thanks for your message and warning.
I am using Ubuntu 12.04 LTS 64 bits.

I installed the latest OWASP modsecurity set of rules and it requires 2.7.0 otherwise, apache throws an error when it starts.

Does your solution work as well with Ubuntu?

Also, since I'm a beginner in Lunix, should I wait that aptitude puts up an automated update of modsecurity, to make it easier?

Thanks a lot
Ok in that case two things. You are a beginner so I wouldn't try the above just yet. Also since you are using Ubuntu I would NOT AT ALL try what I said above. Ubuntu has its own way even though it is based on Debian. However if you ever try Debian in the future you could do something like I mentioned above, once you are more familiar and comfortable with Linux and your distro.

I would just wait then. Ubuntu is pretty good with updating its software. It is better being safe then sorry. In the mean time you could read up on aptitude, Ubuntu, Linux, mod security, etc., while you wait for the updated version to be added to Ubuntu repo's.

Last edited by Rodebian; 10-30-2012 at 01:22 PM.
 
Old 10-30-2012, 01:23 PM   #9
anthony01
LQ Newbie
 
Registered: Sep 2012
Posts: 21

Original Poster
Rep: Reputation: Disabled
Actually, I may have found a solution at http://wiki.tkoeppen.com/display/doc...che2+in+Ubuntu

It tells me to do install apache apxs, then libxml2-dev and finally libcurl4-gnutls-dev

Would this be worth trying, without adding some unnecessary files to my server?

Thanks
 
Old 10-30-2012, 01:28 PM   #10
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,861

Rep: Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019
Quote:
Originally Posted by anthony01 View Post
Actually, I may have found a solution at http://wiki.tkoeppen.com/display/doc...che2+in+Ubuntu

It tells me to do install apache apxs, then libxml2-dev and finally libcurl4-gnutls-dev

Would this be worth trying, without adding some unnecessary files to my server?

Thanks
^--- No, I would be extremely mistrustful of this 2008 how-to from a non-Ubuntu.com source.

Can you take a step back and explain your project/goal to us? I consider myself a somewhat intermediate user but I do not understand what you are trying to do here; help me to see the bigger picture. Is there a feature you need that the stable and tested software provided by Ubuntu fails to provide?

Last edited by snowpine; 10-30-2012 at 01:31 PM.
 
Old 10-30-2012, 01:39 PM   #11
anthony01
LQ Newbie
 
Registered: Sep 2012
Posts: 21

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by snowpine View Post
^--- No, I would be extremely mistrustful of this 2008 how-to from a non-Ubuntu.com source.

Can you take a step back and explain your project/goal to us? I consider myself a somewhat intermediate user but I do not understand what you are trying to do here; help me to see the bigger picture. Is there a feature you need that the stable and tested software provided by Ubuntu fails to provide?
Hi,
I am in fact just trying to get the latest version of OWASP set of rules to work with my apache, but it throws an error when I start apache:

* Starting web server apache2
Syntax error on line 52 of /etc/modsecurity/base_rules/modsecurity_crs_20_protocol_violations.conf:
Error parsing actions: Unknown action: ver
Action 'start' failed.


The reason for that is that it needs modsecurity 2.7.0 to work, but the one I have is a slightly older version.

I am not trying to do anything sophisticated, all I want is to have the latest version of OWASP set of rules, for maximum security.
Also, since 2.7.0 Stable was just released, I thought it would be good to install it.

Last edited by anthony01; 10-30-2012 at 01:43 PM.
 
Old 10-30-2012, 01:46 PM   #12
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,861

Rep: Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019Reputation: 1019
I'm sorry, I don't know what the OWASP set of rules are. I did not realize they were necessary for maximum security in Ubuntu. There are some Ubuntu security tips here, if you get stuck: http://ubuntuforums.org/showthread.php?t=510812

Generally speaking, Ubuntu's security policy is to fix bugs in existing/provided software, rather than to provide new versions that might change functionality. More details here (written for Red Hat but applies equally to Ubuntu): https://access.redhat.com/security/updates/backporting/

In other words they will not provide Modsecurity 2.7 as a mid-life update for a previously-released version, because this would require admins to test their code against the new module, as opposed to security-patching 2.6.3, which is a safe upgrade.

Good luck!

Last edited by snowpine; 10-30-2012 at 01:51 PM.
 
Old 06-04-2013, 02:56 AM   #13
saeedi
LQ Newbie
 
Registered: Jun 2013
Posts: 2

Rep: Reputation: Disabled
Thumbs up

You can find your answer at : http://www.root25.com/2012/11/how-to...-tutorial.html
This website will show you
1. How to install mod security on Ubuntu (Step by Step with pictures)
2. How to setup OWAPS rules set on it.
3. How to access and check the log.
4. There is another article in the same site about how to implement "Reverse Proxy + Mod Security"
5. There is another article in the same site about how to visualize the log output into charts...
 
Old 07-30-2013, 08:19 PM   #14
Stu2
LQ Newbie
 
Registered: Jul 2013
Posts: 2

Rep: Reputation: Disabled
Ubuntu 12.04 uses mod-security 2.6.3

The excellent tutorial at:

http://www.root25.com/2012/11/how-to...-tutorial.html

doesn't work any more because the mod-security core rules are newer. You either ned to compile the newer version of modsecurity or get the older core rules. Use this tutorial to use the older rules:

http://notepad2.blogspot.com/2012/11...s-install.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A problem with modsecurity and mediawiki, please help! ServerNoob Linux - Server 3 04-11-2011 09:31 PM
how to print ModSecurity variables ddaas Linux - Security 2 09-03-2007 11:43 AM
ModSecurity + ajax shafey Linux - Server 0 05-29-2007 03:19 PM
ModSecurity 2 issue JediKnight2 Linux - Server 1 03-10-2007 09:11 AM
ModSecurity SecFilterRemove gabsik Linux - Security 2 12-28-2006 01:03 AM


All times are GMT -5. The time now is 10:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration