Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Just installed mod_security in a RedHat 5.5. As this system doesn't have internet connection, I had to download mod_security and install it by configure, make and make install.
At first attempt, the configure failed due to the version of libxml2 (it needs 2.6.29 but RedHat 5 has 2.6.26). Due to this, I had to download an older version of mod_security, 2.6.x (2.7.x requires libxml2 2.6.29), and successfully ran the configure, make and make install.
You have to download the config files separately. I think this changed some year(s) ago, I do believe when I started with modsec everything came in one package - but not really sure though.
Anyway, you need to download the ruleset, here's a link: https://github.com/SpiderLabs/owasp-modsecurity-crs
Pick the rules you want, base-rules at least.
Here's what I did on CentOS 5.10 This is a general guide and not a recipe
Code:
wget https://codeload.github.com/SpiderLabs/owasp-modsecurity-crs/legacy.tar.gz/master
move master modsecurity-crs_2.2.5.tar.gz
mv master modsecurity-crs_2.2.5.tar.gz
tar ztf modsecurity
tar ztf modsecurity-crs_2.2.5.tar.gz
tar zxf modsecurity-crs_2.2.5.tar.gz
mv SpiderLabs-owasp-modsecurity-crs-4ed6347/ modsecurity-crs
rm modsecurity-crs_2.2.5.tar.gz
cd modsecurity-crs
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf
...
for f in `ls base_rules/` ; do sudo ln -s /etc/httpd/modsecurity-crs/base_rules/$f /etc/httpd/modsecurity.d/acttivated_rules/$f ; done
for f in `ls base_rules/` ; do sudo ln -s /etc/httpd/modsecurity-crs/base_rules/$f /etc/httpd/modsecurity.d/activated_rules/$f ; done
for f in `ls /etc/httpd/modsecurity-crs/base_rules/base_rules/` ; do echo $f; dohe
for f in `ls /etc/httpd/modsecurity-crs/base_rules/base_rules/` ; do echo $f; done
for f in `ls /etc/httpd/modsecurity-crs/base_rules/` ; do echo $f; done
I'm facing a problem right now. After installation, when I try to run Apache I'm getting the following error
Code:
Starting httpd: Syntax error on line 52 of /etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_20_protocol_violations.conf:
Error parsing actions: Unknown action: ver
edit: never mind, it turned out to be that the recent version of the OWASP rules needs at least version 2.7 of ModSecurity. Got the version 2.2.5 of the rules and the problem is gone.
glad to see its working for you.
about ~2yrs ago i did some build docs for a customer, part of it was the modesec2 install & config for apache
attached is pic of that, just as a reference for others, etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
