As subject says, I installed mod_security on webserver, carefully following installation instructions on mod_sec website.
It is loaded but seems not to do anything.
The rules are located under conf/extra/sec_rules/
httpd.conf has the relevant lines in this order:
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
Include conf/extra/sec_rules/*.conf
Checking:
Code:
#lsof |grep mod_security
httpd 21298 root mem REG 8,6 1074471 217257 /nih/httpd-2.2.17/modules/mod_security2.so
httpd 21305 daemon mem REG 8,6 1074471 217257 /nih/httpd-2.2.17/modules/mod_security2.so
httpd 21306 daemon mem REG 8,6 1074471 217257 /nih/httpd-2.2.17/modules/mod_security2.so
httpd 21307 daemon mem REG 8,6 1074471
# /etc/init.d/apachectl -t -D DUMP_MODULES | grep security
Syntax OK
security2_module (shared)
phpinfo gives:
Code:
Loaded Modules core mod_authn_file mod_authn_default mod_authz_host mod_authz_groupfile mod_authz_user mod_authz_default mod_auth_basic mod_include mod_filter mod_log_config mod_env mod_setenvif mod_version mod_ssl prefork http_core mod_mime mod_status mod_asis mod_cgi mod_negotiation mod_dir mod_actions mod_userdir mod_alias mod_rewrite mod_so mod_php5 mod_security2 mod_unique_id
Checking log:
Code:
[Wed May 11 11:19:56 2011] [notice] ModSecurity for Apache/2.5.13 (http://www.modsecurity.org/) configured.
So the modules are loaded, the rules are in place.
Now testing as suggested here:
http://www.howtoforge.com/installing...rity-on-sles10
Contents of both /etc/motd and /etc/passwd are displayed in browser.
There is nothing in logs/audit_log, there is no file logs/modsec_debug_log
(Config settings:
SecFilterDebugLevel 5
SecFilterDebugLog logs/modsec_debug_log
SecAuditEngine On #RelevantOnly
SecAuditLog logs/audit_log
Apache do write to logs/access.log & logs/error.log but no error message concerning mod_security.)
Server spec: OpenSuse 11.3 apache 2.2.17 mod_security 2.5.13
Apache, pcre & mod_security are all compiled manually.
Attaching httpd.conf & modsec.conf