How to Install Mod_Security to Apache HTTP Server on CentOS 6.3

Share this Article :

ModSecurity is an open source web application firewall and intrusion detection and prevention system that provide filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

1. Install some dependency packages for mod_security :

[[email protected] ~]# yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel -y

Compile the modsecurity source code and module to install mod_security in your httpd.conf file. Run the followings commands as root :

[[email protected] ~]# cd /usr/src/

2. Download mod_security :

[[email protected] src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz

Examples :

[[email protected] src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
--2012-09-17 16:06:20--  http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
Resolving www.modsecurity.org... 204.13.200.240
Connecting to www.modsecurity.org|204.13.200.240|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:21--  http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:22--  http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz [following]
--2012-09-17 16:06:23--  http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz
Resolving cdnetworks-kr-1.dl.sourceforge.net... 211.39.135.162
Connecting to cdnetworks-kr-1.dl.sourceforge.net|211.39.135.162|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 785852 (767K) [application/x-gzip]
Saving to: âmodsecurity-apache_2.6.7.tar.gzâ

100%[==========================================================>] 785,852     88.6K/s   in 8.7s

2012-09-17 16:06:32 (88.1 KB/s) - âmodsecurity-apache_2.6.7.tar.gzâ

3. Unpack the ModSecurity archive :

[[email protected] src]# tar xzvf modsecurity-apache_2.6.7.tar.gz

4. Enter the extracted mod_security’s directory :

[[email protected] src]# cd modsecurity-apache_2.6.7

5. Run the configure script to generate a Makefile. Typically no options are needed.

[[email protected] modsecurity-apache_2.6.7]# ./configure

6. Install the ModSecurity module with :

[[email protected] modsecurity-apache_2.6.7]# make install

7. Copy the The configuration file to /etc/httpd/conf.d directory :

[[email protected] modsecurity-apache_2.6.7]# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

8. Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration. It’s used to protect from unknown vulnerabilities which often found on web applications :

[[email protected] ~]# cd /etc/httpd
[[email protected] httpd]# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
[[email protected] httpd]# tar xzvf modsecurity-crs_2.2.5.tar.gz
[[email protected] httpd]# mv modsecurity-crs_2.2.5 modsecurity-crs
[[email protected] modsecurity-crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

9. Configure Apache httpd config file :

[[email protected] ~]# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and make sure you load the ModSecurity module with the following line :

..
..
LoadModule security2_module modules/mod_security2.so
..
..

Configure ModSecurity. Add these line at the bottom of http.conf file :

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_setup.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

10. Restart the Apache service to enable mod_security module and their rules :

[[email protected] ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

11. Verify everything working fine :

[[email protected] ~]# httpd -t
Syntax OK
[[email protected] ~]# tail -f /var/log/httpd/error_log
[Mon Sep 17 18:49:58 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Mon Sep 17 20:24:27 2012] [notice] caught SIGTERM, shutting down
[Mon Sep 17 20:24:28 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Mon Sep 17 20:24:28 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Sep 17 20:24:28 2012] [notice] Digest: done
[Mon Sep 17 20:24:28 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations

Leave a Reply