How to Install Mod_Security to Apache HTTP Server on CentOS 6.3

ModSecurity is an open source web application firewall and intrusion detection and prevention system that provide filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

1. Install some dependency packages for mod_security :

[root@centos63 ~]# yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel -y

Compile the modsecurity source code and module to install mod_security in your httpd.conf file. Run the followings commands as root :

[root@centos63 ~]# cd /usr/src/

2. Download mod_security :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz

Examples :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
--2012-09-17 16:06:20--  http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
Resolving www.modsecurity.org... 204.13.200.240
Connecting to www.modsecurity.org|204.13.200.240|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:21--  http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:22--  http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz [following]
--2012-09-17 16:06:23--  http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz
Resolving cdnetworks-kr-1.dl.sourceforge.net... 211.39.135.162
Connecting to cdnetworks-kr-1.dl.sourceforge.net|211.39.135.162|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 785852 (767K) [application/x-gzip]
Saving to: âmodsecurity-apache_2.6.7.tar.gzâ

100%[==========================================================>] 785,852     88.6K/s   in 8.7s

2012-09-17 16:06:32 (88.1 KB/s) - âmodsecurity-apache_2.6.7.tar.gzâ

3. Unpack the ModSecurity archive :

[root@centos63 src]# tar xzvf modsecurity-apache_2.6.7.tar.gz

4. Enter the extracted mod_security’s directory :

[root@centos63 src]# cd modsecurity-apache_2.6.7

5. Run the configure script to generate a Makefile. Typically no options are needed.

[root@centos63 modsecurity-apache_2.6.7]# ./configure

6. Install the ModSecurity module with :

[root@centos63 modsecurity-apache_2.6.7]# make install

7. Copy the The configuration file to /etc/httpd/conf.d directory :

[root@centos63 modsecurity-apache_2.6.7]# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

8. Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration. It’s used to protect from unknown vulnerabilities which often found on web applications :

[root@centos63 ~]# cd /etc/httpd
[root@centos63 httpd]# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# tar xzvf modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# mv modsecurity-crs_2.2.5 modsecurity-crs
[root@centos63 modsecurity-crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

9. Configure Apache httpd config file :

[root@centos63 ~]# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and make sure you load the ModSecurity module with the following line :

..
..
LoadModule security2_module modules/mod_security2.so
..
..

Configure ModSecurity. Add these line at the bottom of http.conf file :

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_setup.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

10. Restart the Apache service to enable mod_security module and their rules :

[root@centos63 ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

11. Verify everything working fine :

[root@centos63 ~]# httpd -t
Syntax OK
[root@centos63 ~]# tail -f /var/log/httpd/error_log
[Mon Sep 17 18:49:58 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Mon Sep 17 20:24:27 2012] [notice] caught SIGTERM, shutting down
[Mon Sep 17 20:24:28 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Mon Sep 17 20:24:28 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Sep 17 20:24:28 2012] [notice] Digest: done
[Mon Sep 17 20:24:28 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations

Leave a Reply

Your email address will not be published. Required fields are marked *