Protecting you web with ModSecurity On Centos

So it you worry about you webb then modsecurity is rely nice to have on your webbserver. I have it installed on my apache server with the regular rules from OWAS and also some rules for my own sites.
But here is also how to install it.

 

1. Download and build modsec on your server

Add some packages

yum install gcc make
yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

Go to http://www.modsecurity.org/ and get the latest packages

wget https://www.modsecurity.org/tarball/2.7.7/modsecurity-apache_2.7.7.tar.gz
tar zxvf modsecurity-apache_2.7.7.tar.gz
cd modsecurity-apache_2.7.7

And build it and copy config

./configure
make install
cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
cp /tmp/modsecurity-apache_2.7.7/unicode.mapping /etc/httpd/conf.d

Add the to the top of the file /etc/httpd/conf.d/modsecurity.conf

LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
<IfModule security2_module>

And change

SecRuleEngine On

Also at the buttom of the file close the module

</IfModule>

Ok now we should have a working modsecurity up and running. But we dont have any rules yet.

2. Adding rules

Go to https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

Download the rule and untar the file
Copy the content of the folder into /etc/httpd/modsec

wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
tar zxvf master
mv SpiderLabs-owasp-modsecurity-crs-7528b8b/ /etc/httpd/modsec
mv /etc/httpd/modsec/modsecurity_crs_10_setup.conf.example /etc/httpd/modsec/activated_rules/modsecurity_crs_10_setup.conf

Now activate you modsec folder again open the file /etc/httpd/conf.d/modsecurity.conf

and add ad the bottom INSIDE the IfModule

Include modsec/activated_rules/*.conf

Now you we have a working modsec installations with some basic rules.
To add rules link them into the activate_rules folder

like this

One rule

 ln -s /etc/httpd/modsec/base_rules/modsecurity_crs_35_bad_robots.conf /etc/httpd/modsec/activated_rules/

alla rules in the folder

 ln -s /etc/httpd/modsec/base_rules/* /etc/httpd/modsec/activated_rules/

don’t forget some rules need the .data file as well

Leave a Reply

%d bloggers like this: