{"id":3105,"date":"2014-01-16T20:34:46","date_gmt":"2014-01-16T20:34:46","guid":{"rendered":"http:\/\/blog.shineservers.com\/?p=2408"},"modified":"2014-01-16T20:34:46","modified_gmt":"2014-01-16T20:34:46","slug":"protect-apache-using-mod_security-on-rhelcentos-fedora","status":"publish","type":"post","link":"https:\/\/www.shineservers.com\/2014\/01\/16\/protect-apache-using-mod_security-on-rhelcentos-fedora\/","title":{"rendered":"Protect Apache using Mod_Security on RHEL\/CentOS & Fedora"},"content":{"rendered":"

These two great security modules protect\u00a0Apache<\/strong>\u00a0server from brute force attacks and DOS attacks. Before, moving for further installation guide, we would like to provide you a little description on these tow modules.<\/p>\n

What is Mod_Security?<\/h3>\n

Mod_Security<\/strong>\u00a0is an open source web application firewall (WAF<\/strong>) and intrusion detection and prevention system for web applications. It is used to protect and monitor real time HTTP traffic and web applications from brute fore attacks.<\/p>\n

What is Mod_Evasive?<\/h3>\n

Mod_Evasive<\/strong>\u00a0is an open source evasive maneuvers system for\u00a0Apache<\/strong>\u00a0server to provide evasive action in the event of an HTTP brute force, Dos or DDos attack. It was designed to use as a network traffic detection and network management tool and can be easily configured and integrated into firewalls, ipchains, routers etc. Presently, it sends abuses reports via email and syslog facilites.<\/p>\n

Install\u00a0<\/strong>Mod_Security<\/strong>\u00a0and\u00a0Mod_evasive<\/strong>\u00a0on\u00a0RHEL 6.2\/6.1\/6\/5.8<\/strong>,\u00a0CentOS 6.2\/6.1\/6\/5.8<\/strong>\u00a0and\u00a0Fedora 17,16,15,14,13,12<\/strong><\/div>\n

How to Install Mod_Security on RHEL\/CentOS & Fedora<\/h3>\n

Step 1: Installing Dependencies for mod_security<\/h4>\n

Firstly, we required to install some dependency packages for mod_security. Run the following commands on your selected OS.<\/p>\n

## For RHEL\/CentOS 6.2\/6.1\/6\/5.8 ##<\/strong>\n# yum install gcc make\n# yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel\n\n## For Fedora 17,16,15,14,13,12 ##<\/strong>\n# yum install gcc make\n# yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel<\/pre>\n
Step 2: Installing Mod_Security<\/h4>\n
As I said above that we use source code to install mod_security. Run the following commands as root.<\/p>\n
## For RHEL\/CentOS 6.2\/6.1\/6\/5.8 ##<\/strong>\n# cd \/usr\/src\n# wget http:\/\/www.modsecurity.org\/download\/modsecurity-apache_2.6.6.tar.gz\n# tar xzf modsecurity-apache_2.6.6.tar.gz\n# cd modsecurity-apache_2.6.6\n# .\/configure\n# make install\n# cp modsecurity.conf-recommended \/etc\/httpd\/conf.d\/modsecurity.conf\n\n## For Fedora 17,16,15,14,13,12 ##<\/strong>\n# cd \/usr\/src\n# wget http:\/\/www.modsecurity.org\/download\/modsecurity-apache_2.6.6.tar.gz\n# tar xzf modsecurity-apache_2.6.6.tar.gz\n# cd modsecurity-apache_2.6.6\n# .\/configure\n# make install\n# cp modsecurity.conf-recommended \/etc\/httpd\/conf.d\/modsecurity.conf<\/pre>\n
Step 3: Downloading OWASP Mod_Security Core Rule Set<\/h4>\n
Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration, these rules are used to protect from unknown vulnerabilities which often found on web applications. So, here we are going to download and install rule set for mod_security. Run the following commands.<\/p>\n
## For RHEL\/CentOS 6.2\/6.1\/6\/5.8 ##<\/strong>\n# cd \/etc\/httpd\/\n# wget http:\/\/pkgs.fedoraproject.org\/repo\/pkgs\/mod_security_crs\/modsecurity-crs_2.2.5.tar.gz\/aaeaa1124e8efc39eeb064fb47cfc0aa\/modsecurity-crs_2.2.5.tar.gz\n# tar xzf modsecurity-crs_2.2.5.tar.gz\n# mv modsecurity-crs_2.2.5 modsecurity-crs\n# cd modsecurity-crs\n# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf## For Fedora 17,16,15,14,13,12 ##<\/strong>\n# cd \/etc\/httpd\/\n# wget http:\/\/pkgs.fedoraproject.org\/repo\/pkgs\/mod_security_crs\/modsecurity-crs_2.2.5.tar.gz\/aaeaa1124e8efc39eeb064fb47cfc0aa\/modsecurity-crs_2.2.5.tar.gz\n# tar xzf modsecurity-crs_2.2.5.tar.gz\n# mv modsecurity-crs_2.2.5 modsecurity-crs\n# cd modsecurity-crs\n# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf<\/pre>\n
Step 4: Configuring Mod_Security<\/h4>\n
Now, you need to modify your Apache configuration file to load the mod_security module.<\/p>\n
# vi \/etc\/httpd\/conf\/httpd.conf<\/pre>\n
Search for the line\u00a0LoadModule<\/strong>\u00a0in your httpd.conf and add this below line at the bottom.<\/p>\n
LoadModule security2_module modules\/mod_security2.so<\/pre>\n
Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file.<\/p>\n
<IfModule security2_module>\n    Include conf.d\/modsecurity.conf\n <\/IfModule><\/pre>\n
Next, restart the Apache service to enable mod_security module and their rules.<\/p>\n
# \/etc\/init.d\/httpd restart<\/pre>\n
For more information on this topic visit the following links for your reference.<\/p>\n
    \n
  1. ModSecurity Home Page<\/a><\/li>\n
  2. OWASP ModSecurity Core Rule Set<\/a><\/li>\n<\/ol>\n
    The above installation is tested on CentOS 5.6 and successfully worked for me, I hope it will also work for you, now let\u2019s move further installation of mod_evasive module.<\/p>\n
    Related articles across the web<\/h3>\n