Install ModSecurity and Get it Running in Linux CentOS/RHEL with Apache

If you’re hosting your own servers then securing your servers against attackers must be a high priority.

ModSecurity is an open source Web Application Firewall that execute as a Module on your Web Server and it detects and prevents attacks against web applications. It monitors HTTP traffic and performs real time analysis.

To install ModSecurity in a Linux server with CentOS, Follow these steps as the root user.

Install the EPEL Repository

Add the EPEL rpm repository in your system using following command.

rpm –ivh

Install ModSecurity and Predefined Rules

Now install mod_security apache modules with predefined rules of mod_security.

yum install mod_security mod_security_crs

Activate the Module

We need to edit ModSecurity configuration file/etc/httpd/conf.d/mod_security.conf and locate for the SecRuleEngine Directive in the File and make sure SecRuleEngine set to “On” to protect webserver for the attacks:

SecRuleEngine on

Restart Apache and Check

Turn on other required options and policies as per your requirements. Finally, restart httpd:

service httpd restart

To confirm that our web application firewall is working we can see something like this in our Apache error logs.

# tail /var/log/httpd/error_log
[notice] ModSecurity for Apache/2.7.3 ( configured.
[notice] ModSecurity: APR compiled version=”1.3.9″; loaded version=”1.3.9″
[notice] ModSecurity: PCRE compiled version=”7.8 “; loaded version=”7.8 2008-09-05″
[notice] ModSecurity: LUA compiled version=”Lua 5.1″
[notice] ModSecurity: LIBXML compiled version=”2.7.6

mod_security configuration files

/etc/httpd/conf.d/mod_security.conf – main configuration file for the mod_security Apache module.

/etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.

/var/log/httpd/modsec_debug.log – Use debug messages for debugging mod_security rules and other problems.

/var/log/httpd/modsec_audit.log – All requests that trigger a ModSecurity events or a serer error are logged are logged into this file.

Previously we have cover the post on how to Configure Mod_Security on Linux,you can check the step by step instructions.