If you’re hosting your own servers then securing your servers against attackers must be a high priority.
ModSecurity is an open source Web Application Firewall that execute as a Module on your Web Server and it detects and prevents attacks against web applications. It monitors HTTP traffic and performs real time analysis.
To install ModSecurity in a Linux server with CentOS, Follow these steps as the root user.
Install the EPEL Repository
Add the EPEL rpm repository in your system using following command.
rpm –ivh http://fedora.mirror.uber.com.au/epel/6/i386/epel-release-6-7.noarch.rpm
Install ModSecurity and Predefined Rules
Now install mod_security apache modules with predefined rules of mod_security.
yum install mod_security mod_security_crs
Activate the Module
We need to edit ModSecurity configuration file/etc/httpd/conf.d/mod_security.conf and locate for the SecRuleEngine Directive in the File and make sure SecRuleEngine set to “On” to protect webserver for the attacks:
Restart Apache and Check
Turn on other required options and policies as per your requirements. Finally, restart httpd:
service httpd restart
To confirm that our web application firewall is working we can see something like this in our Apache error logs.
# tail /var/log/httpd/error_log [notice] ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/) configured. [notice] ModSecurity: APR compiled version=”1.3.9″; loaded version=”1.3.9″ [notice] ModSecurity: PCRE compiled version=”7.8 “; loaded version=”7.8 2008-09-05″ [notice] ModSecurity: LUA compiled version=”Lua 5.1″ [notice] ModSecurity: LIBXML compiled version=”2.7.6
mod_security configuration files
/etc/httpd/conf.d/mod_security.conf – main configuration file for the mod_security Apache module.
/etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.
/var/log/httpd/modsec_debug.log – Use debug messages for debugging mod_security rules and other problems.
/var/log/httpd/modsec_audit.log – All requests that trigger a ModSecurity events or a serer error are logged are logged into this file.
[wpfmb type=’success’ theme=2]Previously we have cover the post on how to Configure Mod_Security on Linux,you can check the step by step instructions.[/wpfmb]