skip navigation

www.Hilands.com


Content:: Mod Security

Mod Security on Debian



Table of Contents
Installing Mod Security

Find the mod security files with apt-cache # apt-cache search mod-security
libapache-mod-security - Tighten web applications security for Apache
mod-security-common - Tighten web applications security - common files

Install the module (without configs) # apt-get install libapache-mod-security
We can validate mod security exists by checking for the file with ls. # ls -l /usr/lib/apache2/modules/mod_security2.so
-rw-r--r-- 1 root root 331888 Apr  8 07:15 mod_security2.so

Configuring Mod Security

The Debian way

# apt-get install mod-security-common
The Manual way

# nano /etc/apache2/conf.d/mod-security
<IfModule security2_module>
	Include mod-security-rules/*.conf
	Include mod-security-rules/base_rules/*.conf
</IfModule>
# mkdir /etc/apache2/mod-security-rules # cd /etc/apache2/mod-security-rules look for the latest release and download info http://www.modsecurity.org/download/direct.html http://sourceforge.net/projects/mod-security/files/modsecurity-apache/ To find out the version you have installed on Debian # ls -l /var/cache/apt/archives/libapache-mod-security* On Squeeze you will find 2.5.12
-rw-r--r-- 1 root root 122752 Apr  8 09:11 libapache-mod-security_2.5.12-1+squeeze2_amd64.deb
On Wheezy you will find 2.6.6
-rw-r--r-- 1 root root  18274 Apr  8 08:00 libapache-mod-security_2.6.6-6_all.deb
Use wget to download modsecurity # wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz Extract mod security from tarball. # tar -xzf modsecurity-apache_2.6.6.tar.gz make the directory /etc/apache2/mod-security-rules. # mkdir /etc/apache2/mod-security-rules Copy mod security configuration files to the mod-security-rules folder we made. # cp -R modsecurity-apache_2.6.6/rules/base_rules /etc/apache/mod-security-rules/ # cp -R modsecurity-apache_2.6.6/rules/modsecurity_crs_10_config.conf /etc/apache/mod-security-rules/
Create a test file # nano /var/www/include.php
<?php $i = $_GET['i']; include ($i); ?>
View in a website.
http://169.237.72.15/include.php?i=/etc/passwd
# a2enmod mod-security Module mod-security already enabled # /etc/init.d/apache2 restart References