This is the document about configuring apache server with mod security+owasp core rule sets (ubuntu as OS)
owasp core rule sets are very hard to bypass and server admins can use it to defend server against common attacks
+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
i performed steps given below on ubuntu 12
so lets start
enter into directory /etc/apache2
cd /etc/apache2
download mod security source code and owasp core rule sets
command is
===================================
mod security source code
wget https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz
owasp core rule sets
wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/master.zip
===================================
exract mod security source code
command is
tar -xzf modsecurity-2.8.0.tar.gz
enter into source code directory
cd modsecurity-2.8.0/
we need to install libxml2-dev package to avoid "configure: error: libxml2 library is required" during mod security source code compilation
command is
apt-get install libxml2-dev
now we will start mod security package source code compilation
but make sure configure file has execute permission
ls -l configure
if it doesnt has execute permission
run command
chmod +x configure
ok, lets start
execute command
./configure
if everything went fine(means no error), move to next step
execute command
make install
after it, copy modsecurity config file to directory from where apache reads extra config files
execute this command on terminal
cp modsecurity.conf-recommended /etc/apache2/conf.d/modsecurity.conf
create unicode.mapping in conf.d directory
(to avoid error during apache reload after integrating rules with apache)command is
touch /etc/apache2/conf.d/unicode.mapping
ok, time to move to owasp mod security core rule sets
unzip the core rule sets
cd /etc/apache2/ && unzip master.zip
rename extracted directory(owasp mod security rule set) to a simple one
i am renaming owasp-modsecurity-crs-master to modsecurity-crs
command is
mv owasp-modsecurity-crs-master/ modsecurity-crs
enter into modsecurity-crs directory and generate a copy of modsecurity crs setup file
cd modsecurity-crs/ && cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
open modsecurity.conf to define mod secuirty working when a request come to server
nano /etc/apache2/conf.d/modsecurity.conf
change value of SecRuleEngine to on
SecRuleEngine On
change SecRequestBodyAccess to Off if you dont want to check for post request body(which is not advicable because post request may also contain malecious request in it
)SecRequestBodyAccess On
now open apache main config file to include owasp rules file in it
nano /etc/apache2/apache2.conf
scroll down to the end of the file and add following lines to file
<IfModule security2_module>
Include modsecurity-crs/modsecurity_crs_10_setup.conf
Include modsecurity-crs/base_rules/*.conf
</IfModule>
now load mod security module
open file
nano /etc/apache2/mods-available/mod_security2.load
and add this text
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
enter into directory /etc/apache2/mods-enabled
and create symlink of /etc/apache2/mods-available/mod_security2.load file in the directory by executing command
command is
cd /etc/apache2/mods-enabled && ln -s ../mods-available/mod_security2.load mod_security2.load
load mod_unique_id (it is required for mod security)
command is
cd /etc/apache2/mods-enabled && ln -s ../mods-available/unique_id.load unique_id.load
and now before restarting apache with mod secuirt time to check whether apache config is correct or not
execute command
apache2ctl configtest
if it doesnt generate any error means our apache config file is correct and we can restart our apache server to launch it with mod security >
<execute command service apache2 restart to restart apache server
and wot wot 3
now our apache server is loaded with hardest security rules mod security logs will be saved in file
/var/log/modsec_audit.log
if you have any issue using this tutorial , please let me know
Thank you
-==[[Love to]]==--
zero
Cool ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf
indishell,Baba ,Silent poison India,Magnum sniper,Atul
Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja
indishell,Reborn India,L0rd Crus4d3r,AR AR,Hackuin,Mannu, ViKi, Hardeep
singh, Bhuppi,Mohit, Ffe, Anju, RR Mam, Acchi bacchi(Jagriti) and DON
0 comments