해당 분류 : 서버에 대한 이야기    Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora    글을 기록한 날 : 2013/04/13 10:58

This is our first series on Apache security, in this article we will guide you’ll how to install and configure Mod_Security and Mod_evasive modules for Apache on RHEL 6.2/6.1/6/5.8,CentOS 6.2/6.1/6/5.8 and Fedora 17,16,15,14,13,12 systems using source code.

These two great security modules protect Apache server from brute force attacks and DOS attacks. Before, moving for further installation guide, we would like to provide you a little description on these tow modules.

Install mod_security and mod_evasive

Install mod_security and mod_evasive

What is Mod_Security?

Mod_Security is an open source web application firewall (WAF) and intrusion detection and prevention system for web applications. It is used to protect and monitor real time HTTP traffic and web applications from brute fore attacks.

What is Mod_Evasive?

Mod_Evasive is an open source evasive maneuvers system for Apache server to provide evasive action in the event of an HTTP brute force, Dos or DDos attack. It was designed to use as a network traffic detection and network management tool and can be easily configured and integrated into firewalls, ipchains, routers etc. Presently, it sends abuses reports via email and syslog facilites.

Install Mod_Security and Mod_evasive on RHEL 6.2/6.1/6/5.8,CentOS 6.2/6.1/6/5.8 and Fedora 17,16,15,14,13,12

How to Install Mod_Security on RHEL/CentOS & Fedora

You must have LAMP setup installed and configured in your system before installing mod_security.

Step 1: Installing Dependencies for mod_security

Firstly, we required to install some dependency packages for mod_security. Run the following commands on your selected OS.

## For RHEL/CentOS 6.2/6.1/6/5.8 ##
# yum install gcc make
# yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

## For Fedora 17,16,15,14,13,12 ##
# yum install gcc make
# yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

Step 2: Installing Mod_Security

As I said above that we use source code to install mod_security. Run the following commands as root.

## For RHEL/CentOS 6.2/6.1/6/5.8 ##
# cd /usr/src
# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz
# tar xzf modsecurity-apache_2.6.6.tar.gz
# cd modsecurity-apache_2.6.6
# ./configure
# make install
# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

## For Fedora 17,16,15,14,13,12 ##
# cd /usr/src
# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz
# tar xzf modsecurity-apache_2.6.6.tar.gz
# cd modsecurity-apache_2.6.6
# ./configure
# make install
# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

Step 3: Downloading OWASP Mod_Security Core Rule Set

Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration, these rules are used to protect from unknown vulnerabilities which often found on web applications. So, here we are going to download and install rule set for mod_security. Run the following commands.

## For RHEL/CentOS 6.2/6.1/6/5.8 ##
# cd /etc/httpd/
# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
# tar xzf modsecurity-crs_2.2.5.tar.gz
# mv modsecurity-crs_2.2.5 modsecurity-crs
# cd modsecurity-crs
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

## For Fedora 17,16,15,14,13,12 ##
# cd /etc/httpd/
# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
# tar xzf modsecurity-crs_2.2.5.tar.gz
# mv modsecurity-crs_2.2.5 modsecurity-crs
# cd modsecurity-crs
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Step 4: Configuring Mod_Security

Now, you need to modify your Apache configuration file to load the mod_security module.

# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and add this below line at the bottom.

LoadModule security2_module modules/mod_security2.so

Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file.

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_config.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

Next, restart the Apache service to enable mod_security module and their rules.

# /etc/init.d/httpd restart

For more information on this topic visit the following links for your reference.

  1. ModSecurity Home Page
  2. OWASP ModSecurity Core Rule Set

The above installation is tested on CentOS 5.6 and successfully worked for me, I hope it will also work for you, now let’s move further installation of mod_evasive module.

How to Install Mod_Evasive in RHEL/CentOS & Fedora

As we already installed required dependency packages above, so let’s install the mod_evasive module.

Step 1: Installing Mod_Evasive

Just run the following commands to install mod_evasive.

## For RHEL/CentOS 6.2/6.1/6/5.8 ##
# cd /usr/src 
# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar xzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# apxs -cia mod_evasive20.c

## For Fedora 17,16,15,14,13,12 ##
# cd /usr/src 
# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar xzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# apxs -cia mod_evasive20.c

Step 2: Configuring Mod_Evasive

By default installation adds the following line of mod_evasive configuration to your Apache configuration file. Please verify that it should be there like similar to below. If you can’t see this below line, then add this to your httpd.conf file.

LoadModule evasive20_module   /usr/lib/httpd/modules/mod_evasive20.so

Now add the mod_evasive configuration parameters to your Apache configuration at the end. Replace someone@somewhere.com with your Email Id to get email alerts.

<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   60
DOSEmailNotify someone@somewhere.com
</IfModule>

Next restart the Apache service to update changes.

# /etc/init.d/httpd restart

For more additional information visit the mod_evasive Home Page.

Please drop your comments for any queries on installation, we will love to help you out and don’t forget to Subscribe to our Updates.

Creative Commons License
Creative Commons License

트랙백 주소 : http://www.barahime.org/trackback/19

  1. Subject : r4

    Tracked from r4 / 2013/04/24 14:40  삭제

    easily acquire that experts claim SDK in opposition to iPhone. The a list of most SDK it is preferable throughout is likely to depending on operating-multilevel person

  2. Subject : free printable chuck e cheese coupons

    Tracked from free printable chuck e cheese coupons / 2014/03/07 02:42  삭제

    아이온으로 풀어보는 자바이야기 ::

  3. Subject : golf games

    Tracked from golf games / 2014/03/07 16:07  삭제

    아이온으로 풀어보는 자바이야기 ::

  4. Subject : Garcinia Cambogia Reviews

    Tracked from Garcinia Cambogia Reviews / 2014/03/30 14:12  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  5. Subject : lose weight garcinia cambogia

    Tracked from lose weight garcinia cambogia / 2014/05/28 15:36  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  6. Subject : garcinia cambogia extract cvs

    Tracked from garcinia cambogia extract cvs / 2014/05/28 16:29  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  7. Subject : transcendental meditation cost

    Tracked from transcendental meditation cost / 2014/05/28 16:50  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  8. Subject : garcinia cambogia

    Tracked from garcinia cambogia / 2014/06/11 01:12  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  9. Subject : garcinia cambogia fruit extract

    Tracked from garcinia cambogia fruit extract / 2014/06/15 17:04  삭제

    아이온으로 풀어보는 자바이야기 ::

  10. Subject : pure garcinia cambogia extract

    Tracked from pure garcinia cambogia extract / 2014/06/19 17:33  삭제

    아이온으로 풀어보는 자바이야기 ::

  11. Subject : garcinia cambogia plus walgreens

    Tracked from garcinia cambogia plus walgreens / 2014/07/07 06:40  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  12. Subject : Garcinia Weight Loss Pills

    Tracked from Garcinia Weight Loss Pills / 2014/07/21 10:28  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  13. Subject : Irritable bowel syndrome diet

    Tracked from Irritable bowel syndrome diet / 2014/08/19 07:26  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  14. Subject : Light Speed Spanish Subjunctive Conjugations

    Tracked from Light Speed Spanish Subjunctive Conjugations / 2014/08/24 18:28  삭제

    아이온으로 풀어보는 자바이야기 ::

  15. Subject : martial art weapons

    Tracked from martial art weapons / 2014/08/30 00:09  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  16. Subject : past imperfect subjunctive Spanish irregulars

    Tracked from past imperfect subjunctive Spanish irregulars / 2014/08/31 01:52  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  17. Subject : taekwondo kamas

    Tracked from taekwondo kamas / 2014/09/05 12:50  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  18. Subject : weight loss programs online

    Tracked from weight loss programs online / 2014/09/05 17:59  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  19. Subject : star wars commander hack

    Tracked from star wars commander hack / 2014/09/06 19:34  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  20. Subject : China and Hong Kong information on Wikipedia

    Tracked from China and Hong Kong information on Wikipedia / 2014/09/15 17:26  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  21. Subject : Spanish past subjunctive lesson

    Tracked from Spanish past subjunctive lesson / 2014/09/26 13:27  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  22. Subject : 10 plain water

    Tracked from 10 plain water / 2014/10/25 07:57  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

  23. Subject : mouse click the following web page

    Tracked from mouse click the following web page / 2014/11/07 11:30  삭제

    아이온으로 풀어보는 자바이야기 :: Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

Notice

Blogroll

Counter

· Total
: 274246
· Today
: 20
· Yesterday
: 36