Jaime Frutos Morales's blog

12/06/2009

Installing ModSecurity for Apache in Ubuntu Server 9.04

Filed under: SysAdmin, Ubuntu — acidborg @ 09:41

From its web: “ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.”

Its installation is simple:

apt-get install libapache-mod-security

To enable ModSecurity in Apache, create the file /etc/apache2/conf.d/mod_security.conf with this content:

(Sorry for the images of the code, but LiveJournal doesn’t allow XML code inside the posts)

Then, make a directory to store the logs generated by ModSecurity:

mkdir /var/log/apache2/mod_security

ln -s /var/log/apache2/mod_security /etc/apache2/logs

After that, download the latest set of rules (called modsecurity-code-rules*.tar.gz).

Afterwards, configure the set of rules:

mkdir /etc/apache2/conf.d/mod_security

cp modsecurity-core-rules* /etc/apache2/conf.d/mod_security/

cd /etc/apache2/conf.d/mod_security

tar xvfz modsecurity-core-rules*

rm CHANGELOG LICENSE README modsecurity-core-rules*.tar.gz

If you want to disable any rule, just create the file /etc/apache2/conf.d/mod_security/modsecurity_crs_99_disabled_rules.conf and tell ModSecurity which rules on which locations you want to disable (you can know rule numbers reading ModSecurity log files in /var/log/apache2/mod_security ). For example:

To let logrotate do its job, replace the first line of /etc/logrotate.d/apache2 with this one:

/var/log/apache2/*.log /var/log/apache2/mod_security/*.log {

Finally, restart your Apache server:

/etc/init.d/apache2 restart

Advertisements

Create a free website or blog at WordPress.com.

%d bloggers like this: