This article describes how to install mod_security2 on Debian Lenny. It should work on Etch, too.
On the http://www.modsecurity.org website there is a link to the mod_security2 pakets for Debian. (Community-Produced Binary packages)
Note: You should check this website for the latest versions and change the example „wget“ commands in this howto.
1. Download the pakets and install via dpkg:
wget http://etc.inittab.org/~agi/debian/libapache-mod-security2/2.5.x/etch/libapache2-mod-security2_2.5.5-1~etch1_amd64.deb wget http://etc.inittab.org/~agi/debian/libapache-mod-security2/2.5.x/etch/mod-security2-common_2.5.5-1~etch1_all.deb dpkg -i mod-security2-common_2.5.5-1~etch1_all.deb libapache2-mod-security2_2.5.5-1~etch1_amd64.deb
Note: You may need an other paket than amd64 !!!
2. Create a subfolder for the mod_security rules in the Apache config folder:
mkdir /etc/apache2/modsecurity2 chmod 600 /etc/apache2/modsecurity2
3. Download the rulsets from http://www.modsecurity.org/download/direct.html
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
and extract the files and move the „conf“ files to mod security:
tar vfx modsecurity-core-rules_2.5-1.6.1.tar.gz mv *.conf /etc/apache2/modsecurity2/
4. You have to create a symlink to fit Apache log directory to the Debian logs.
(Or fix all rules :-))
ln -s /var/log/apache2 /etc/apache2/logs
5. Enable modsecurity
a2enmod mod-security
6. Configuration
Edit „/etc/apache2/conf.d/mod_security“:
# mod_security configuration directives # ... # Turn the filtering engine On or Off SecFilterEngine On # Some sane defaults #Check if URL characters where encoded SecFilterCheckURLEncoding On #Check UTF-8 encoding SecFilterCheckUnicodeEncoding Off #Allow 1 byte characters # Accept almost all byte values SecFilterForceByteRange 0 255 # Server masking is optional # SecServerSignature "Microsoft-IIS/0.0" SecAuditEngine RelevantOnly # The name of the audit log file SecAuditLog /var/log/apache2/audit_log # You normally won't need debug logging # Debug level set to a minimum SecFilterDebugLog /var/log/apache2/modsec_debug_log SecFilterDebugLevel 0 # Should mod_security inspect POST payloads SecFilterScanPOST On # By default log and deny suspicious requests # with HTTP status 500 SecFilterDefaultAction "deny,log,status:500"
7. Now you can restart your Apache webserver:
/etc/init.d/apache2 restart
8. Links:
http://www.modsecurity.org
http://www.howtoforge.com/apache_mod_security
http://www.debuntu.org/2006/08/13/86-secure-your-apache2-with-mod-security
Pingback: IT Tips and Tricks » Installing Apache2 mod_secutity2 on Debian Lenny
william
31 Dez. 2011article doesnt enable modsecurity at all – just intsalls it – mod-security.load never gets loaded – article doesnt talk about the required config settings as well
sebastian
2 Jan. 2012sorry my fault.
Wrong revison was online. Fixed it.
Ramses
8 Jan. 2012Thanks for sharing!