how to install mod_security ?

hi,

Any tips or links on how to install mod_security with iworx .

thanks

???

Installation of apache module mod_security
(check last version at http://www.modsecurity.org/download/ website)

yum install libxml2 libxml2-devel curl-devel pcre-devel gcc-c++

mkdir extras

cd extras

wget http://www.modsecurity.org/download/modsecurity-apache_2.5.12.tar.gz

tar -zxvf modsecurity-apache_2.5.12.tar.gz

cd modsecurity-apache_2.5.12/apache2/

/etc/init.d/httpd stop ( optional… )

./configure

make

make mlogc

make install

vi /etc/httpd/conf/httpd.conf

Above all of the LoadModule directives add:

        LoadFile /usr/lib64/libxml2.so 

Add after “LoadModules” section:

        LoadModule security2_module    /usr/lib64/httpd/modules/mod_security2.so 

save file

Create directory where rules should be created:

mkdir /etc/httpd/conf.d/modsecurity

And install default rules:

cd /etc/httpd/conf.d/modsecurity

cp /root/extras/modsecurity-apache_2.5.12/rules/base_rules/modsecurity_* .

cp /root/extras/modsecurity-apache_2.5.12/rules/modsecurity_crs_10_config.conf /etc/httpd/conf.d/modsecurity/

Copy modsecurity.conf-minimal to apache conf.d directory:

cp /root/extras/modsecurity-apache_2.5.12/modsecurity.conf-minimal /etc/httpd/conf.d/modsecurity2.conf

Edit /etc/httpd/conf.d/modsecurity2.conf

vi /etc/httpd/conf.d/modsecurity2.conf

and add the following lines at the end of the file:

        <ifmodule security2_module> 
        Include /etc/httpd/conf.d/modsecurity/*.conf 
        </ifmodule> 

Save,

test apache startup:

/etc/init.d/httpd configtest

If no errors, restart apache

/etc/init.d/httpd restart

Great Paulo!
I founbd out that mod_sec2 break some flash applications in my clients accounts, for some reason.

–> Finished Dependency Resolution
gcc-4.1.2-48.el5.i386 from base has depsolving problems
–> Missing Dependency: glibc-devel >= 2.2.90-12 is needed by package gcc-4.1.2-48.el5.i386 (base)
Error: Missing Dependency: glibc-devel >= 2.2.90-12 is needed by package gcc-4.1.2-48.el5.i386 (base)

[QUOTE=onspot;17275]Great Paulo!
I founbd out that mod_sec2 break some flash applications in my clients accounts, for some reason.[/QUOTE]

You could create a .htaccess on that host account with

<ifmodule>SecFilterInheritance Off </ifmodule>

[I]

:slight_smile:

[/I]

[QUOTE=m1010;17279]–> Finished Dependency Resolution
gcc-4.1.2-48.el5.i386 from base has depsolving problems
–> Missing Dependency: glibc-devel >= 2.2.90-12 is needed by package gcc-4.1.2-48.el5.i386 (base)
Error: Missing Dependency: glibc-devel >= 2.2.90-12 is needed by package gcc-4.1.2-48.el5.i386 (base)[/QUOTE]

you could try to install glibc-devel

yum install glibc-devel

The howto was to a 64bit version and it seems you’re on a 32bits CentOS, so dont forget to change the lib’s paths replace “/usr/lib64” by “/usr/lib” to meet your system

Regards

yum install glibc-devel

Excluding Packages in global exclude list
Finished
Setting up Install Process
No package glibc-devel available.
Nothing to do

Hi,

you coult try “yum update” or “yum upgrade” to check everything is uptodate and then install it

Regards