mod_security (first post, i win)

IWorx-Chris · September 3, 2004, 11:06am

For the sake of getting the first post, I have a tool for the InterWorx-CP suite that some may be interested in. I’ve made up a SRPM for mod_security, which is a security-minded URL filter of sorts for Apache. We haven’t had many requests for this but in the spirit of thinking ahead I thought everyone may want to check it out.

This has been tested on our internal boxes ONLY, and is BETA. YOU HAVE BEEN FOREWARNED!!

Now that that’s out of the way it’s been working fine on our test boxes so feel free to give it a whirl.

The mod_security homepage is at: http://www.modsecurity.org/.

Install the mod on any interworx-cp box by doing:

rpmbuild --rebuild --with < your arch here > http://updates.interworx.info/iworx/SRPMS/experimental/mod_security-1.8.4-100.iworx.src.rpm
rpm -ivh /usr/redhat/bin/mod_security-1.8.4-100.iworx.rpm

the “< your arch here >” part is where you distro descriptor goes. Here’s a list of htem:


RedHat 9     = rht9x
CentOS 3.x   = cos3x
Fedora 1     = fdr10
Fedora 2     = fdr20
White Box    = whb3x

So, for a redhat 9 box just do:

rpmbuild --rebuild --with rht90 http://updates.interworx.info/iworx/SRPMS/experimental/mod_security-1.8.4-100.iworx.src.rpm
rpm -ivh /usr/redhat/bin/mod_security-1.8.4-100.iworx.rpm

REMEMBER, THIS IS BETA!! USE AT YOUR OWN RISK!!

enjoy ;).

Chris

system · September 29, 2004, 6:18am

Chris,

Just before install it, I’d like to know what do you enter under the <IfModule mod_security.c> in the httpd.conf

Does it update httpd.conf, and/or others /domaine.conf automaticly ?

Pascal

IWorx-Chris · September 29, 2004, 12:51pm

it puts a file in the conf.d directory named security.conf that you can edit to your needs.

Chris

system · February 11, 2005, 6:55pm

Chris mentioned you still have mod_security available. What’s the latest version you have available? yum doesn’t seem to see anything.

system · February 11, 2005, 7:06pm

Nevermind. I only see 1.8.4 in the CentOS Binaries.

Going to add 1.8.6?

system · February 11, 2005, 7:34pm

I’m sure they will get to it, but I think they’re prety busy right now finishing InterWorx 1.9.

system · February 11, 2005, 7:39pm

Yeah but I’m greedy I wouldn’t use mod_security at all (and really didn’t want to) but I know I’m going to want some of the scrubbing features soo…

IWorx-Chris · February 12, 2005, 1:02pm

Just updated it to 1.8.6:

http://updates.interworx.info/iworx/SRPMS/nexcess/mod_security-1.8.6-1.iworx.src.rpm

Chris

system · February 12, 2005, 6:35pm

Thanks I’ll update now. Still might just stick with mod_rewrite though

system · December 29, 2005, 11:30pm

I was curious if there had been any update on the mod_Security project for Iworx? It looks like a good security addition and a worthy addition to a virtual hosted machine in aid of client security.

Any news on it?

IWorx-Chris · December 29, 2005, 11:31pm

It can be added independantly of iworx-cp but isn’t “integrated” at this point in time. It may be in the future.

Chris

system · December 30, 2005, 6:11am

http://centos.karan.org/el4/extras/stable/i386/RPMS/repodata/repoview/mod_security-0-1.9.1-1.el4.kb.html

That’s an up to date rpm, and has been working fine for me. (CentOS 4.x)

Then if you like check out http://gotroot.com for a LARGE amount of rules to add.

Thanks,
Clint

paulo · May 29, 2007, 7:02pm

Any x64 rpm, out there ? … the install still works the same way for CentOS 4.4 (x64) / iworx 2.1.3 ?

Thanks

Paulo