Results 1 to 17 of 17
  1. #1
    Join Date
    Jan 2005
    Location
    Kingdom of Bahrain
    Posts
    76

    Thumbs up HOW TO : ModSecurity

    Install or Update to version 1.9.3 all same
    Hello,
    Open Source Web Application Firewall
    ModSecurity at work

    ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.


    Apache 1.x
    Code:
    wget http://www.web4host.net/tools/modsecurity-apache1.sh
    chmod 755 modsecurity-apache1.sh
    sh modsecurity-apache1.sh

    Apache 2.x
    Code:
    wget http://www.web4host.net/tools/modsecurity-apache2.sh
    chmod 755 modsecurity-apache2.sh
    sh modsecurity-apache2.sh

    edit httpd.conf
    Code:
    nano -w /etc/httpd/conf/httpd.conf
    find mod_security then past this after

    Code:
    <IfModule mod_security.c>
    # Only inspect dynamic requests
    # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
    #SecFilterEngine DynamicOnly
    
    SecFilterEngine On
    
    # Reject requests with status 500
    SecFilterDefaultAction "deny,log,status:500"
    
    # Some sane defaults
    SecFilterScanPOST On
    SecFilterCheckURLEncoding On
    SecFilterCheckCookieFormat On
    SecFilterCheckUnicodeEncoding Off
    SecFilterNormalizeCookies On
    # enable version 1 (RFC 2965) cookies
    SecFilterCookieFormat 1
    
    SecServerResponseToken Off
    
    #If you want to scan the output, uncomment these
    #SecFilterScanOutput On
    #SecFilterOutputMimeTypes "(null) text/html text/plain"
    
    # Accept almost all byte values
    SecFilterForceByteRange 1 255
    
    # Server masking is optional
    #fake server banner - NOYB used - no one needs to know what we are using
    SecServerSignature "Power MOD by web4host.net"
    
    #SecUploadDir /tmp
    #SecUploadKeepFiles Off
    
    # Only record the interesting stuff
    SecAuditEngine RelevantOnly
    SecAuditLog logs/audit_log
    
    # You normally won't need debug logging
    SecFilterDebugLevel 0
    SecFilterDebugLog logs/modsec_debug_log
    
    #Use one rules - Remove # to active Rules
    # V1.0
    #Include /etc/modsecurity/mini1.conf
    # V2.0
    #Include /etc/modsecurity/mini2.conf
    # V3.0
    #Include /etc/modsecurity/mini3.conf
    # V4.0
    #Include /etc/modsecurity/mini.conf
    # V5.0
    #Include /etc/modsecurity/mini.conf
    </IfModule>
    Search for ‘AddModule’ string, and make sure that AddModule mod_security.c

    Do a safe apache restart
    Code:
    /sbin/service httpd restart
    Remove # to active Rules (V1.0=low load / V5.0=more load)

    if you want update mini rules
    Code:
    wget http://www.web4host.net/tools/modsecurity-rule.sh
    chmod 755 modsecurity-rule.sh
    ./modsecurity-rule.sh

    If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load

    Update post here in DirectAdmin Forums
    Tested in DA server


    Wael

  2. #2
    Join Date
    Mar 2006
    Location
    Vietnam
    Posts
    98
    http://www.web4host.net/ <= The page can't find

  3. #3
    Join Date
    Jan 2005
    Location
    Kingdom of Bahrain
    Posts
    76

    Smile

    Quote Originally Posted by MarsNIIT
    http://www.web4host.net/ <= The page can't find
    Try again, work fine with me

  4. #4
    Join Date
    Jan 2005
    Location
    Kingdom of Bahrain
    Posts
    76
    Install or Update to version 1.9.3 or 2.0.0 all same
    Hello,
    Open Source Web Application Firewall
    ModSecurity at work

    ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

    Version 1.9.3
    Apache 1.x
    Code:
    wget http://www.web4host.net/tools/modsecurity-apache1.sh
    chmod 755 modsecurity-apache1.sh
    sh modsecurity-apache1.sh

    Apache 2.x
    Code:
    wget http://www.web4host.net/tools/modsecurity-apache2.sh
    chmod 755 modsecurity-apache2.sh
    sh modsecurity-apache2.sh

    edit httpd.conf
    Code:
    nano -w /etc/httpd/conf/httpd.conf
    find mod_security then past this after

    Code:
    <IfModule mod_security.c>
    # Only inspect dynamic requests
    # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
    #SecFilterEngine DynamicOnly
    
    SecFilterEngine On
    
    # Reject requests with status 500
    SecFilterDefaultAction "deny,log,status:500"
    
    # Some sane defaults
    SecFilterScanPOST On
    SecFilterCheckURLEncoding On
    SecFilterCheckCookieFormat On
    SecFilterCheckUnicodeEncoding Off
    SecFilterNormalizeCookies On
    # enable version 1 (RFC 2965) cookies
    SecFilterCookieFormat 1
    
    #SecServerResponseToken Off
    
    #If you want to scan the output, uncomment these
    #SecFilterScanOutput On
    #SecFilterOutputMimeTypes "(null) text/html text/plain"
    
    # Accept almost all byte values
    SecFilterForceByteRange 1 255
    
    # Server masking is optional
    #fake server banner - NOYB used - no one needs to know what we are using
    SecServerSignature "Power MOD by web4host.net"
    
    #SecUploadDir /tmp
    #SecUploadKeepFiles Off
    
    # Only record the interesting stuff
    SecAuditEngine RelevantOnly
    SecAuditLog logs/audit_log
    
    # You normally won't need debug logging
    SecFilterDebugLevel 0
    SecFilterDebugLog logs/modsec_debug_log
    
    #Additional rules for Apache 2.x ONLY!  Do not add this line if you use Apache 1.x
    #Include /etc/modsecurity/apache2-rules.conf
    
    #Use one rules - Remove # to active Rules
    # V1.0
    #Include /etc/modsecurity/mini1.conf
    # V2.0
    #Include /etc/modsecurity/mini2.conf
    # V3.0
    #Include /etc/modsecurity/mini3.conf
    # V4.0
    #Include /etc/modsecurity/mini4.conf
    # V5.0
    #Include /etc/modsecurity/mini5.conf
    # V6.0
    #Include /etc/modsecurity/mini.conf
    </IfModule>
    Search for ‘AddModule’ string, and make sure that AddModule mod_security.c

    Do a safe apache restart
    Code:
    /sbin/service httpd restart
    ******
    Version 2.0.0
    March 08, 2006
    First development release of ModSecurity 2.x

    It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too. ModSecurity 2.0.0-dev1 is available right now and it offers the following major improvements:

    * Transaction scoring.
    * IP address tracking and blacklisting.
    * IP address scoring.
    * RPC API.
    * Functions (e.g. you are no longer confined to using only regular expressions in rules).
    * Real-time Black List (RBL) support.
    * Completely re-written response buffering code. It is now more robust, consumes less memory, and able to put a limit on the response size.

    The new features are properly documented so you shouldn't have any problems trying them out. I will follow up on some of them here, to explain why I think they will change how you view ModSecurity.

    P.S. There is no support for Apache 1.x in this development release.
    * http://www.modsecurity.org/blog/arch...developme.html *

    Apache 1.x
    Code:
    wget http://www.web4host.net/tools/modsecurity2-apache1.sh
    chmod 755 modsecurity2-apache1.sh
    sh modsecurity2-apache1.sh

    Apache 2.x
    Code:
    wget http://www.web4host.net/tools/modsecurity2-apache2.sh
    chmod 755 modsecurity2-apache2.sh
    sh modsecurity2-apache2.sh

    edit httpd.conf
    Code:
    nano -w /etc/httpd/conf/httpd.conf
    find mod_security then past this after

    Code:
    <IfModule mod_security.c>
    # Only inspect dynamic requests
    # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
    #SecFilterEngine DynamicOnly
    
    SecFilterEngine On
    
    # Reject requests with status 500
    SecFilterDefaultAction "deny,log,status:500"
    
    # Some sane defaults
    SecFilterScanPOST On
    SecFilterCheckURLEncoding On
    SecFilterCheckCookieFormat On
    SecFilterCheckUnicodeEncoding Off
    SecFilterNormalizeCookies On
    # enable version 1 (RFC 2965) cookies
    SecFilterCookieFormat 1
    
    #SecServerResponseToken Off
    
    #If you want to scan the output, uncomment these
    #SecFilterScanOutput On
    #SecFilterOutputMimeTypes "(null) text/html text/plain"
    
    # Accept almost all byte values
    SecFilterForceByteRange 1 255
    
    # Server masking is optional
    #fake server banner - NOYB used - no one needs to know what we are using
    SecServerSignature "Power MOD by web4host.net"
    
    #SecUploadDir /tmp
    #SecUploadKeepFiles Off
    
    # Only record the interesting stuff
    SecAuditEngine RelevantOnly
    SecAuditLog logs/audit_log
    
    # You normally won't need debug logging
    SecFilterDebugLevel 0
    SecFilterDebugLog logs/modsec_debug_log
    
    #Additional rules for Apache 2.x ONLY!  Do not add this line if you use Apache 1.x
    #Include /etc/modsecurity/apache2-rules.conf
    
    #Use one rules - Remove # to active Rules
    # V1.0
    #Include /etc/modsecurity/mini1.conf
    # V2.0
    #Include /etc/modsecurity/mini2.conf
    # V3.0
    #Include /etc/modsecurity/mini3.conf
    # V4.0
    #Include /etc/modsecurity/mini4.conf
    # V5.0
    #Include /etc/modsecurity/mini5.conf
    # V6.0
    #Include /etc/modsecurity/mini.conf
    </IfModule>
    Search for ‘AddModule’ string, and make sure that AddModule mod_security.c

    Do a safe apache restart
    Code:
    /sbin/service httpd restart
    ******
    if you want update mini rules
    Code:
    wget http://www.web4host.net/tools/modsecurity-rule.sh
    chmod 755 modsecurity-rule.sh
    ./modsecurity-rule.sh

    If you use APF with big black list your server load gone higher then normal, use KISS and you will see stable & normal load
    All rules work normal no server load


    Wael

  5. #5
    Join Date
    Jan 2005
    Location
    Kingdom of Bahrain
    Posts
    76

  6. #6
    Join Date
    Jan 2005
    Location
    Kingdom of Bahrain
    Posts
    76

    Thumbs up

    Install K.I.S.S. My Firewall - Version 2.0
    Code:
    cd /usr/bin/
    wget http://www.web4host.net/tools/kiss
    chmod 755 kiss
    chown root:root kiss
    start kiss
    Code:
    /usr/bin/kiss start
    stop kiss
    Code:
    /usr/bin/kiss stop
    kiss status
    Code:
    /usr/bin/kiss status
    ready to use this port
    Code:
    TCP_IN="20 21 22 25 53 80 110 123 143 443 465 993 995 2082 2083 2086 2087 2095 2096 2222 3306 6277 8443 10000 11111 19638"
    TCP_OUT="20 21 22 25 37 43 53 80 113 443 3306 6277 11111"


  7. #7
    Join Date
    Jun 2006
    Location
    Midwest Chicago
    Posts
    132
    When i open httpd.conf and search for the word "mod_security" it doesnt find any results :/ Why is this?
    GottaDeal.com - Hot Deals, Coupon Codes and Deal Finder Service

  8. #8
    Join Date
    May 2006
    Posts
    244
    Quote Originally Posted by seeker2002
    Try again, work fine with me
    Doesn't work here either. Care to post the code of that script?

  9. #9
    Join Date
    Jan 2005
    Location
    Kingdom of Bahrain
    Posts
    76

  10. #10
    Join Date
    Jan 2002
    Location
    Miami / Brooklyn, NY
    Posts
    73
    it doesn't work cause the script expects you to have DirectAdmin installed

    Code:
    05:29:02 (292.64 KB/s) - `modsecurity-apache_1.9.4.tar.gz' saved [496805/496805]
    
    cp: cannot create regular file `/usr/local/directadmin/customapache/mod_security.c': No such file or directory
    ./modsecurity-apache1.sh: line 7: cd: /usr/local/directadmin/customapache/: No such file or directory
    ./modsecurity-apache1.sh: line 7: /usr/sbin/apxs: No such file or directory

  11. #11
    Join Date
    Apr 2004
    Location
    Singapore
    Posts
    620
    does this mini rules works?

  12. #12
    does this mini rules works?

  13. #13
    Join Date
    Oct 2010
    Posts
    95
    this post needs update

  14. #14
    Join Date
    Apr 2011
    Posts
    2
    not working the codes given plz update

  15. #15
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,643
    For CentOS 5.x, RHEL 5.x, and some Fedora the install is very simple.

    # cd /tmp
    # wget http://entomy.com/epel-release-5-4.noarch.rpm
    # rpm -ivh epel-release-5-4.noarch.rpm
    # yum install mod_security
    # /etc/rc.d/init.d/httpd restart


    Mod_security is now installed & running with the default configuration, which normally works fine. If you wish to modify the configuration for some reason, edit the following file.

    /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

    If you edit that file you will need to restart httpd again to apply changes.
    Last edited by ajonate; 04-29-2011 at 01:46 PM.

  16. #16
    Join Date
    May 2011
    Posts
    10
    Dead links? Can someone give me a new version please?

    -Hazz

  17. #17
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,643
    Quote Originally Posted by kinghazz View Post
    Dead links? Can someone give me a new version please?

    -Hazz
    Check the post just before yours. I posted the latest for Centos 5.x and RHEL 5.x. Should work fine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •