Results 1 to 12 of 12
  1. #1

    mod_security question

    Im using a vps with centos 5 and cpanel/whm with apache 2.2.
    Im tring to figure out how to use the gotroot rules with mod_security. I had enabled mod_security with easy apache. I tried to follow some other post had I found around on other forums with no luck really, with that said I am a linux noob. I had tried to follow the wiki on atomic sites <-- not enof post so I cant do links sorry, but I found it hard to under stand cause I dont have a modsecurity.config file that I can find, also I cant find AddModule mod_security.c in my httpd.config, but I did find this line, Include "/usr/local/apache/conf/modsec2.conf". My thing is im looking for a complete noob guide on how to use gotroot rules with mod_security enabled through easy apache, or would it be easyer to manully install mod_security?

  2. #2
    Join Date
    Aug 2004
    Location
    Indonesia
    Posts
    31
    this url may help you configure it http://www.atomicorp.com/wiki/index....Security_Rules

  3. #3
    Ya thats the wiki page I said I didnt understand.

  4. #4
    Join Date
    Mar 2009
    Location
    Chicago, IL
    Posts
    219
    Instead of the aforementioned file in the wiki, you're looking for /usr/local/apache/conf/modsec2.user.conf (i believe) That's where you'll place your include statements.

    You'll also need to create the directory in /etc/ that the mention as wel..

  5. #5
    The file at that location seems to be a set of cpanels modsec rules. Now the modsec2.config in that location looks like this

    LoadModule security2_module modules/mod_security2.so
    <IfModule mod_security2.c>
    SecRuleEngine On
    # See modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf
    # "Add the rules that will do exactly the same as the directives"
    # SecFilterCheckURLEncoding On
    # SecFilterForceByteRange 0 255
    SecAuditEngine RelevantOnly
    SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug_log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406"
    SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow
    Include "/usr/local/apache/conf/modsec2.user.conf"
    </IfModule>

    should I remove the one include in there and do some includes for gotroot rules like /etc/httpd/modsecurity.d/blabla.config or what ever the rule files i choose?

  6. #6
    Join Date
    Aug 2004
    Location
    Indonesia
    Posts
    31
    if you are running cpanel your config file will be in /usr/local/apache and it symlink to /etc/

    so all you need to do just create
    #mkdir -p /etc/httpd/modsecurity.d

    And you will want to add these lines to your modsecurity.conf file:
    Find you modsecurity.conf or modsec2.user.conf

    #find / -name modsec*

    #vi modsecurity.conf
    Include /etc/httpd/modsecurity.d/*asl*.conf

    And then copy the ASL rules into /etc/httpd/modsecurity.d and finally make sure you have these defined in your modsecurity.conf file:

    (If you already have these set, you can leave them alone, they just need to be set for 2.5, here are some examples we use

    SecDataDir /var/asl/data/msa
    SecTmpDir /tmp
    SecAuditLogStorageDir /var/asl/data/audit

    And last but not least, if you use this file:

    05_asl_scanner.conf

    Make sure you have clamd installed. This forces all uploads to go thru clamav to look for malware, viruses, etc. If you dont need that, then you can leave this config file out.

    Hope this clear enough

  7. #7
    Join Date
    Aug 2004
    Location
    Indonesia
    Posts
    31
    Here is the example :
    LoadModule security2_module modules/mod_security2.so
    <IfModule mod_security2.c>
    SecRuleEngine On
    # See modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf
    # "Add the rules that will do exactly the same as the directives"
    # SecFilterCheckURLEncoding On
    # SecFilterForceByteRange 0 255
    SecAuditEngine RelevantOnly
    SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug_log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406"
    SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow
    #####
    Include "/etc/httpd/modsecurity.d/*asl*.conf"
    SecDataDir /var/asl/data/msa
    SecTmpDir /tmp
    SecAuditLogStorageDir /var/asl/data/audit
    #####
    Include "/usr/local/apache/conf/modsec2.user.conf"
    </IfModule>

  8. #8
    Thanks for the help that seemed to work now I guess time to wing out the errors keep getting this when i run the test.

    Syntax error on line 30 of /etc/httpd/modsecurity.d/00_asl_rbl.conf:
    Error creating rule: Could not open phrase file "/etc/asl/whitelist": No such file or directory
    Last edited by shamus252; 07-02-2009 at 02:51 AM.

  9. #9
    Join Date
    Jul 2009
    Location
    SLASH ROOT
    Posts
    26
    It looks like the file "/etc/asl/whitelist" is missing. Check this first, it would have been included in the configuration file.

    If this is the case, then you can either remove/comment the include line, or simply touch the missing file.
    --------------
    touch /etc/asl/whitelist
    --------------

    Hope this helps.

    ---------------------------
    Systems Engineer
    WHRSS
    We grow by helping you grow.

  10. #10
    Join Date
    Feb 2008
    Location
    Jakarta
    Posts
    153
    You are using WHM/Cpanel, you can adjust the config file through WHM, inside the side bar (Plugins Group), click Mod Security, And click Edit Config, Paste the rule you get from gotroot into the box and click save configuration.
    Magnet Hosting | Layanan Hosting dan Server Indonesia
    http://www.magnet-id.com Indonesian Data Center, Peering with IIX and openIXP

  11. #11
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Quote Originally Posted by shamus252 View Post
    Im using a vps with centos 5 and cpanel/whm with apache 2.2.
    Im tring to figure out how to use the gotroot rules with mod_security.
    Go to WHM --> Plugins. You can see mod_security there and install it from there. Now the modsec_conf will be inside the directory /usr/locsl/apache/conf. You can edit the file and add your custom rules. Make sure the rules are compatible with the mod_sec version you have installed.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  12. #12
    Thanks for the help guys, got it all set up and working now.

Similar Threads

  1. Mod_security request and question
    By cannibal in forum Hosting Security and Technology
    Replies: 1
    Last Post: 08-30-2008, 07:30 AM
  2. mod_security question
    By GazCBG in forum Hosting Security and Technology
    Replies: 2
    Last Post: 07-27-2008, 05:43 PM
  3. mod_security rule question
    By ataylor in forum Hosting Security and Technology
    Replies: 4
    Last Post: 05-21-2008, 09:04 AM
  4. Question about mod_security
    By erick_pap in forum Hosting Security and Technology
    Replies: 8
    Last Post: 01-28-2008, 07:38 AM
  5. mod_security rule question.
    By Linuxer in forum Hosting Security and Technology
    Replies: 6
    Last Post: 11-30-2005, 04:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •