14
Responses
Comments
Trackbacks/Pingbacks
-
[…] To: Install mod_security How To: Install mod_security takes you through the installation of mod_security, the web application firewall for Apache. […]
-
[…] [Entrada traducida. Original.] […]
Translate This Page
About the Author
- Mark Ghosh
An avid fan of business, education, technology and finance. I lead a lean, highly focussed and capable team of Java Back End developers and Front End developers through a maze of complex software wizardry to fulfill the web maintenance needs of a large chemical manufacturer. As per Myers-Briggs Personality Types, I am an ESTJ. I pride in a project completed on time and according to plan. My hobbies include all kinds of technology, anything that I can taste and anything that goes fast or flies in the air. I like to read business books and comics in my spare time.
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
Ubuntu (6.06.1) has mod_security 1.8.7. This doesn’t appear to support the ‘fun rules’ you linked to at gotroot.com.
Hey, thanks for the tutorial Mark. I got my host to do the dirty work
but it sure helps to know how to do it manually.
Thank you for the nice reading, i remember the old days with FreeBSD and the huge time it required to fulfill all those dependency needs to get a new mod_something installed.. Now Fedora makes it much easier.. Whoora
2 things, for freebsd updating or adding something properly in ports is amazingly simple
(cd to port directory, make install clean!)
for example
# cd /usr/ports/www/mod_security
# make install clean
And you are done. Stuff that isn’t included in ports can surely be a huge pain in the butt, (and i’ve been using freebsd since 3.x), but even given that I find *overall* freebsd much simpler to use than rpm’s. Debian is a whole different matter, its pretty well thought out.
One comment – it is important to mention that ModSecurity 2.X has a different Rules Language. One specific example – SecFilter and SecFilterSelective are now replaced with just SecRule (which has the same syntax as SecFilterSelective). This, however, means that you can not just “plug-n-play” previous rules. Some of the rules that you are referencing are for the older 1.X branch.
FYI – the 2.1.0 version now comes bundled with the Core Rules (http://www.modsecurity.org/pro.....index.html) which provide great protection for a wide variety of attacks.
I hope this info helps.
—
Ryan C. Barnett
ModSecurity Community Manager
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
Ah, cool, does that mean I can plug-and-play a newer rule set in an older version just by renaming all occurrences of ‘SecRule’ with ‘SecFilterSelective’?
How about this for an answer – maybe… You most likely could back port SecRule rules to SecFilterSelective, however there are other variables that may affect them. There are new processing phases (request headers, request body, response headers, response body and logging) where you need to specify which phase the rule will run.
I will actually be creating a Migration from 1.X to 2.0 soon that will be posted on the ModSecurity website that will explain all of the differences between the two versions and provide tips for the migration process.
In the mean time, if you are contemplating migrating and aren’t sure exactly “why” you should upgrade, check out some of the docs on the http://www.modsecurity.org site. This link is for an interview that Ivan did for SecurityFocus on ModSecurity 2.0 and the new features – http://www.securityfocus.com/columnists/418. Also, I have some archived Webcast data under the training page that highlights Mod 2.0 – http://www.modsecurity.org/training/index.html.
Finally, I am hosting a live Webcast tomorrow called “Cool Rules” which will highlight some really interesting Mod rules that tackle complex web security issues such as –
– Inspecting Basic Auth Credentials
– Monitoring Form-based Authentication Failures
– Defending Web Services
– Proxy Failover Assistance
– Overview of Remo Tool (Rule Editor for ModSecurity)
If you are interested, you can get the Webcast registration info on the Mod training page (link above).
Cheers,
–
Ryan C. Barnett
ModSecurity Community Manager
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
Yeah, I noticed REQUEST_BODY breaks when used in 1.8. I’m not interested in upgrading to ModSecurity 2.0 though, because 1.8 is supported by my distribution (Ubuntu) with security updates.
Besides, I can’t seem to find ModSecurity 2.0 packaged for Ubuntu, anyway.
It’s a shame the modsecurity.org site didn’t archive the 1.8 documentation. I’m feeling around blind here.
I strongly recommend that everyone puts mod_security in “detection only” mode for a week or two after installation, and for a day or so after any ruleset change — to work out all the false positives.
Need a little help. I am having trouble installing modsecurity 2.1.1 on my Debian machine. I installed using /usr/local/modsecurity/modsecurity-apache_2.1.1/apache2 apxs2 -n modsecurity -cia modsecurity.c which placed the modsecurity.so module in /etc/apache2/httpd.conf I placed the core ruleset in /etc/apache2/modsecurity But, when I try to start apache2 I get two syntax errors, one in apache2.conf which indicates: syntax errror on line 126 of /etc/apache2/apache2.conf: syntax error on line 6 of /etc/apache2/httpd.conf: Cannnot load /usr/lib/apache2/modules/modsecurity.so into server. /usr/lib/apache2/modules/modsecurity.so: undefined symbol msre_format_metadata
I had a previous install of modsecurity functioning but it became non-functional after I upgraded to etch and 2.6 kernel
Would like to get modsecurity functional again, hope someone can help. Thanks in advance
Got it.
I wish that debianuser would have explained what he did to get it working.