Feb 28, 2012

How to install ModSecurity 2.x on Ubuntu Server 10.04 LTS

"Hi, everybody.

Are you okay? I hope so :)

Are you happy? I hope so :) "

Today, I want to ask you a question. Do you believe that your web server is protected against attacks?

Oops, It's a big question for any system administrator. Just keep in mind that there is always new threats to our system. So we should already to prepare something to prevent, detect, patch and solve them. In case of web server environment, we should have an Web Application Firewall for that purpose.

Apache is one of the most popular web server product. In my production environment, we use Oracle HTTP Server 11g that based on Apache kernel. The community provide a mod for acting as a WAF for it. That mod is called ModSecurity. This mod stands between clients' browser and Apache kernel, so It can filter any harmful request before it reached to web server and be processed. Any detail about ModSecurity, you can find at http://www.modsecurity.org

In this post, I will note some steps for installing this module on Debian/Ubuntu system.

Firstly, we have to check some prerequisite libraries:

  • apxs

  • libxml2

  • mod_unique_id


Check for apxs
oracle@www:~$ whereis -b apxs
apxs:

If it is not exist, you have to install apache2-threaded-dev to provide that tool. After all, you will have something like this
oracle@www:~$ dpkg --get-selections | grep apache
apache2-threaded-dev install
apache2-utils install
apache2.2-bin install
apache2.2-common install

oracle@www:~$ dpkg --get-selections | grep libxml2
libxml2 install
libxml2-dev install

libxml2 is provided by libxml2-dev package, if it is not exist on your system, just install it manually. The module mod_unique_id is an Apache module that generates an unique id for each HTTP request, and it's usually packed with Apache.

Secondly, we will download latest ModSecurity 2.x from http://modsecurity.org and build it from source code.
wget http://nchc.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.3/modsecurity-apache_2.6.3.tar.gz
Unpack source codes from compressed file:
oracle@www:~$ ll | grep mod
-rw-r--r-- 1 oracle oinstall 780896 2011-12-23 18:21 modsecurity-apache_2.6.3.tar
.gz
oracle@www:~$ tar -xzf modsecurity-apache_2.6.3.tar.gz
oracle@www:~$ ll | grep mod
drwxr-xr-x 10 oracle oinstall 4096 2011-12-22 19:57 modsecurity-apache_2.6.3/
-rw-r--r-- 1 oracle oinstall 780896 2011-12-23 18:21 modsecurity-apache_2.6.3.ta
r.gz
oracle@www:~$ cd modsecurity-apache_2.6.3/
oracle@www:~/modsecurity-apache_2.6.3$ ll
total 728
-rw-r--r-- 1 oracle oinstall 40190 2011-12-22 19:56 aclocal.m4
drwxr-xr-x 2 oracle oinstall 4096 2011-12-22 19:56 alp2/
drwxr-xr-x 6 oracle oinstall 4096 2011-12-22 19:56 apache2/
-rw-r--r-- 1 oracle oinstall 381 2011-12-22 19:56 authors.txt
-rwxr-xr-x 1 oracle oinstall 303 2011-12-22 19:56 autogen.sh*
drwxr-xr-x 2 oracle oinstall 4096 2011-12-22 19:56 build/
-rw-r--r-- 1 oracle oinstall 34988 2011-12-22 19:56 CHANGES
-rwxr-xr-x 1 oracle oinstall 472793 2011-12-22 19:56 configure*
-rw-r--r-- 1 oracle oinstall 17115 2011-12-22 19:56 configure.ac
drwxr-xr-x 3 oracle oinstall 4096 2011-12-22 19:56 doc/
drwxr-xr-x 2 oracle oinstall 4096 2011-12-22 19:56 ext/
-rw-r--r-- 1 oracle oinstall 11357 2011-12-22 19:56 LICENSE
-rw-r--r-- 1 oracle oinstall 872 2011-12-22 19:56 Makefile.am
-rw-r--r-- 1 oracle oinstall 25422 2011-12-22 19:56 Makefile.in
drwxr-xr-x 2 oracle oinstall 4096 2011-12-22 19:56 mlogc/
-rw-r--r-- 1 oracle oinstall 7413 2011-12-22 19:56 modsecurity.conf-recommended
-rw-r--r-- 1 oracle oinstall 200 2011-12-22 19:56 NOTICE
-rw-r--r-- 1 oracle oinstall 591 2011-12-22 19:56 README.TXT
-rw-r--r-- 1 oracle oinstall 7741 2011-12-22 19:56 README_WINDOWS.TXT
-rw-r--r-- 1 oracle oinstall 40 2011-12-22 19:56 stamp-h1
drwxr-xr-x 6 oracle oinstall 4096 2011-12-22 19:56 tests/
drwxr-xr-x 2 oracle oinstall 4096 2011-12-22 19:56 tools/
-rw-r--r-- 1 oracle oinstall 53642 2011-12-22 19:56 unicode.mapping
oracle@www:~/modsecurity-apache_2.6.3$

Next step, we run configure script to create a Makefile
./configure
Maybe some libraries or tools are missing (eg. curl, lua, liblua, ...), just check output clearly to ensure that everything is okay.
make

After run make command, we will have got a shared objects file that named mod_securitys.so

oracle@www:~/modsecurity-apache_2.6.3$ pwd
/home/oracle/modsecurity-apache_2.6.3
oracle@www:~/modsecurity-apache_2.6.3$ ls -al apache2/.libs/
total 6492
drwxr-xr-x 2 oracle oinstall 4096 2012-02-28 16:19 .
drwxr-xr-x 8 oracle oinstall 4096 2012-02-28 16:38 ..
-rw-r--r-- 1 oracle oinstall 2633414 2012-02-28 16:19 mod_security2.a
lrwxrwxrwx 1 oracle oinstall 19 2012-02-28 16:19 mod_security2.la -> ../mod_security2.la
-rw-r--r-- 1 oracle oinstall 28040 2012-02-28 16:19 mod_security2_la-acmp.o
-rw-r--r-- 1 oracle oinstall 188128 2012-02-28 16:18 mod_security2_la-apache2_config.o
-rw-r--r-- 1 oracle oinstall 106936 2012-02-28 16:18 mod_security2_la-apache2_io.o
-rw-r--r-- 1 oracle oinstall 91416 2012-02-28 16:18 mod_security2_la-apache2_util.o
-rw-r--r-- 1 oracle oinstall 1168 2012-02-28 16:19 mod_security2.lai
-rw-r--r-- 1 oracle oinstall 134232 2012-02-28 16:18 mod_security2_la-mod_security2.o
-rw-r--r-- 1 oracle oinstall 97032 2012-02-28 16:19 mod_security2_la-modsecurity.o
-rw-r--r-- 1 oracle oinstall 102088 2012-02-28 16:19 mod_security2_la-msc_geo.o
-rw-r--r-- 1 oracle oinstall 75512 2012-02-28 16:19 mod_security2_la-msc_gsb.o
-rw-r--r-- 1 oracle oinstall 120080 2012-02-28 16:19 mod_security2_la-msc_logging.o
-rw-r--r-- 1 oracle oinstall 92320 2012-02-28 16:19 mod_security2_la-msc_lua.o
-rw-r--r-- 1 oracle oinstall 120992 2012-02-28 16:19 mod_security2_la-msc_multipart.o
-rw-r--r-- 1 oracle oinstall 84256 2012-02-28 16:19 mod_security2_la-msc_parsers.o
-rw-r--r-- 1 oracle oinstall 14656 2012-02-28 16:19 mod_security2_la-msc_pcre.o
-rw-r--r-- 1 oracle oinstall 5264 2012-02-28 16:19 mod_security2_la-msc_release.o
-rw-r--r-- 1 oracle oinstall 104696 2012-02-28 16:19 mod_security2_la-msc_reqbody.o
-rw-r--r-- 1 oracle oinstall 77192 2012-02-28 16:19 mod_security2_la-msc_unicode.o
-rw-r--r-- 1 oracle oinstall 138536 2012-02-28 16:19 mod_security2_la-msc_util.o
-rw-r--r-- 1 oracle oinstall 74000 2012-02-28 16:19 mod_security2_la-msc_xml.o
-rw-r--r-- 1 oracle oinstall 102040 2012-02-28 16:19 mod_security2_la-persist_dbm.o
-rw-r--r-- 1 oracle oinstall 176344 2012-02-28 16:18 mod_security2_la-re_actions.o
-rw-r--r-- 1 oracle oinstall 183784 2012-02-28 16:18 mod_security2_la-re.o
-rw-r--r-- 1 oracle oinstall 231384 2012-02-28 16:18 mod_security2_la-re_operators.o
-rw-r--r-- 1 oracle oinstall 57808 2012-02-28 16:19 mod_security2_la-re_tfns.o
-rw-r--r-- 1 oracle oinstall 260280 2012-02-28 16:19 mod_security2_la-re_variables.o
-rwxr-xr-x 1 oracle oinstall 1288283 2012-02-28 16:19 mod_security2.so
oracle@www:~/modsecurity-apache_2.6.3$


Copy mod_security2.so to directory that contains libraries of Apache modules and configure Apache to load this mod. Done!

On next post, I will show some basic configuration with ModSecurity
Được đăng bởi / Posted by vào lúc / on
Nhãn / Labels: , , , , , , , , , ,

2 comments:

  1. everN00BMarch 11, 2012 at 12:52 AM

    This tutorial is great :) Everything works perfectly when following your instructions. Any idea when the second half will be out? Once mo_security.so is created, you add it to enabled_modules folder...or? And how to configure Apache to load the mod?

    ReplyDelete
  2. DoubtManMarch 11, 2012 at 6:01 AM

    Sorry, I will publish the second part of this tutorial asap, It is on my draft folder. I hope you find something useful for yourself :)

    Regards
    DoubtMan

    ReplyDelete

Subscribe to: Post Comments (Atom)