Mod_security

[shaz]

Hi,
I want to install mod_security in my webserver I am using apache2 which is installed with RPM. But the procedure to install mod_security is using source code. and the procedure for mod_security installation is

# cd /usr/local/src
# tar zxf mod_security-1.8.tar.gz
# cd mod_security-1.8/apache1
# /etc/httpd/bin/apxs -iac mod_security.c


6.2) Configuring mod_security
The following configuration is what I would use for a webserver. However, you can read the documentation and tweak mod_security to your needs. There are many things you can do with this module. One of the biggest advantages of mod_security is its ability to be configured differently per virtual host. In this case, you can have one general configuration that applies to all hosts and you could also add more directives on an insecure virtualhost, if necessary. Again, copy-paste the following into the end of httpd.conf:

<ifmodule mod_security.c>
SecFilterEngine On
SecFilterDefaultAction "deny,log,status:403"
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterForceByteRange 1 255
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit_log
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log
SecFilterSelective REQUEST_METHOD "!^GET$" chain
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecUploadDir /tmp
SecUploadKeepFiles Off
SecFilter "../"
SecFilter /etc/password
SecFilter /etc/group
SecFilter /etc/shadow
SecFilter /bin/ls
SecFilter "delete[:space:]+from"
SecFilter "insert[:space:]+into"
SecFilter "update[:space:]+set"
SecFilter "select.+from"
SecFilterSelective OUTPUT "Fatal error:" deny,status:500
</ifmodule>


Want to find out what each line does? Read mod_security documentation. To test mod_security, The above configuration was tested on a production server.

But, in my server there is no apxs file or command. Can any body help me in installation of this module?

[tashirosgt]

I went to www.pbone.net and looked for apxs. It is in the http-devel package. So you may be missing that. I use the options:
custom install, install everything
on my machines and I do have /usr/sbin/apxs

[tk]

don't waste your time with "mod_security" - it's pretty much useless and catches only the most amateuristic hacking attempts. Focus on hardening your server.

[shaz]

Well boobay, If not mod_security then what resources can I use to block all the hacking attempts. Can you please mention some of them.