Tuesday, November 13, 2012

How To Install Mod_Security On Apache(Ubuntu 12.10) Step By Step Tutorial For Beginners



ModSecurity is an opensource web application firewall. It is an Apache module that helps to provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing hardware infrastructure. The main engine of this application use regular expressions and set of rules to detect and block common web exploits.
High percentage of all web attacks happens in web application level, for example if you install a opensource application (like Phpnuke,phpbb, joomla &...) anytime soon might hackers find new vulnerability in that specific CMS and if you don't update your CMS on time your site might become victim of these hackers.By using Mod_Security it's possible to detect and block most of these common security attacks.

I had many problems as a beginner to install mod_security so after reading a lot of articles and documents and successfully implemented the mod_security decided to make this step by step tutorial for beginners.
All steps in this article are tested on a fresh install of Ubuntu desktop 12.04 and worked successfully.
_____________________________________________________________________

In this tutorial I'm going to teach you how to install mod_security on Apache web server and do a basic configuration to start it up and finally test it.

Requirements:
Ubuntu Desktop/Server ver: 12.04 or higher.

We assumed you don't have Apache installed. if you have Apache installed and configured skip to step 2.


1.Installing Apache,PHP


Press ctrl+alt+T to launch terminal and type in and run below commands:

sudo apt-get update

sudo apt-get install apache2

sudo apt-get install php5


sudo /etc/init.d/apache2 restart


now for testing, simply open the Firefox and type in http://localhost/ or http://127.0.0.1 .If you successfully installed the Apache you have to see a page similar to below:



2.Installing Mod Security on Apache

These commands will install dependencies:

sudo apt-get install libxml2 libxml2-dev libxml2-utils

sudo apt-get install libaprutil1 libaprutil1-dev


If you are using 64 bit Ubuntu run this command:
sudo ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2

This command will install mod security:
sudo apt-get install libapache-mod-security


3.Configuring ModSecurity Rules

In this section we just configure some basic default rules. For more information you can visit ModSecurity rule refrence.
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

now for configuring the modsecurity run the following command.
sudo gedit /etc/modsecurity/modsecurity.conf
Now find  SecRuleEngine  by searching in the file and change SecRuleEngine to On .
SecRuleEngine On



4.Install the latest OWASP Rule Set.


cd /tmp

sudo wget https://github.com/root25/MODSEC/raw/master/modsecurity-crs_2.2.5.tar.gz

sudo tar -zxvf modsecurity-crs_2.2.5.tar.gz

sudo cp -R modsecurity-crs_2.2.5/* /etc/modsecurity/

sudo rm modsecurity-crs_2.2.5.tar.gz

sudo rm -R modsecurity-crs_2.2.5

sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example  /etc/modsecurity/modsecurity_crs_10_setup.conf

Now we have to create symbolic links between base rules and activated rules directory. 

cd /etc/modsecurity/base_rules

for f in * ; do sudo ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done

cd /etc/modsecurity/optional_rules

for f in * ; do sudo ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done 

now we have to add this to apache mods:
sudo gedit /etc/apache2/mods-available/mod-security.conf

Add the following line before </IfModule> and save the file :
Include "/etc/modsecurity/activated_rules/*.conf"

Enable the headers module:
sudo a2enmod headers



5.Final Stages

Test if ModSecurity successfully enabled:

sudo a2enmod mod-security

Now restart the Apache to configuration take place :
sudo /etc/init.d/apache2 restart


6.Testing

For testing the Mod Security , simply open the firefox and enter http://localhost/?id=23' or '1'='1 in the address bar and press enter. This is a very basic SQL Injection attack , if you successfully configured your mod security you have to see this page "403 Forbidden". In the same time mod_Security also logged all details of this attack in the log file.







7.Checking the Log

For checking the mod_security log do the following steps:

cd /var/log/apache2/

sudo gedit modsec_audit.log

And this is a video of implementation of mod_security & reverse proxy project that i did.
Its also include the visualization of log of mod_security that i imported into MySQL and then draw some graphs from that data.

http://www.youtube.com/watch?v=o3-KDD7TSrA

My post about the same project but the reverse proxy configuration part:
http://www.root25.com/2012/12/how-to-impelement-reverse-proxy-with-modsecurity.html

My post about Light-MSLA (Mod Security Log Auditor) Project:
http://www.root25.com/2013/02/mod-security-log-auditor-application-in-PHP-free-analyse-draw-chart-from-modsecurity-log.html



Copyright Notice: This article is brought to you by root25.com . Feel free to use this article but please provide root25.com & Amir Sadeghian([email protected]) in your references list.Thank You.

17 comments:

  1. When you use a genuine service, you will be able to provide instructions, share materials and choose the formatting style. CCTV Sydney

    ReplyDelete
  2. I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. Home Security Systems

    ReplyDelete
  3. I came onto your blog while focusing just slightly submits. Nice strategy for next, I will be bookmarking at once seize your complete rises... http://www.barcodescanapp.com/

    ReplyDelete
  4. I haven’t any word to appreciate this post.....Really i am impressed from this post....the person who create this post it was a great human..thanks for shared this with us. etcher

    ReplyDelete
  5. That appears to be without doubt terrific. A good number of teeny facts are meant experiencing great deal of background abilities. I will be interested the thing a large amount. latest information

    ReplyDelete
  6. I’m excited to uncover this page. I need to to thank you for ones time for this particularly fantastic read !! I definitely really liked every part of it and i also have you saved to fav to look at new information in your site.
    vé máy bay đi bắc kinh trung quốc

    đặt vé máy bay đi quảng châu trung quốc

    vé máy bay rẻ nhất đi thượng hải

    bay từ việt nam sang anh mất bao lâu

    vé máy bay đi mỹ texas

    giá vé máy bay từ việt nam sang mỹ

    ReplyDelete
  7. I know your expertise on this. I must say we should have an online discussion on this. Writing only comments will close the discussion straight away! And will restrict the benefits from this information. Acusense CCTV

    ReplyDelete
  8. I have to convey my respect for your kindness for all those that require guidance on this one field. Your special commitment to passing the solution up and down has been incredibly functional and has continually empowered most people just like me to achieve their dreams. Your amazing insightful information entails much to me and especially to my peers.
    chuyến bay cuối cùng từ anh về việt nam

    vé máy bay từ pháp về việt nam giá rẻ

    Bảng giá vé máy bay Vietjet Air tu italia ve Viet Nam

    Ve may bay Bamboo tu ha lan ve Viet Nam

    Ve may bay Vietjet tu new zealand ve Viet Nam

    Tra ve may bay gia re tu Dubai ve Viet Nam

    ReplyDelete
  9. Fantastic!! you are doing good job! I impressed. Many bodies are follow to you and try to some new.. After read your comments I feel; Its very interesting and every guys sahre with you own works. Great!!
    rèm văn phòng

    mẫu bàn thờ phật đẹp

    tranh gạch 3d phong thủy

    tranh treo tường phòng ngủ

    giường tầng cho bé

    ReplyDelete
  10. Your deposited amount will seem in your account as soon as you complete your transaction. You’ll be redirected to the Deposit web page, the place you need to|you should|you have to} select a 카지노 사이트 cost technique and supply the main points} to initiate a deposit. Each and every participant is a participant within the Loyalty program. The VIP or Loyalty program permits players to accelerate their earnings by earning factors that may assist them to stage up through VIP levels, every with its own rewards.

    ReplyDelete

Social Networks Sharing