How to Install mod_security with Apache on CentOS/RHEL 7/6

Updated on November 7, 2017 by
Security , , , , ,

Mod_Security is a Web Application Firewall that executes as a Module on your Web Server and provides protection against various attacks to our web applications. It monitors HTTP traffic and performs real-time analysis. It’s a product developed by Breach Security and is available a free software under the GNU License. It is Available for Apache, Nginx and IIS.

Mod_Security can be deployed and integrated with our current Web Servers infrastructure, meaning that we do not have to modify our internal Network, we don’t add any point of failure, we can benefit from load balancing and scalability and we would not have any issues with compress or encrypted Data. Mod_Security is a valuable security tool and have proven to be effective. If we want to protect our web applications this is a tool the deserves your attention.

Step 1 – Enable EPEL Repository

Firstly add the EPEL rpm repository in your system using the following command.

### For RHEL/CentOS 7 
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm

### For RHEL/CentOS 6 
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Step 2 – Install Mod_Security and Predefined Rules

Let’s install mod_security Apache modules with predefined rules of mod_security.

yum install mod_security mod_security_crs

Step 3 – Activate mod_security Module

Edit ModSecurity configuration file /etc/httpd/conf.d/mod_security.conf and look for the SecRuleEngine Directive on the File and configured with the Desired Value.

      On – Rules are activated
      Off – Rules are Deactivated
      DetectionOnly – Only Intercepts and logs Transactions

Since we want to Intercept and Block Attacks we configure it with On.

 SecRuleEngine on

Step 4 – Restart Apache and Check

After completing all the configuration, restart Apache service on your system.

service httpd restart

To confirm that our web application firewall is working we should see something like this in our Apache error logs.

tail /var/log/httpd/error_log

[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity for Apache/2.7.3 (http://www.modsecurity.org/) configured.
[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity: APR compiled version=”1.3.9″; loaded version=”1.3.9″
[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity: PCRE compiled version=”7.8 “; loaded version=”7.8 2008-09-05″
[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity: LUA compiled version=”Lua 5.1″
[Sat Mar15 16 09:20:58 2014] [notice] ModSecurity: LIBXML compiled version=”2.7.6″

Important files to Remember

  • Mod Security Config File – /etc/httpd/conf.d/mod_security.conf
  • Debug Log – /var/log/httpd/modsec_debug.log
  • Audit log – /var/log/httpd/modsec_audit.log
  • Rules – /etc/httpd/modsecurity.d/activated_rules

References:
https://www.modsecurity.org/
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual

jason.soto

Related Posts

2 Comments

  1. Liew CheonFong Reply to Liew
    April 11, 2016 at 4:09 pm

    Thanks for the simple & straight forward tutorial!

  2. bystefu Reply to bystefu
    May 30, 2015 at 5:42 am

    Loaded plugins: fastestmirror, security
    Setting up Install Process
    Loading mirror speeds from cached hostfile
    epel/metalink | 20 kB 00:00
    * epel: fedora.mirrors.telekom.ro
    base | 3.7 kB 00:00
    dag | 1.9 kB 00:00
    epel | 4.4 kB 00:00
    epel/primary_db | 6.6 MB 00:01
    extras | 3.4 kB 00:00
    updates | 3.4 kB 00:00
    No package mod_security available.
    No package mod_security_crs available.
    Error: Nothing to do

    What can i do?

Leave a Reply

All rights reserved. © 2013-2018 TecAdmin.net. This site uses cookies. By using this website you agree our term and services