Mod-security installation on RHEL/Centos
How do I install Mod_Security on RHEL_Centos – an open source intrusion detection and prevention engine for web applications under CentOS / RHEL / Red Hat Enterprise Linux 5.x 6.x server?
In order to use mod_security, you need to turn on EPEL repo under CentOS / RHEL Linux. Once repo is turned on, type the following command to install ModSecurity:
#yum install mod_security .
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.anl.gov
* epel: mirror.nexcess.net
* extras: ftpmirror.your.org
* updates: mirror.cisp.com
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package mod_security.noarch 0:2.7.3.el6 will be installed
–> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================
Installing:
mod_security noarch 2.7.3.el6 epel 92 k
Transaction Summary
======================================================================================================================================
Install 1 Package(s)
Total download size: 92 k
Installed size: 365 k
Then run yum install mod_security_crs to install mod_security and his CRS
yum install mod_security_crs
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.anl.gov
* epel: mirror.nexcess.net
* extras: ftpmirror.your.org
* updates: mirror.cisp.com
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package mod_security_crs.noarch 0:2.2.6-3.el6 will be installed
–> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================
Installing:
mod_security_crs noarch 2.2.6-3.el6 epel 92 k
Transaction Summary
======================================================================================================================================
Install 1 Package(s)
Total download size: 92 k
Installed size: 365 k
Now that you have installed mod_security and CRS, you should open the configuration file and make sure “SecRuleEngine” is set to “On”, you can do that by running “pico /etc/httpd/conf.d/mod_security.conf”
If everything is ok, you should restart Apache to make sure everything works as expected:
Run “service httpd restart”
Congratulations! You installed mod_security and you can sleep well knowing your server is blocking hacking attempts!
You can check if mod_security is working by going to your website and do something like this:
http://domain.com/index.php?test=’
mod_security configuration files
/etc/httpd/conf.d/mod_security.conf – main configuration file for the mod_security Apache module.
/etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.
/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf – Configuration contained in this file should be customized for your specific requirements before deployment.
/var/log/httpd/modsec_debug.log – Use debug messages for debugging mod_security rules and other problems.
/var/log/httpd/modsec_audit.log – All requests that trigger a ModSecurity events (as detected) or a serer error are logged (“RelevantOnly”) are logged into this file.