Install and Configure mod_security and mod_evasive

0

In one of our article (Web Server Security (Apache or HTTPD) Part 2) we mentioned about two important modules which help us protect our web server. Here we learned that these two modules help to protect our server from brute force and DDOS attack. It also helps us to protect our server from several other attacks like deface attack (sql injection), cross site scripting and many more.

As these two modules helps us to mitigate these kind of attacks and make our server more secure so we would discuss how to secure our website using this two modules.

First of all we need to learn how we will install these two modules. Before installing we should make sure that our server is updated properly. If not then run the following command to update the server.

#yum update –y

Once the whole update is done then we have to install a whole repository so that we can install those two modules.

# rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

Now let’s install both the modules into our server.  To do so, we need to run the below command.

#yum –enablerepo=epel install mod_security mod_evasive

Now run the below commands to check if both of them are installed properly.

# httpd -M | grep evasive; httpd -M | grep security

We will get two outputs from the above commands which are like below output.

evasive20_module (shared)

security2_module (shared)

So after above these two checks we need to configure both the modules and integrate them with apache web server.

Now we have to download and store the core rule set in a suitable place and let those modules connect to the core rule set directory. To do so let’s create a directory to store the core rule set.

# mkdir /etc/httpd/corerules

Now let’s download the core rule set using below command.

# wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master

Now we have to uncompressed the file.

#tar -xvf master

From there we need to copy a directory to our targeted directory.

# mv –R SpiderLabs-owasp-modsecurity-crs-*/* /etc/httpd/corerules/

Then we will find a file named modsecurity_crs_10_setup.conf.example. we have to move this file into modsecurity_crs_10_setup.conf file. So run the below command.

# mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

Once this part is done we need to work on apache configuration and make sure everything is working properly. For that we have to open the configuration file and add few lines in there to make this work.

#vim /etc/httpd/conf/httpd.conf

Add the following lines in this file.

<IfModule security2_module>

Include /etc/httpd/crs/modsecurity_crs_10_setup.conf

Include /etc/httpd/crs/base_rules/*.conf

</IfModule>

Now restart the apache server.

#systemctl restart httpd.service

Now let’s check the modules are included properly and the configurations of those files are okay.

No go to the conf.d directory and find if these two modules have two files accordingly.

#cd /etc/httpd/conf.d/

#ls –l

We will see two names like below

mod_security.conf

mod_evasive.conf

Now read these two files and we will find the same lines on both the files. Those lines are given below.

LoadModule evasive20_module modules/mod_evasive24.so

LoadModule security2_module modules/mod_security2.so

Once this check is done then we need to configure both security and evasive files.

This is the last touch to configure both the modules.

So let’s open the file inside the conf.d directory.

#vim /etc/httpd/conf.d/mod_security.conf

Add the below lines and save the file.

<IfModule mod_security2.c>

SecRuleEngine On

SecRequestBodyAccess On

SecResponseBodyAccess On

SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream

SecDataDir /tmp

</IfModule>

Now exit the file and restart apache server.

#systemctl restart httpd.service

Now open the mod_evasive.conf file and let’s edit this file to our desired configuration.

# vim /etc/httpd/conf.d/mod_evasive.conf

Now add the following lines in this file and save this file.

<IfModule mod_evasive20.c>

DOSHashTableSize    3097

DOSPageCount        2

DOSSiteCount        50

DOSPageInterval     1

DOSSiteInterval     1

DOSBlockingPeriod   10

DOSEmailNotify   (your email address)

</IfModule>

Once this is done we have to exit the file and restart apache server.

#systemctl restart httpd.service

The whole process ends here. On our next article we will discuss about more security aspects.

 

Leave A Reply

Your email address will not be published.