## For RHEL/CentOS 6.2/6.1/6/5.8 ##
Installing needed Modules
yum install gcc make
yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel\
Installing the Mod-Security
## For RHEL/CentOS 6.2/6.1/6/5.8 ##
cd /usr/src
wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz
tar xzf modsecurity-apache_2.6.6.tar.gz
cd modsecurity-apache_2.6.6
./configure
make install
cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
Adding the Mod-security Module to the Apache
# vi /etc/httpd/conf/httpd.conf
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
[root@54 modsecurity-apache_2.6.6]# httpd -t -D DUMP_MODULES |grep sec
security2_module (shared)
Syntax OK
[root@54 modsecurity-apache_2.6.6]#
<IfModule security2_module>
Include conf.d/modsecurity.conf
</IfModule>
Adding new Mod-Security Rules ..
OWASP core rule set
wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/a
aeaa1124e8efc39eeb064fb47cfc0aa/modsecurity-crs_2.2.5.tar.gz
tar zxvf modsecurity-crs_2.2.5.tar.gz
mv modsecurity-crs_2.2.5 modsecurity-crs
mv modsecurity-crs /etc/httpd/conf.d/
Adding the rules to httpd
<IfModule security2_module>
Include conf.d/modsecurity.conf
Include conf.d/modsecurity-crs/activated_rules/*.conf
Include conf.d/modsecurity-crs/base_rules/*.conf
Include conf.d/modsecurity-crs/optional_rules/*.conf
Include conf.d/modsecurity-crs/slr_rules/*.conf
</IfModule>
More rules are available at
sudo wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
Now the Mod Security is in the detect mode . once we are set we need to move it to on mode
[root@54 conf]# cat /etc/httpd/conf.d/modsecurity.conf |grep SecRuleEngine -i
SecRuleEngine DetectionOnly
# when SecRuleEngine is set to DetectionOnly mode in order to minimize
[root@54 conf]#
Change to
SecRuleEngine on