Mod_Evasive – mod_evasive is an evasive maneuvers module for Apache that provides evasive action in the event of an HTTP DoS attack or brute force attack. It is also designed to be a detection and network management tool and can be easily configured to talk to ipchains, firewalls, routers, and more.
Download the latest source file from http://www.zdziarski.com
cd /usr/local/src/
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -xvzf mod_evasive_1.10.1.tar.gz
cd mod_evasive/
We also have cPanel running on this box, so, to install, we run the following:
/usr/local/apache/bin/apxs -i -a -c mod_evasive20.c
Now, that will create an entry in the httpd.conf file, and, if we want to retain that after an upgrade/rebuild, we need to tell cPanel not to take it out! Do do this, we now run this:
/usr/local/cpanel/bin/apache_conf_distiller –update
Now, to change the settings for mod_evasive, we need to add them in some place. All we have done so far, is install the actually module into apache, and, even with a restart, it would not be using it. So, I like to add things into my includes files through either WHM, or, directly through the terminal. To do this, we run the following:
vim /usr/local/apache/conf/includes/post_virtualhost_2.conf
Once the file is open, lets add in the following lines to the bottom of the file:
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 3600
DOSEmailNotify root
Monday, February 11, 2013
Mod_Security –
Mod_Security – ModSecurity is an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure.
To install mod_security, go to WHM => EasyApache (or alternatively via CLI, run /scripts/easyapache). After you select your Apache and PHP versions, you’ll be brought to the Short Options page. Select mod_security from the list, then proceed with the build.
When the build is done, mod_security will be installed. The files are kept in the following location:
/usr/local/apache/conf/modsec2.user.conf
When hack attempts are identified by mod_security, they are logged in /usr/local/apache/logs/audit_log with the IP of the offender and what rule was violated. Visitors that trigger mod_security rules are greeted with a “406: Not Acceptable” error when doing so. However, mod_security does occasionally block legitimate website access attempts, specifically for software that happens to make calls consistent with a specific rule that mod_security is configured to block. Therefore, you may wish to either disable that rule, or disable mod_security for a specific domain or part of your website. Doing this is rather easy from command line.
First, open up your httpd.conf (/usr/local/apache/conf/httpd.conf) and locate your domain’s block. Under it you’ll see a line like this that is commented out:
# Include "/usr/local/apache/conf/userdata/std/2/$user/$domain/*.conf"
Uncomment this line, then create the folder indicated (note that $user is your username, and $domain is your domain name):
mkdir -p /usr/local/apache/conf/userdata/std/2/$user/$domain/
cd /usr/local/apache/conf/userdata/std/2/$user/$domain/
Create a file called modsec.conf, and insert this line:
SecRuleEngine Off
To apply, restart Apache
mod_security rules
http://www.webhostingtalk.com/showthread.php?t=1072701
To install mod_security, go to WHM => EasyApache (or alternatively via CLI, run /scripts/easyapache). After you select your Apache and PHP versions, you’ll be brought to the Short Options page. Select mod_security from the list, then proceed with the build.
When the build is done, mod_security will be installed. The files are kept in the following location:
/usr/local/apache/conf/modsec2.user.conf
When hack attempts are identified by mod_security, they are logged in /usr/local/apache/logs/audit_log with the IP of the offender and what rule was violated. Visitors that trigger mod_security rules are greeted with a “406: Not Acceptable” error when doing so. However, mod_security does occasionally block legitimate website access attempts, specifically for software that happens to make calls consistent with a specific rule that mod_security is configured to block. Therefore, you may wish to either disable that rule, or disable mod_security for a specific domain or part of your website. Doing this is rather easy from command line.
First, open up your httpd.conf (/usr/local/apache/conf/httpd.conf) and locate your domain’s block. Under it you’ll see a line like this that is commented out:
# Include "/usr/local/apache/conf/userdata/std/2/$user/$domain/*.conf"
Uncomment this line, then create the folder indicated (note that $user is your username, and $domain is your domain name):
mkdir -p /usr/local/apache/conf/userdata/std/2/$user/$domain/
cd /usr/local/apache/conf/userdata/std/2/$user/$domain/
Create a file called modsec.conf, and insert this line:
SecRuleEngine Off
To apply, restart Apache
mod_security rules
http://www.webhostingtalk.com/showthread.php?t=1072701
MultiTail – MultiTail is a program for monitoring multiple log files, in the fashion of the original tail program
MultiTail – MultiTail is a program for monitoring multiple log files, in the fashion of the original tail program
cd /usr/src/
wget http://www.vanheusden.com/multitail/multitail-5.2.12.tgz
tar zxvf multitail-5.2.12.tgz
cd multitail-*
yum install ncurses ncurses-devel -y
make install
multitail -i /etc/host.conf -i /etc/sysctl.conf
cd /usr/src/
wget http://www.vanheusden.com/multitail/multitail-5.2.12.tgz
tar zxvf multitail-5.2.12.tgz
cd multitail-*
yum install ncurses ncurses-devel -y
make install
multitail -i /etc/host.conf -i /etc/sysctl.conf
Subscribe to:
Posts (Atom)