Fosiul.com

1.Download the EPEL repo :

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

2.Then type the following command :

yum install mod_security

Note : Mod_security require liblua-5.1.so, If you don’t have this , it will throw an error while installing by yum.


--> Processing Dependency: liblua-5.1.so for package: mod_security
--> Finished Dependency Resolution
mod_security-2.5.9-1.el5.i386 from epel has depsolving problems
--> Missing Dependency: liblua-5.1.so is needed by package mod_security-2.5.9- 1.el5.i386 (epel)
Error: Missing Dependency: liblua-5.1.so is needed by package mod_security-2.5.9 -1.el5.i386 (epel)

Solution: You can download the rpm from this website

http://rpm.pbone.net/index.php3/stat/4/idpl/12580541/com/lua-5.1.4-1.i386.rpm.html

If your server complain you have installed already newer version then you can reinstall the installed version by using

-bash-3.2# rpm -qa | grep lua
lua-5.1.4-1.el5.rf
-bash-3.2# rpm -e lua-5.1.4-1.el5.rf
-bash-3.2# rpm -Uvh lua-5.1.4-1.i386.rpm
Preparing… ########################################### [100%]
1:lua ########################################### [100%]

Now type

-bash-3.2# updatedb

-bash-3.2# locate liblua-5.1.so
/usr/lib/liblua-5.1.so

So it shows that your server has the required file for it to install mod_security

Now run

yum install mod_security

It should installed now
mod_security configuration files

1. /etc/httpd/conf.d/mod_security.conf – main configuration file for the mod_security Apache module.
2. /etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.
3. /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf – Configuration contained in this file should be customized for your specific requirements before deployment.
4. /var/log/httpd/modsec_debug.log – Use debug messages for debugging mod_security rules and other problems.
5. /var/log/httpd/modsec_audit.log – All requests that trigger a ModSecurity events (as detected) or a serer error are logged (“RelevantOnly”) are logged into this file.

After installing mod_security , Edit modsecurity_crs_10_config.conf file and make sure

bellow line is enabled.

SecRuleEngine On

Now restart the httpd server by

service httpd restart

Check the /var/log/httpd/error_log for this lines

[Fri Aug 28 10:48:24 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.mod security.org/) configured.

Note : I have tested this on Centos5 (2.6.18-128.1.14.el5xen).

Ref:http://www.cyberciti.biz/faq/rhel-fedora-centos-httpd-mod_security-configuration/

Ref:http://www.modsecurity.org/documentation/

This entry was posted on Friday, August 28th, 2009 at 11:11 am and is filed under Apache, Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.