Steps to install & Configure apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server

  • Install and configure Apache2 ModSecurity and mod_evasive modules on Ubuntu 12.04 LTS server.
  • Things have become much easier than before installing both these two excellent security modules for Apache2 in Ubuntu 12.04 LTS, as both modules are available in the standard Ubuntu 12.04 repositories.
  • This is only a starting point for getting mod_security and mod_evasive working. Refer to both projects documentation for the various configuration option available and configure your security settings as required.
Requirements:
  • Ubuntu 12.04 LTS server, or later installed on your machine.
  • Apache2 webserver setup and configured.

1.Install Mod-security on your server.

  • Install the dependencies. Open the Terminal Window and enter :
sudo apt-get install libxml2 libxml2-dev libxml2-utils
sudo apt-get install libaprutil1 libaprutil1-dev
  • 64bit users please note - Because of this bug you need to create a symbolic link to libxml2.so.2 or the installation will report the file missing and fail.
ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2
  • Now install ModSecurity
sudo apt-get install libapache-mod-security

2.Configure ModSecurity rules.

sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
  • The default folder for ModSecurity rules is /etc/modsecurity/ . All .conf files will be included and need to be configured as required.
  • We need to activate all the base rules and make sure they also get loaded.
  • You might want to edit the SecRequestBodyLimit option in the modsecurity.conf file.
  • SecRequestBodyLimit limits the page request size and limits file uploads to 128 KB by default. Change this to the size of files you would accept uploaded to the server.
  • This settings is very important as it limits the size of all files that can be uploaded to the server. For CMS sites using Drupal or Wordpress this setting is the source of much pain.
  • Open the Terminal Window and enter :
sudo vi /etc/modsecurity/modsecurity.conf
  • First activate the rules by editing the SecRuleEngine option and set to On.
SecRuleEngine On
  • Edit the following to option to increase the request limit to 16 MB and save the file :
SecRequestBodyLimit 16384000
SecRequestBodyInMemoryLimit 16384000

3. Download and install the latest OWASP Core Rule Set.

  • We need to download and install the latest OWASP ModSecurity Core Rule Set from the project website. Click here for more information.
  • We will also activate the default CRS config file modsecurity_crs_10_setup.conf.example
  • If you prefer not to use the latest rules, replace master below with the a specific version you would like to use e.g : v2.2.5
  • Open the Terminal Window and enter :
cd /tmp
sudo wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
sudo tar -zxvf SpiderLabs-owasp-modsecurity-crs.tar.gz
sudo cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/
sudo rm SpiderLabs-owasp-modsecurity-crs.tar.gz
sudo rm -R SpiderLabs-owasp-modsecurity-crs-*
sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
  • Now we create symbolic links to all activated base rules. Open a terminal window and enter :
cd /etc/modsecurity/base_rules
for f in * ; do sudo ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done
cd /etc/modsecurity/optional_rules
for f in * ; do sudo ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done
  • Now add these rules to Apache2. Open a terminal window and enter:
sudo vi /etc/apache2/mods-available/mod-security.conf
  • Add the following to towards the end of the file with other includes and save the file :
Include "/etc/modsecurity/activated_rules/*.conf"

4.Check if ModSecurity is enabled and restart Apache.

  • Before restarting Apache2 check if the modules has been loaded.
  • Open the Terminal Window and enter :
sudo a2enmod headers
sudo a2enmod mod-security
  • Then restart the Apache2 webserver :
sudo /etc/init.d apache2 restart
  • OR
service apache2 restart

5. Install ModEvasive.

  • Open the Terminal Window and enter :
sudo apt-get install libapache2-mod-evasive

6.Create log file directory for mod_evasive.

  • Open the Terminal Window and enter :
sudo mkdir /var/log/mod_evasive
  • Change the log folder permissions :
sudo chown www-data:www-data /var/log/mod_evasive/

7. Create mod-evasive.conf file and configure ModEvasive.

  • Open the Terminal Window and enter :
sudo vi /etc/apache2/mods-available/mod-evasive.conf
  • and add the following, changing the email value, and other options below as required :
<ifmodule mod_evasive20.c>
   DOSHashTableSize 3097
   DOSPageCount 2
   DOSSiteCount 50
   DOSPageInterval 1
   DOSSiteInterval 1
   DOSBlockingPeriod 10
   DOSLogDir /var/log/mod_evasive
   DOSEmailNotify EMAIL@DOMAIN.com
   DOSWhitelist 127.0.0.1
</ifmodule>

8. Fix mod-evasive email bug

  • Because of this bug mod-evasive does not send emails on Ubuntu 12.04.
  • A temporary workaround is to create symlink to the mail program.
  • Open the Terminal Window and enter :
sudo ln -s /etc/alternatives/mail /bin/mail/

9. Check if ModEvasive is enabled and restart Apache.

  • Before restarting Apache2 check if the module has been loaded.
  • Open the Terminal Window and enter :
sudo a2enmod mod-evasive
  • Then restart the Apache2 webserver :
sudo /etc/init.d/apache2 restart
  • OR

service apache2 restart

Comments

Post a Comment

Popular posts from this blog

Backup & Restore Database as SQL Dump by SqlYog

Image
Direct Connection using MySQL C API (Sqlyog) → Download SQLyog Community Edition from this url and install /run https://github.com/webyog/sqlyog-community/wiki/Downloads fter you have connected to an instance of MySQL, you can make additional connections by selecting the New Connection option from the File menu. Saved Connections Select the connection name from the list. To rename a saved connection, click on the Rename button and edit the connection name and click save option to save the changed connection name. Other details can also be changed by selecting the particular connection, changing the necessary values and then by clicking on save to save those values. MySQL Host Address Specify a host name where the database is situated or the IP address of the server. User Name Specify a user name for connecting to the database server. Note: This is MySQL username
Read more

Postfix can support per-domain outgoing IP addresses, but is not currently configured to do so

Sender Dependent Outgoing IP Address (Virtualmin) Introduction to Outgoing IPs By default, when your mail server sends out email the SMTP connection will come from the system's default IP address, typically that assigned to. eth0 Even if the email is from a domain that has its own private IP, that address will not be used when sending an email. This behavior can be changed on systems running Postfix version 2.7 and Virtualmin 3.94 or later so that outgoing email from a domain with a private IP address appears to come from that address. This can be useful for separating email from multiple domains as seen by other mail servers, or for setting up per-domain reverse DNS records. Initial Configuration This feature requires Postfix 2.7 (seen on most modern Linux distributions), Virtualmin 3.93 and ideally Webmin 1.600. The steps to set it up are as follows: SSH into the system as, root and edit the  /etc/postfix/main.cf  file. Look for a line starting with. sender_depe
Read more

Wanna-cry-ransomware

Do those following things in the windows system. 1.  Block port 138.139,445 with the firewall. 2. How to enable or disable SMB protocols on the SMB server:     Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008       To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.      Windows PowerShell 2.0 or a later version of PowerShell     To disable SMBv1 on the SMB server, run the following cmdlet:         Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force     To enable SMBv1 on the SMB server, run the following cmdlet:         Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force -: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8,
Read more