Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Advertise Linux Services About Archives Contact Us

Home Linux Distros Interview Questions Shell Scripting Free Linux eBooks Linux Commands
Powered by

Translate

Did You Know?

We are pleased to announce the Launch of our New Section "TecMint Ask"

Ask a Question

Protect Apache using Mod_Security and Mod_evasive on RHEL/CentOS & Fedora

By Ravi Saive Under: Apache, CentOS, Fedora, Linux Distros, RedHat On: June 27, 2012 Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators This is our first series on Apache security, in this article we will guide youll how to install and configure Mod_Security and Mod_evasive modules for Apache on RHEL 6.2/6.1/6/5.8, CentOS 6.2/6.1/6/5.8 and Fedora 17,16,15,14,13,12 systems using source code. These two great security modules protect Apache server from brute force attacks and DOS attacks. Before, moving for further installation guide, we would like to provide you a little description on these tow modules.

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Install mod_security and mod_evasive

What is Mod_Security?
Mod_Security is an open source web application firewall (WAF) and intrusion detection and prevention system for web applications. It is used to protect and monitor real time HTTP traffic and web applications from brute fore attacks.

What is Mod_Evasive?
Mod_Evasive is an open source evasive maneuvers system for Apache server to provide evasive action in the event of an HTTP brute force, Dos or DDos attack. It was designed to use as a network traffic detection and network management tool and can be easily configured and integrated into firewalls, ipchains, routers etc. Presently, it sends abuses reports via email and syslog facilites.

Install Mod_Security and Mod_evasive on RHEL 6.2/6.1/6/5.8, CentOS 6.2/6.1/6/5.8 and Fedora 17,16,15,14,13,12

How to Install Mod_Security on RHEL/CentOS & Fedora

You must have LAMP setup installed and configured in your system before installing mod_security. Step 1: Installing Dependencies for mod_security Firstly, we required to install some dependency packages for mod_security. Run the following commands on your selected OS.
## For RHEL/CentOS 6.2/6.1/6/5.8 ## # yum install gcc make # yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel ## For Fedora 17,16,15,14,13,12 ## # yum install gcc make # yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

Step 2: Installing Mod_Security As I said above that we use source code to install mod_security. Run the following commands as root.
## For RHEL/CentOS 6.2/6.1/6/5.8 ## # cd /usr/src # wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz # tar xzf modsecurity-apache_2.6.6.tar.gz # cd modsecurity-apache_2.6.6 # ./configure # make install # cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf ## For Fedora 17,16,15,14,13,12 ## # cd /usr/src # wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz # tar xzf modsecurity-apache_2.6.6.tar.gz # cd modsecurity-apache_2.6.6 # ./configure # make install # cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

Step 3: Downloading OWASP Mod_Security Core Rule Set

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration, these rules are used to protect from unknown vulnerabilities which often found on web applications. So, here we are going to download and install rule set for mod_security. Run the following commands.

## For RHEL/CentOS 6.2/6.1/6/5.8 ## # cd /etc/httpd/ # wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/aae # tar xzf modsecurity-crs_2.2.5.tar.gz # mv modsecurity-crs_2.2.5 modsecurity-crs # cd modsecurity-crs # cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

## For Fedora 17,16,15,14,13,12 ## # cd /etc/httpd/ # wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/aae # tar xzf modsecurity-crs_2.2.5.tar.gz # mv modsecurity-crs_2.2.5 modsecurity-crs # cd modsecurity-crs # cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Step 4: Configuring Mod_Security Now, you need to modify your Apache configuration file to load the mod_security module.
# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and add this below line at the bottom.
LoadModule security2_module modules/mod_security2.so

Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file.
<IfModule security2_module> Include conf.d/modsecurity.conf </IfModule>

Next, restart the Apache service to enable mod_security module and their rules.
# /etc/init.d/httpd restart

For more information on this topic visit the following links for your reference. ModSecurity Home Page OWASP ModSecurity Core Rule Set The above installation is tested on CentOS 5.6 and successfully worked for me, I hope it will also work for you, now lets move further installation of mod_evasive module.

How to Install Mod_Evasive in RHEL/CentOS & Fedora

As we already installed required dependency packages above, so lets install the mod_evasive module. Step 1: Installing Mod_Evasive Just run the following commands to install mod_evasive.
## For RHEL/CentOS 6.2/6.1/6/5.8 ## # cd /usr/src # wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz # tar xzf mod_evasive_1.10.1.tar.gz # cd mod_evasive # apxs -cia mod_evasive20.c ## For Fedora 17,16,15,14,13,12 ##

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

# # # # #

cd /usr/src wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz tar xzf mod_evasive_1.10.1.tar.gz cd mod_evasive apxs -cia mod_evasive20.c

Step 2: Configuring Mod_Evasive By default installation adds the following line of mod_evasive configuration to your Apache configuration file. Please verify that it should be there like similar to below. If you cant see this below line, then add this to your httpd.conf file.
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so

Now add the mod_evasive configuration parameters to your Apache configuration at the end. Replace [email protected] with your Email Id to get email alerts.
<IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 60 DOSEmailNotify [email protected] </IfModule>

Next restart the Apache service to update changes.

# /etc/init.d/httpd restart

For more additional information visit the mod_evasive Home Page. Please drop your comments for any queries on installation, we will love to help you out and dont forget to Subscribe to our Updates.
Bio

Ravi Saive
Owner at TecMint.com

Simple Word a Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux.

Linux Services & Free WordPress Setup

Our post is simply DIY aka Do It Yourself, still you may find difficulties and want us to help you out. We offer wide range of Linux and Web Hosting Solutions at fair minimum rates. Please submit your orders by Clicking Here.

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

20

43 comments
Free ebook pdf Virus protection software Network security software At home work

Free web design tutorials

Free work from home

Previous Post Adobe Flash Player 11.3 Released Install On RHEL/CentOS 6-5 and Fedora 17-12 Next Post Red Hat Enterprise Linux (RHEL) 6 Installation Guide with Screenshots

Related Post(s):
1. 2. 3. 4. 5. 6. TecMint.com Best and Most Viewed Articles from 2012 Fedora 19 Schrdingers Cat Released Installation Guide with Screenshots Ubuntu 12.10 Server (Quantal Quetzal) Installation Guide with Screenshots How to Use Remote Desktop (rdesktop) in Redhat/Fedora/CentOS Adobe Flash Player 11.3 Released Install On RHEL/CentOS 6-5 and Fedora 17-12 20 Linux YUM (Yellowdog Updater, Modified) Commands for Package Management

43 Responses

1.

sholeh says: September 5, 2012 at 12:14 pm Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file ? Include modsecurity-crs/modsecurity_crs_10_config.conf Include modsecurity-crs/base_rules/*.conf my configure is error ? please give me example Thanks Reply

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Ravi Saive says: September 5, 2012 at 12:47 pm Dear Sholeh, Use command as httpd -t and tell me the output of the error. Reply 2. rohit says: October 9, 2012 at 9:02 pm Syntax error on line 47 of /etc/httpd/modsecurity.d/activated_rules/base_rules /modsecurity_crs_21_protocol_anomalies.conf: ModSecurity: SkipAfter actions can only be specified by chain starter rules. please help me out in this. Reply 3. Ravi Saive says: October 10, 2012 at 5:21 pm @ Rohit, The directory activated_rules contains some rules that comes with modsecurity 2.2.5 version and are not comptaible with the modsecurity version 2.6.6. In version 2.6.6 there is no such activated_rules directory exists. see my article did i mentioned the directory above. This above artilce is works with modsecurity 2.6.6 only.. Reply 4. Miguel Mello says: November 28, 2012 at 9:39 am Works great! Very nice and helpful tutorial. Thank you. Reply 5. Sries Parlotte says: December 10, 2012 at 5:18 am Hello, Can we install this on Centos 6.3 ? Reply Ravi Saive says: December 10, 2012 at 1:02 pm @Series Parlotte,

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Yes! You can install it. go ahead.. Reply 6. Paul Sandel says: December 15, 2012 at 11:35 pm Thanks for the info, very helpful. Can you recommend a methodology to test the efficacy of the servers security? Im not a hacker, and do not have a strong understand of their approach Reply 7. sanjeev says: January 8, 2013 at 11:05 am paul either you can use openvas or nessus(only for non-commercial) tool to check servers security Reply 8. Alex says: January 18, 2013 at 1:43 am gracias, funciona muy bien. Reply 9. Tanas Alexandru Florin says: February 10, 2013 at 10:15 pm Thanks but with this 2 module my ram usage uts 500 mb with out any site on my VPS. How to uninstall this 2 module ? Thanks Reply 10. Jayb says: March 17, 2013 at 12:19 pm Is there any simple url script to check if mod security is enabled and working. I tried with generic samples from the web, but all of them give Not Found error instead of Access Denied. Reply 11. Victor says: April 10, 2013 at 3:39 pm Hi, I had a problem saying Couldnt find apxs when trying to do ./configure of modsecurity step 2 this package wasnt installed on my os I followed this post to do so : http://www.ehow.com/how_8671217_install-apxs-centos-54.html It worked just fine so I thought it might help others

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Cheers :) Reply 12. Stranger says: July 9, 2013 at 9:35 am i installed mod_evasive as per your instructions and voila it saved me from a 500mb ddos attack, thanks alot Reply 13. Behzad says: July 27, 2013 at 12:36 am Hello I want to install mod_security, when i enter the following command (./configure) I see the following result what can I do? checking for a BSD-compatible install /usr/bin/install -c checking whether build environment is sane yes checking for a thread-safe mkdir -p /bin/mkdir -p checking for gawk gawk checking whether make sets $(MAKE) yes checking build system type x86_64-unknown-linux-gnu checking host system type x86_64-unknown-linux-gnu checking for style of include used by make GNU checking for gcc no checking for cc no checking for cl.exe no configure: error: in `/usr/src/modsecurity-apache_2.7.4: configure: error: no acceptable C compiler found in $PATH See `config.log for more details. My OS is: centos 6.4 htppd: Apache/2.2.25 (Unix) Thanks in advance Reply Ravi Saive says: July 27, 2013 at 12:30 pm Install missing gcc Development Tools using yum package manager. Reply 14. Sajjad says: July 29, 2013 at 6:27 am hey Ravi i need your help to install these mods on my server, i dont want to play with my live site, and im willing to pay for this job, Reply

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Ravi Saive says: July 29, 2013 at 4:41 pm Ok we setup and install these mods on your server. Just mail me all your server details, so we could start working on it. Reply 15. Sajjad says: July 29, 2013 at 6:59 pm i dont have you email id Reply Ravi Saive says: July 30, 2013 at 4:29 pm Use our contact us form.. Reply 16. Abh says: August 2, 2013 at 6:14 pm Hi Ravi. On ./configure i get an error configure: error: pcre library is required but thing is Package pcre-7.8-6.el6.x86_64 already installed and latest version so how can i get past it? :) Reply 17. Lau says: August 4, 2013 at 6:44 pm Hi, I got stuck at Step 3 (Step 3: Downloading OWASP Mod_Security Core Rule Set) # wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT /modsecurity-crs_2.2.5.tar.gz. What other link should I use? 2013-08-04 21:02:40 http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0CURRENT/modsecurity-crs_2.2.5.tar.gz Resolving downloads.sourceforge.net 216.34.181.59 Connecting to downloads.sourceforge.net|216.34.181.59|:80 connected. HTTP request sent, awaiting response 404 Not Found 2013-08-04 21:02:40 ERROR 404: Not Found. Reply Ravi Saive says: August 4, 2013 at 10:02 pm Sorry, links were outdated, just added new updated links. Please check and let me know.

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Reply Les says: September 10, 2013 at 7:58 pm Im receiving the same error on the link and do not see an update. Reply 18. Lau says: August 4, 2013 at 10:59 pm Thanks for your quick response. I appreciate it, but Im still seeing the same link : http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecuritycrs_2.2.5.tar.gz Reply vasu says: October 10, 2013 at 7:55 pm Hi Lau, Download that tar pkg from below link http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz /aaeaa1124e8efc39eeb064fb47cfc0aa/modsecurity-crs_2.2.5.tar.gz Thanx Reply 19. Lau says: August 5, 2013 at 1:51 am Hi again, I got stuck at step 3 because of the invalid link, I couldnt restart httpd so I want to start again from zero. How can I uninstall Mod_Security first? I already deleted the lines in httpd . Any help is appreciated. Reply Ravi Saive says: August 5, 2013 at 1:17 pm The article is little outdated due to new release of mod_security. We update it and make compatible for all distros. Reply 20. vasu says: October 10, 2013 at 8:03 pm Hi Ravi

10

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Thanks for great tutorial. Ive installed successfully. One small correction at step 4 for : Include modsecurity-apache/modsecurity.conf Read : Include conf.d/modsecurity.conf But how could we confirm that these both modules are working fine and our site is safe. Thanx.. Reply Ravi Saive says: October 10, 2013 at 8:46 pm Thanks man, updated the article.. Reply 21. Nikhil says: October 18, 2013 at 8:39 pm Hi, I have installed mod_security in my server. I want to check mod_security is working on my server or not. Please tell me how can i check? Reply Ravi Saive says: October 18, 2013 at 10:29 pm Create a file phpinfo.php in your website root directory and add the following lines to it.
<php? phpinfo(); ?>

Add call the file from the browser and search for mod_security term. Reply 22. Ferdi zdamar says: October 23, 2013 at 10:17 pm When i restart services after i modified httpd.conf file i get these problems on the below and webserver stop responding, what should i do ? (I have Centos 5.9 VPS) Stopping httpd: [FAILED]

11

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Starting httpd: httpd: Syntax error on line 62 of /etc/httpd/conf/htt tc/httpd/modules/mod_security2.so: cannot open shared object file: No [FAILED] Stopping httpd: [FAILED] Starting httpd: Syntax error on line 7 of /etc/httpd/conf.d/modsecuri Invalid command SecRuleEngine, perhaps misspelled or defined by a m Reply Ravi Saive says: October 23, 2013 at 10:56 pm Let me re-check again, why such error its throwing. Will update you soon.. Reply 23. Ferdi zdamar says: October 24, 2013 at 12:30 am Thanks for the quick reply Ravi, i took back the changes on httpd.conf file but webserver still doesnt response. I also mailed you my ssh access info if you would like to take a look. Thanks in advance. Reply 24. Jiin says: November 7, 2013 at 7:46 am Hi Ravi, I installed & configured mod_evasive (I skipped mod_security). No issue encountered. But when I used ab (apachebench) to test the server using 600 concurrent requests it does not send out any email (abuse report) or blacklist/block my access . Can you tell me where is the log indicates the action taken by the mod_evasive? or any place to find out if it is working correctly. Thanks. Reply Ravi Saive says: November 7, 2013 at 6:52 pm We havent enabled log in the article, to enable logs simple place the following line inside ifmodule section and restart apache.
DOSLogDir /var/log/mod_evasive

Reply Jiin says: November 8, 2013 at 1:34 am Thanks Ravi. I added this line and restart apache but still got nothing. /var/log/mod_evasive did not show up at all. Any pointers you can give to help me debug this? this is in httpd.conf DOSHashTableSize 3097 DOSPageCount 5

12

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 3600 DOSLogDir /var/log/mod_evasive DOSEmailNotify [email protected] This is the 600 concurrent requests I sent and it went through. $ ab -n 600 -c 600 http://www.invescoperpetual.dev.invesco.net/portal/site/ip/home/ This is ApacheBench, Version 2.0.40-dev apache-2.0 Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Copyright 2006 The Apache Software Foundation, http://www.apache.org/ Benchmarking http://www.invescoperpetual.dev.invesco.net (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Finished 600 requests Reply 25. Jiin says: November 12, 2013 at 8:00 am Just found out my RHEL release is 5.7 (Red Hat Enterprise Linux Server release 5.7 (Tikanga) ) Will that be the root cause of my issue? Reply 26. John says: December 11, 2013 at 8:18 pm Hi Ravi Could you help me with this problem httpd: Syntax error on line 177 of /usr/local/apache2/conf/httpd.conf: Cannot load modules/mod_evasive20.so into server: /usr/local/apache2/modules/mod_evasive20.so: undefined symbol: ap_log_rerro Reply John says: December 11, 2013 at 8:24 pm Also in 177 simple i have LoadModule evasive20_module modules/mod_evasive20.so Reply 27. Michael says: January 12, 2014 at 12:22 am These instructions were greatthank you! Had to add the apxs, httpd-devel, pcre-devel, and curl-devel

13

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

along the way. Reply

Leave a Reply
Name (Required) Mail (will not be published) (Required) Website

Twitter 1267 Twitter Facebook 22582 Facebook Google+ 2010 Google+ RSS 2589 Subscribers Become A TecMint Subscriber to receive latest Updates.

Popular Latest Comments Tags

14

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

Wine 1.7.9 Released Install in RHEL, CentOS and Fedora 132 Comments

CentOS 6.4 Step by Step Installation Guide with Screenshots 131 Comments

Install Apache 2.2.15, MySQL 5.5.34 & PHP 5.5.4 on RHEL/CentOS 6.4/5.9 & Fedora 19-12 128 Comments

Install Cacti (Network Monitoring) on RHEL/CentOS 6.3/5.8 and Fedora 17-12 111 Comments

CentOS 6.3 Step by Step Installation Guide with Screenshots 89 Comments

Google Chrome 32 Released Install on RHEL/CentOS 6 and Fedora 19/15 83 Comments

:: Advertise ::

15

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

:: Download Free Linux eBooks ::

:: Follow Us ::

16

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

:: About ::
TecMint.com is a website that publishes practical and useful out-of-the-box articles for aspirant like you and me. We seek to present exceptional, remarkable tips, tutorials, and resources that the modern web professional will appreciate.

:: Our Services ::

Know More

We offer wide range of Linux Web Hosting and Management Services includes Linux hosting, WordPress hosting, Joomla Hosting, CMS hosting, Website migration and Custom solutions, making us a one-stop destination for all your possible hosting needs at fair minimum rates.

:: Advertise ::

Submit Order

TecMint.com is visited by tens of thousands of Linux users and has a excellent reputation in the search engine ranking. Most of the traffic comes from Google organic search (80%). Spread your messages or products to an engaged readers by advertising with us. Home | Privacy Policy | Copyright Policy 2012-2013 All Rights Reserved. Advertise Now

17

Install Mod_Security & Mod_evasive for Apache on RHEL/CentOS & Fedora

10 Useful Free Linux eBooks for Newbies and Administrators 25 Hardening Security Tips for Linux Servers 60 Commands of Linux : A Guide from Newbies to System Administrator 15 Command Line Tools to Monitor Linux Performance 5 Best Practices to Secure and Protect SSH Server 18 Tar Command Examples in Linux 20 Linux YUM (Yellowdog Updater, Modified) Commands 25 Useful Basic Commands of APT-GET and APT-CACHE 20 Funny Commands of Linux or Linux is Fun in Terminal 35 Practical Examples of Linux Find Command 10 Linux Distributions and Their Targeted Users

18