![\"Install](\"https:\/\/linuxadmin.io\/wp-content\/uploads\/2017\/05\/mod_security-2.png\")
<\/p>\n<\/p>\n
ModSecurity is an open source monitoring system for web applications. It has powerful rule sets that allow you to protect applications from attacks. View the project<\/a> for more details. It provides a ton of features such as:<\/p>\n More than 16,000 specific rules, broken out into the following attack categories: User option for application specific rules, covering the same vulnerability classes for applications such as: To get started you will need to have Apache installed. If you do not yet, please see Compile Apache 2.4 From Source<\/a><\/p>\n Install the required dependencies:<\/p>\n yum install -y libxml libxml-devel<\/p>\n Get the software package:<\/p>\n cd \/usr\/src; wget https:\/\/github.com\/SpiderLabs\/ModSecurity\/releases\/download\/v2.9.1\/modsecurity-2.9.1.tar.gz<\/p>\n Un-compress the archive:<\/p>\n tar xfvz modsecurity-2.9.1.tar.gz<\/p>\n Go in to the directory:<\/p>\n cd modsecurity-2.9.1<\/p>\n Configure it:<\/p>\n .\/configureInstall:make && make install<\/p>\n You will need to edit \/etc\/httpd\/conf\/httpd.conf and load the module:<\/p>\n LoadModule security2_module lib\/apache\/mod_security2.so<\/p>\n For each domain you want to enable it for add the following:<\/p>\n SecEngine On<\/p>\n Restart Apache to load it:<\/p>\n service httpd restart<\/p>\n Verify it is loading in Apache:<\/p>\n httpd -M 2>&1|grep security<\/p>\n You should see the following returned:<\/p>\n security2_module (shared)<\/p>\n Get a starting ruleset. View the github project<\/a> for more details.<\/p>\n Download the ruleset:<\/p>\n cd \/usr\/src;wget https:\/\/github.com\/SpiderLabs\/owasp-modsecurity-crs\/archive\/v3.0.0.tar.gz<\/p>\n Un-compress the archive:<\/p>\n tar xfvz v3.0.0.tar.gz<\/p>\n Make a configuration directory<\/p>\n mkdir \/etc\/httpd\/conf\/modsecurity.d<\/p>\n Enter the directory:<\/p>\n cd owasp-modsecurity-crs-3.0.0<\/p>\n Move the rules directory into place:<\/p>\n mv rules\/ \/etc\/httpd\/conf\/modsecurity.d<\/p>\n Move and rename the main configuration:<\/p>\n mv crs-setup.conf.example \/etc\/httpd\/conf\/modsecurity.d\/crs-setup.conf<\/p>\n Review crs-setup.conf and remove comments for any applicable lines.<\/p>\n Edit \/etc\/httpd\/conf\/httpd.conf once again and add the following:<\/p>\n <IfModule security2_module> Restart Apache once more to load the base configuration. That is it for the base installation. There are numerous ways you can configure it to protect your server from web based attacks and proactively monitor your server.<\/p>\n May 4, 2017LinuxAdmin.io<\/p>\n
\n* SQL injection
\n* Cross-site Scripting (XSS)
\n* Local File Include
\n* Remote File Include<\/p>\n
\n* WordPress
\n* cPanel
\n* osCommerce
\n* Joomla<\/p>\nInstall ModSecurity<\/h3>\n
Configure ModSecurity<\/h3>\n
\nInclude \/etc\/httpd\/conf\/modsecurity.d\/crs-setup.conf
\nInclude \/etc\/httpd\/conf\/modsecurity.d\/rules\/*.conf
\n<\/IfModule><\/p>\n