hello,
how ican install mod_security in directadmin ?
please help me.
thanks....

This does not look like a How-To Guide to me. Please do not post in the wrong sub forum.

Moved to System-Level Technical Discussion.

Jeff

This worked for me on centos 5.2 using info elsewhere on the DA forums and modsecurity site


For info see http://www.modsecurity.org/documentation/modsecurity-apache/2.1.4/html-multipage/02-installation.html


download latest files from http://www.modsecurity.org/download/index.html

wget http://www.modsecurity.org/download/modsecurity-apache_2.5.9.tar.gz

tar xzvf modsecurity-apache_2.5.9.tar.gz

cd modsecurity-apache_2.5.9/apache2

./configure
make
make test
make install

mkdir -p /etc/modsecurity2/base_rules/
cd /etc/modsecurity2/base_rules/
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz

vi /etc/httpd/conf/httpd.conf

after load php module, add...

#mod_sec
LoadModule security2_module /usr/lib/apache/mod_security2.so

and at end of file...

<IfModule mod_security2.c>
# ModSecurity2 config file.
#
Include /etc/modsecurity2/base_rules/*conf
</IfModule>

then compile into apache with custombuild


cd /usr/local/directadmin/custombuild

mkdir -p custom/ap2

cp configure/ap2/configure.apache custom/ap2/configure.apache

vi custom/ap2/configure.apache

and add...

"--with-mod_security2"

then...

./build clean 

./build apache

Include /etc/modsecurity2/base_rules/*conf

shall i create the conf dir and put all the rules files inside it

or what ?!

thanks jonathanc
what you stated worked flawlessly for me.

I been spending the day trying to install this and every tutorial i found didnt work for me i always got it installed but got errors when i restarted apache.
(Apache not being able to run or access some files I had to state in httpd.conf)

I been getting multible doS attacks, and this is the only steps that worked for me, I have directadmin, and centOS.

This tutorials worked for me :P
http://blog.fernando.vn/2010/08/installation-mod-security-on.html

To a look for 'update.script', that can install mod_security also for you.

This worked for me on centos 5.2 using info elsewhere on the DA forums and modsecurity site


For info see http://www.modsecurity.org/documentation/modsecurity-apache/2.1.4/html-multipage/02-installation.html


download latest files from http://www.modsecurity.org/download/index.html

wget http://www.modsecurity.org/download/modsecurity-apache_2.5.9.tar.gz

tar xzvf modsecurity-apache_2.5.9.tar.gz

cd modsecurity-apache_2.5.9/apache2

./configure
make
make test
make install

mkdir -p /etc/modsecurity2/base_rules/
cd /etc/modsecurity2/base_rules/
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz

vi /etc/httpd/conf/httpd.conf

after load php module, add...

#mod_sec
LoadModule security2_module /usr/lib/apache/mod_security2.so

and at end of file...

<IfModule mod_security2.c>
# ModSecurity2 config file.
#
Include /etc/modsecurity2/base_rules/*conf
</IfModule>

then compile into apache with custombuild


cd /usr/local/directadmin/custombuild

mkdir -p custom/ap2

cp configure/ap2/configure.apache custom/ap2/configure.apache

vi custom/ap2/configure.apache

and add...

"--with-mod_security2"

then...

./build clean 

./build apache


This worked for me this morning. CentOS 5.5 Linode VM.

Few things missing:

1)
mkdir -p /etc/modsecurity2/base_rules/
cd /etc/modsecurity2/base_rules/
wget http://www.modsecurity.org/download/...5-1.6.1.tar.gz

Remember to untar it - in base_rule directory there should be *.conf files. Latest core files are located at http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/

2) in file /usr/local/directadmin/custombuild
/custom/ap2/configure.apache remember about trailing backslash - syntax shoul be:



[...]
"--enable-proxy" \
"--enable-expires" \
"--with-ssl=/usr" \
"--enable-headers" \
"--with-mod_security2"



3) customize log path in config - change
SecAuditLog logs/modsec_audit.log into
SecAuditLog /var/log/modsec_audit.log

and


SecDebugLog logs/modsec_debug.log
to
SecDebugLog /var/log/modsec_debug.log
or whatever suits you

After installing I get
httpd: Syntax error on line 176 of /etc/httpd/conf/httpd.conf: Syntax error on line 133 of /root/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_40_generic_attacks.data: /root/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_40_generic_attacks.data:170: <input> was not closed.\n/root/modsecurity-apache_2.5.13/rules/base_rules/modsecurity_40_generic_attacks.data:133: <![cdata[> was not closed.

This worked for me on centos 5.2 using info elsewhere on the DA forums and modsecurity site


For info see http://www.modsecurity.org/documentation/modsecurity-apache/2.1.4/html-multipage/02-installation.html


download latest files from http://www.modsecurity.org/download/index.html

wget http://www.modsecurity.org/download/modsecurity-apache_2.5.9.tar.gz

tar xzvf modsecurity-apache_2.5.9.tar.gz

cd modsecurity-apache_2.5.9/apache2

./configure
make
make test
make install

mkdir -p /etc/modsecurity2/base_rules/
cd /etc/modsecurity2/base_rules/
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz

vi /etc/httpd/conf/httpd.conf

after load php module, add...

#mod_sec
LoadModule security2_module /usr/lib/apache/mod_security2.so

and at end of file...

<IfModule mod_security2.c>
# ModSecurity2 config file.
#
Include /etc/modsecurity2/base_rules/*conf
</IfModule>

then compile into apache with custombuild


cd /usr/local/directadmin/custombuild

mkdir -p custom/ap2

cp configure/ap2/configure.apache custom/ap2/configure.apache

vi custom/ap2/configure.apache

and add...

"--with-mod_security2"

then...

./build clean 

./build apache

For Debian users that might be interested in installing mod_security: Following this guide worked for me on Debian 5 64-bit. I normally install mod_security a little bit different on Ubuntu however this worked fine.

I had to move the logs to /var/log though in order for it to work, but that's pretty much it.

Anyways. I need to do some LocationMatch to remove the security rules for a couple of files. Where do i go about adding these? In httpd.conf?

I want to add:
<LocationMatch "(/path/to/script.php)">
SecRuleRemoveById xxxxxx
</LocationMatch>

Where do i go about adding these? In httpd.conf?
Noooooooooooo! :D

Add them to /etc/httpd/conf/security/modsecurity_crs_48_local_exceptions.conf
or to the custom vhost if it only applies to a domain

Noooooooooooo! :D

Add them to /etc/httpd/conf/security/modsecurity_crs_48_local_exceptions.conf
or to the custom vhost if it only applies to a domain

Thanks! Created that config file in /etc/modsecurity2/base_rules and it seems to work.

hi
i installed the mod_security in DA . how I can know that mod_security successfully installed ?
i dont see mod_security in the DA plugins . where i can see it ?
tnx

i dont see mod_security in the DA plugins . where i can see it ?
tnx
Theres no plug-ins, to see if its loaded, look for it in the phpinfo(); command.

i see th e phpinfo va command part .
which keyword i search that find mod_security in it ?
tnx

Under apache2handler and beside Loaded Modules

i dont find it .
what is the module name that loaded in apache ?
i need thats module name
another question
where is the mod_Security log files ?
tnx

I manually added it to /etc/httpd/conf/httpd-includes.conf with

LoadFile /usr/local/lib/libxml2.so
LoadModule security2_module /usr/lib/apache/mod_security2.so
<IfModule mod_security2.c>
Include /etc/modsecurity2/*.conf
</IfModule>
Then put the rules in /etc/modsecurity2/

If you can't see it in phpinfo (see attached), its not loaded.

hi
when i added them and then restart apache.i see this warning :
[root@server1 modsecurity2]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [Fri Mar 18 10:38:27 2011] [warn] module security2_module is already loaded, skipping
this warning mean that mod_security has been loaded before i add the lines in httpd-includes.conf
and when i see phpinfo i do not find loaded modules part compeletly
how i can see loaded modules part in phpinfo ?
i need see mod_Security in phpinfo
tnx

Try

httpd -l
if its in there, it must be compiled within apache or loaded in some other config.

try

cat /etc/httpd/extra/*.conf | grep mod_security
that'll tell you if it exists in one of the configs.

hi
when i try http -l
i dont see modsecurity
and when try

cat /etc/httpd/extra/*.conf | grep mod_security
i see this output :
cat: /etc/httpd/extra/*.conf: No such file or directory
and when i try

cat /etc/httpd/conf/extra/*.conf | grep mod_security

i dont see the output
and when i try


cat /etc/httpd/conf/*.conf | grep mod_security
i see this output :
[root@server1 conf]# cat /etc/httpd/conf/*.conf | grep mod_security
LoadModule security2_module /usr/lib/apache/mod_security2.so
<IfModule mod_security2.c>
------------
the last output mean modsecurity has been installed ?
if mod_security successfully installed please give me mod_Security log file place that i found which site has been attacked and mod_security blocked hacker query ( like sql injection and xxs )
tnx

????
No one ?

Hello guys,

I was going through johnathanc (4th post of this thread) but I get the following error after running ./configure .
-bash: ./configure: No such file or directory

note: I downloaded mod_security 2.6.3 (latest stable version) and it seems this version has not any configure file in /apache2 directory !

Please guide me, what should I do?

The ./configure is now in the base directory instead of within apache2.

Once you do the ./configure in the base directory you can then navigate into the apache2 directory and do a make, and make install.

Interestingly enough when I run through these steps the module does not show up under:
httpd -l

Yet, the http error_log shows:
[Wed Jan 04 08:14:28 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured.
[Wed Jan 04 08:14:28 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.5"
[Wed Jan 04 08:14:28 2012] [notice] ModSecurity: PCRE compiled version="8.21"; loaded version="8.21 2011-12-12"
[Wed Jan 04 08:14:28 2012] [notice] ModSecurity: LIBXML compiled version="2.7.6"


I have not yet determined if things are running properly yet or not. I need to do more testing to see. I would imagine it wouldn't be, but I'm kind of surprised I'd have a message stating that it was loaded...

Interestingly enough when I run through these steps the module does not show up under:
httpd -l

Yet, the http error_log shows:
[Wed Jan 04 08:14:28 2012] [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured.
[Wed Jan 04 08:14:28 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.5"
[Wed Jan 04 08:14:28 2012] [notice] ModSecurity: PCRE compiled version="8.21"; loaded version="8.21 2011-12-12"
[Wed Jan 04 08:14:28 2012] [notice] ModSecurity: LIBXML compiled version="2.7.6"


Got the same situation. I dont have it listed in phpinfo() output. I passed the step "--with-mod_security2". I dont get it, why should I compile it into apache instead of loading it as module?

That command will only show the modules that have been compiled as part of Apache. If you've configured mod_sec properly, you should check out its log file. IT should reveal plenty of false positives that you'll need to deal with.

Ok, thanks for that info. I had empty logs because I forgot about
SecRuleEngine On ;)

Got the same situation. I dont have it listed in phpinfo() output. I passed the step "--with-mod_security2". I dont get it, why should I compile it into apache instead of loading it as module?
Can anyone answer this cause I feel the same :) Is it needed to compile it in too if it's loaded as a module already?

Hello;

I am getting this error when i try to install it. My configuration is CB 1.2 - PHP 5.2 - Apache 2.4.1

Error ;


mod_security2.c:1118: warning: passing argument 1 of 'ap_hook_error_log' from in compatible pointer type
/usr/include/apache/http_core.h:888: note: expected 'void (*)(const struct ap_er rorlog_info *, const char *)' but argument is of type 'void (*)(const char *, in t, int, apr_status_t, const struct server_rec *, const struct request_rec *, struct apr_pool_t *, const char *)'
apxs:Error: Command failed with rc=65536
.
make: *** [mod_security2.la] Error 1

What version of mod_security do you try to install there?

Try Mod Security Version 2.6.5 for Apache 2.4.x

http://www.apachehaus.com/cgi-bin/download.plx#MODULES24

I install mod_security as in the toturial in this thread on centOS 6
After install httpd won't start anymore

DA error

An error has occurred


Details

/sbin/service httpd start 2>&1



Apache says that it can't load the module /usr/lib/apache/mod_security2.so can't find the module in this dir

What did I do wrong? There are no security2 modules in this dir

Make sure mod_security2.so exists on your FS, otherwise re-built it.