How to Mod_security on plesk servers

[DCoats]

I can't run blacklist.conf on freebsd5.5/Apache/2.0.59 either.
Any type of load at all will bring down apache and If not configured correctly will bring down the whole box. I am able to run all the rest of the gotroot rules just fine, only have to comment out blacklist.conf.

 

[atomicturtle]

I'm making my own at this time, although we won't be supporting ASL 2.0 on RH9. I'm purely using it as a research platform at this time.

And yes, ASL is written on CentOS4, and then ported to the other platforms. So definitely, you'd want to run it on there.

We've managed to put together an alternate implementation for the blacklists that gets around the memory issues on the newer platforms. We basically moved that check into another application (not mod_security).

 

[Amin Taheri]

Hi,

I am considering purchasing this (and I know Im not in the right forums for this, but its a general quesetion) and saw above that there were some performance concerns with certain OS builds/Distros

Is there any problems with RHEL 4 that anyone knows about?

 

[atomicturtle]

No, aside from the mentioned memory leak in 2.x. I do all my testing on CentOS4/RHEL4, so other than that one, I havent run into anything yet.

 

[Amin Taheri]

Hi atomicturlt - thanks for the reply.

I have one more question if you dont mind.

I use apache 2.0, and already have mod_security 2.x installed on the server. Would that need to be removed in order to install the ASL or can it work in conjunction with what is there?

 

[atomicturtle]

Yeah, it would need to be removed. I had to modify the reporting format to integrate with the SIM. Without it you won't be able to do cross-event IDS correlation.

 

[Amin Taheri]

I'm sure that the ASL is worth every penny it and everyone else says it is, but for those of you who dont like purchasing things this is how I was able to setup mod_sec on my server - and very easily at that.

http://www.pleskhosts.com/forum/showthread.php?t=34

Personally I am using this in production while looking at the ASL in dev and test boxes.

 

[wjtech]

Hi HostingGuy:

Are you aware that you need to log in to view content at the above link?

John

 

[Amin Taheri]

Well, I was logged in when I got the link so I didnt think about it.

 

[atomicturtle]

Mod_security is in fedora-extras as well:

yum install mod_security

 

[gromett]

Originally posted by atomicturtle
We include mod_security with ASL, for those of you looking for a short cut.

Bah!!! I have just spent all night creating an RPM of it to avoid having to mess around lol

If anyone wants a quick install for Virtuozzo based Centos 5.
http://ezee.co.uk/index.php/Mod_security

Karl

 

[roccotocco]

Hi atomicturtle u have a pm
thanks

 

[atomicturtle]

Yep, Ive got rpms for rhel3/4/5, centos 3/4/5, Fedora 4/5/6/7. RPM's are also in the fedora-extras channel for 4/5/6, and in the Fedora 7 main/base channel.

 

[Amin Taheri]

I think he meant PM - and he was posting to tell you he sent you a PM

 

[atomicturtle]

Yep, just hit the "profile" button. IM's are listed there.

 

[ryanz]

Hi,

Does anyone have a How To for installing mod_security 2.1.x on CentOS with Apache 2.x

Regards,

Ryan

 

[ACID25]

Hi

i want to install mod_security on a Fedora Core II box with PLESK 8.0 but compile fails

/bin/sh /usr/lib/apr/build/libtool --silent --mode=compile gcc  -pthread  -O2 -g -Wuninitialized -Wall -Wmissing-prototypes -Wshadow -Wunused-variable -Wunused-value -Wchar-subscripts -Wsign-compare -DWITH_LIBXML2 -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER -DSSL_EXPERIMENTAL_ENGINE -I/usr/kerberos/include -I /usr/include/libxml2 -I/usr/include/httpd -I/usr/include/apr-0 -I/usr/include/openssl -DAP_FNAME=\"mod_security2.c\" -prefer-pic -c mod_security2.c && touch mod_security2.slo
In file included from modsecurity.h:35,
                 from mod_security2.c:16:
msc_pcre.h:16:18: pcre.h: No such file or directory
make: *** [mod_security2.slo] Fehler 1

httpd-devel, pcre-devel, apr-devel and apr-utils-devel are installed
Any ideas why compiling fails?

Thx and regards
ACID25

 

[ACID25]

Ok i solved this with copy pcre.h to apache2 folder...

 

[ACID25]

Hi

one new problem...so i followed instructions on the first page to install mod_security....but i think these instructions are not for mod_security2

So i recompile mod_security with make&make install

then i want to restart httpd and i got this message

httpd starten: Syntax error on line 199 of /etc/httpd/conf/httpd.conf:
Cannot load /etc/httpd/modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: undefined symbol: msc_alert
                                                           [FEHLGESCHLAGEN]

so i don´t know how to get this work ....any ideas what do to?

THX and regards
ACID25

 

[Amin Taheri]

I used this guide:
http://www.pleskhosts.com/forum/showthread.php?t=34

it is for modsecurity2 on Apache/2.0.xx