How to Install mod_security Apache use yum

ModSecurity is a module for Apache to act as a web application firewall, which bring another security layer to your website. Nowadays, it is very important to have this protection so your website will be protected from Internet threats. Based on my experience as system administrator, our intrusion detection system averagely detected 10 – 15 internet threats per server per day. These include brute-force attack, blind SQL injection, XSS attack and many more.
1. Install EPEL repo on Centos
2. Install mod_security
[root@centos ~]# yum install mod_security
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
* base: mirror.vietoss.com
* epel: ftp.tsukuba.wide.ad.jp
* extras: mirror.vietoss.com
* rpmforge: mirror-fpt-telecom.fpt.net
* rpmforge-extras: mirror-fpt-telecom.fpt.net
* rpmforge-testing: mirror-fpt-telecom.fpt.net
* updates: mirror.vietoss.com
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package mod_security.i386 0:2.6.8-2.el5 set to be updated
–> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package               Arch          Version                Repository     Size
================================================================================
Installing:
mod_security          i386          2.6.8-2.el5            epel          159 k
Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)
Total download size: 159 k
Is this ok [y/N]: y
Downloading Packages:
mod_security-2.6.8-2.el5.i386.rpm                        | 159 kB     00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing     : mod_security                                             1/1
Installed:
mod_security.i386 0:2.6.8-2.el5
Complete!
3. mod_security configuration files
-  /etc/httpd/conf.d/mod_security.conf : main configuration file for the mod_security Apache module.
-  /etc/httpd/modsecurity.d/ :  all other configuration files for the mod_security Apache.
- /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf : Configuration contained in this file should be customized for your specific requirements before deployment.
- /var/log/httpd/modsec_debug.log : Use debug messages for debugging mod_security rules and other problems.
- /var/log/httpd/modsec_audit.log : All requests that trigger a ModSecurity events (as detected) or a serer error are logged (“RelevantOnly”) are logged into this file.
Open /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf file, enter:.
[root@centos ~]# vi /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
Make sure SecRuleEngine set to “On” to protect webserver for the attacks:
SecRuleEngine On
Turn on other required options and policies as per your requirements. Finally, restart httpd:
[root@centos ~]# service httpd restart
Make sure everything is working:
[root@centos ~]# tail -f /var/log/httpd/error_log
Sample output:
[Sat May 09 23:18:31 2009] [notice] caught SIGTERM, shutting down
[Sat May 09 23:18:33 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat May 09 23:18:34 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.
[Sat May 09 23:18:34 2009] [notice] Original server signature: Apache/2.2.3 (CentOS)
[Sat May 09 23:18:34 2009] [notice] Digest: generating secret for digest authentication …
[Sat May 09 23:18:34 2009] [notice] Digest: done
[Sat May 09 23:18:35 2009] [notice] Apache/2.2.0 (Fedora) configured — resuming normal