Integrating Mod Security to Apache.

Well, this week we will learn to integrate apache mod security.
What we did last week was just install mod security,
but he is not yet active in the system.

The command "make install" just add the modules that mod security
need, apache, but does not enable, we will see later on how
enables it.

We made a standard installation, but if you want to customize the
installation, security mod has a very complete help.

$. /configure --help

as a small example we have the following features: ** The above command in
shows much more than that.
Optional Features:
   --disable-option-checking ignore unrecognized --enable / - with options
   --disable-FEATURE do not include FEATURE (same as --enable-FEATURE = no)
   --enable-FEATURE [= ARG] include FEATURE [ARG = yes]
   --enable-silent-rules less verbose build output (undo: "make V = 1")
   --disable-silent-rules verbose build output (undo: "make V = 0 ')
   --enable-dependency-tracking
                       do not reject slow dependency extractors
   --disable-dependency-tracking
                       speeds up one-time build
   --enable-shared [= PKGS] build shared libraries [default = yes]
   --enable-static [= PKGS] build static libraries [default = yes]
   --enable-fast-install [= PKGS]
                       optimize for fast installation [default = yes]
   --disable-libtool-lock avoid locking (might break parallel builds)
   --disable-apache2-module
                       Disable building Apache2 module.


When you finish installing the mod security by default creates the directory,
with the following structure:

/usr/local/modsecurity/
├── bin
│ ├── mlogc
│ ├── mlogc-batch-load.pl
│ └── rules-updater.pl
└── lib
└── mod_security2.so

run the following command to check if the lib mod_security2.so
already is in the directory /etc/httpd/modules/

ls -l /etc/httpd/modules/ | grep mod_sec

if the lib is not in the directory, they can copy it with the following command:

cp /usr/local/modsecurity/lib/mod_security2.so  /etc/httpd/modules/


If you are using a version 6.x or it previous RedHat, let's edit
the /etc/httpd/conf/httpd.conf

vim /etc/httpd/conf/httpd.conf

If you are already using a derivative of RedHat 7.x we edit
/etc/httpd/conf.modules.d/00-base.conf

vim /etc/httpd/conf.modules.d/00-base.conf

and we add the following lines to the file.

32-Bits
LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua-5.1.so

64-Bits
LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so

#Enable Mod Security Module
LoadModule  Security2_module modules / mod_security2.so






Now is to restart Apache.

If you encounter the below error:

AH00526: Syntax error on line 218 of /etc/httpd/conf.d/modsecurity.conf:
Could not open unicode map file "/etc/httpd/conf.d/unicode.mapping": No such file or directory

just go back to the directory where the sources of mod_security and copy the file
unicode.mapping.

cp unicode.mapping /etc/httpd/conf.d/


Now the mod security already is active.
In our next article we will see how to enable the NGINX and perhaps in IIS.
We'll also have a general of the mod_security configuration file.