Install Mod_security for apache on Red Hat / CentOS
ModSecurity : ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance, it detects and prevents attacks against web applications.
In order to use mod_security, you need to turn on EPEL repo under CentOS / RHEL Linux.
RHEL 5.x / CentOS 5.x Users
Type the following command as root user to install repo:
# rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
RHEL 6.x / CentOS 6.x Users
Type the following command as root user to install repo:
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Once repo is turned on, type the following command to install ModSecurity:
# yum install mod_security
mod_security configuration files
- /etc/httpd/conf.d/mod_security.conf – main configuration file for the mod_security Apache module.
- /etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.
- /var/log/httpd/modsec_debug.log – Use debug messages for debugging mod_security rules and other problems.
- /var/log/httpd/modsec_audit.log – All requests that trigger a ModSecurity events or a serer error are logged are logged into this file.
Make sure SecRuleEngine set to “On” to protect webserver for the attacks:
SecRuleEngine On
Turn on other required options and policies as per your requirements. Finally, restart httpd:
# service httpd restart
Make sure everything is working:
# tail -f /var/log/httpd/error_log