Re: installing mod_security

Hello Bradley,

Monday, October 30, 2006, 11:25:31 PM, you wrote:

> I apologize if this question actually makes you lose an IQ point for
> reading it, however, I am about to install mod_security for the first time
> and I'm stuck on step 5 of the install process:

> Edit Makefile to configure the path to Apache (for example: top_dir =
> /usr/local/apache2).

> What do they want me to put here?  My configs are in /etc/httpd, my binary
> is in /usr/sbin/httpd, I cannot locate an original build directory on this
> server.  Confused by what Makefile wants...

> Thanks, Brad

what they are actually looking for is the folder that contains: build/special.mk
on an RPM based system you will need to make sure you have your
httpd-devel//apache-devel RPM installed, then you can find the
location by using a command such as:

rpm -ql httpd-devel | grep build/special.mk

by default on Fedora 4, it is /etc/httpd/build

--

-- 
Best regards,
 Shane

Full time Java/Web programmer position in London (for ModSecurity)

In addition to the position for a C programmer I posted earlier, we are now
looking for a Java/Web programmer to help us work on ModSecurity-related
projects. This too is a full time position for people in or around London,
willing to commute to West London (most likely the Ealing Broadway area).

The following is a list of relevant skills:

  1. Decent programming and object-oriented programming skills in Java.
  2. Ability to write clean, understandable, documented, and, above
     everything else, *secure* code.
  3. Familiarity with good software design/engineering practices:
     configuration management, test-driven development, defect
     tracking, etc.
  4. Good understanding of network protocols and the Internet.
  5. Very good understanding of HTTP.
  6. Very good understanding of web application security issues.
  7. Ability to work independently but also work as a team member.
  8. Accountability.
  9. Good knowledge of HTML, JavaScript, DHTML and SQL.
 10. Fluent English.

Please send your CVs to my email address and also include your list of
favourite books relevant to the job (but feel free to include other books
you feel strongly about).

It is worth noting that the entire department is going to consist of a
small number of developers. This is, therefore, a good opportunity for
someone to enjoy a quiet environment and immerse himself (or herself)
in the work.

More Breach Support!

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users

Re: Fwd: errors while trying to load mod_security2 beta3

 <steeeeeveee <at> gmx.net> writes:

> 
> Okay. Got it fixed. But the changes in 2.0.0 are to much for me to handle 
now. The included RTF document is
> okay, but in now way verbose enought for me to understand how and wich of my 
2.0.0-dev1 rules I need to change.
> 
> Will definatly wait till 2.0.0 comes out or try again when the documentation 
gets better.
> 
> cheers
> 
> SteveB
> 
> -------- Original-Nachricht --------
> Datum: Thu, 25 May 2006 18:43:56 +0200
> Von: steeeeeveee <at> gmx.net
> An: mod-security-users <at> lists.sourceforge.net
> Betreff: errors while trying to load mod_security2 beta3
> 
> Hallo List
> 
> I compiled mod_security2 beta3 under Gentoo Linux. But when I try to use it, 
then I get the following error:
> 
> Cannot load /usr/lib/apache2/modules/mod_security2.so into server:
> /usr/lib/apache2/modules/mod_security2.so: undefined symbol: msc_alert
> 
> Does any one know how to fix that?
> 
> cheers
> 
> Steve

Steve, I had the same issue and the way to fix it is to change this:
<IfModule mod_security.c>
to
<IfModule mod_security2.c>

Hope this help.
- Monica

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: Fwd: errors while trying to load mod_security2 beta3

I believe that the error message is related to the LoadModule directive
and is a problem with the mod_security2.so DSO object.  The <IfModule>
directive is just telling Apache whether or not to activate the
following directives if the corresponding DSO module is loaded.

Ryan C. Barnett
Director of Application Security Training
Breach Security, Inc.
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
Ryan.Barnett <at> Breach.com 
www.Breach.com

-----Original Message-----
From: mod-security-users-bounces <at> lists.sourceforge.net
[mailto:mod-security-users-bounces <at> lists.sourceforge.net] On Behalf Of
Monica Lee
Sent: Thursday, November 02, 2006 10:43 AM
To: mod-security-users <at> lists.sourceforge.net
Subject: Re: [mod-security-users]Fwd: errors while trying to load
mod_security2 beta3

 <steeeeeveee <at> gmx.net> writes:

> 
> Okay. Got it fixed. But the changes in 2.0.0 are to much for me to
handle 
now. The included RTF document is
> okay, but in now way verbose enought for me to understand how and wich
of my 
2.0.0-dev1 rules I need to change.
> 
> Will definatly wait till 2.0.0 comes out or try again when the
documentation 
gets better.
> 
> cheers
> 
> SteveB
> 
> -------- Original-Nachricht --------
> Datum: Thu, 25 May 2006 18:43:56 +0200
> Von: steeeeeveee <at> gmx.net
> An: mod-security-users <at> lists.sourceforge.net
> Betreff: errors while trying to load mod_security2 beta3
> 
> Hallo List
> 
> I compiled mod_security2 beta3 under Gentoo Linux. But when I try to
use it, 
then I get the following error:
> 
> Cannot load /usr/lib/apache2/modules/mod_security2.so into server:
> /usr/lib/apache2/modules/mod_security2.so: undefined symbol: msc_alert
> 
> Does any one know how to fix that?
> 
> cheers
> 
> Steve

Steve, I had the same issue and the way to fix it is to change this:
<IfModule mod_security.c>
to
<IfModule mod_security2.c>

Hope this help.
- Monica

------------------------------------------------------------------------
-
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

How to inspect uploaded files for mime-types, file-extension or true file-type

Hi,

Using ModSecurity 2.0, is there a way to inspect uploaded files (when using 
Apache 2.2.3 on SuSE Linux as a reverse proxy) for certain mime-types, file 
extension or true file-type?

At this moment I use a modified clamscan perl script to check for viruses with 
different command line virusscanners. Since the FILES_TMPNAMES convert the 
original filename to a temporary name I don't know how to check for the 
original fileextension it had, next to a mime-type check I already perform 
with a Perl script.

Regards,

Arthur Fonzarelli

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: More Breach Support!

Let me just say that it was difficult for me to keep quiet about Ryan
joining! He made significant contributions over the years, adding to
ModSecurity (with his observations but especially on the community
side making frequent posts) and Apache. With his book, Preventing Web
Attacks with Apache, he pushed the boundaries of web application
security. I was thus thrilled to learn he had decided to join our
team. And I am now looking forward to working closely with him to take
ModSecurity further!

On 11/2/06, Ryan Barnett <Ryan.Barnett <at> breach.com> wrote:
>
> Greetings ModSecurity Users,
>
> My name is Ryan Barnett and as many of you know, I have been a long time
> ModSecurity user and poster on this list.
>
> ...
>
> With all of that being said, I am extremely excited to announce that I have
> accepted a position with Breach Security!  As of yesterday, I have become
> the Director of Application Security Training.

--

-- 
Ivan Ristic

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: msc, monthly reports and the new log collector

This bounced from msc-users <at> lists.thinkingstone.com (Non-existant
list.  Also note that this list is a link off the msc home page for
support), so I'll report here:

On 11/3/06, Brian Rectanus <brectanu <at> gmail.com> wrote:
> Hello,
>
> Just got around to setting up a monthly report in msc and notice it is
> sent daily.  Was that the intention?  I was expecting a report sent on
> 1st of the month for the previous month (or similar).
>
> Also, I wanted to know if I could get the source for the upcoming
> 'native' log collector (beta is fine).  I need to get a more reliable
> collector for disconnected operation.  If it will not be available
> soon, I'll probably add to the current perl script to support
> disconnected operation.
>
> thanks,
> -B
>

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: msc, monthly reports and the new log collector

On 11/3/06, Brian Rectanus <brectanu <at> gmail.com> wrote:
> This bounced from msc-users <at> lists.thinkingstone.com (Non-existant
> list.  Also note that this list is a link off the msc home page for
> support), so I'll report here:

The server running the list had a hard disk failure on Friday evening.
(It's always the Friday evenings, isn't it!) We've taken the
opportunity to migrate the mail server off that particular machine (it
was essentially only serving that mailing list). The new mailing list
is up and running I just need to switch the subscribers over and send
an email about it.

> On 11/3/06, Brian Rectanus <brectanu <at> gmail.com> wrote:
> > Hello,
> >
> > Just got around to setting up a monthly report in msc and notice it is
> > sent daily.  Was that the intention?  I was expecting a report sent on
> > 1st of the month for the previous month (or similar).

I agree, that's what one should expect from a monthly report.

> > Also, I wanted to know if I could get the source for the upcoming
> > 'native' log collector (beta is fine).  I need to get a more reliable
> > collector for disconnected operation.  If it will not be available
> > soon, I'll probably add to the current perl script to support
> > disconnected operation.

I'll look into it and get back to you.

--

-- 
Ivan Ristic

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Upgrading to Mod Security 2.0

I would like to upgrade to modsecurity 2 (I am currently running 1.8.6), but I
haven't been able to find any upgrade instructions or rule-conversion guidlines.
 I have read everything I could find on modsecurity.org, but couldn't find any
mention about upgrading.  Can someone point me in the right direction?

I have a large custom ruleset, primarily targeted to block blog-spam.  From
reading the modsec 2 documentation I *think* some changes to my rules may be in
order (for example, I currently use ARG_argname syntax, that wasn't mentioned in
the modsec2 docs), but I am not 100% sure.  There was no list of deprecated
commands, etc.

My current installation of modsec blocks 4,000+ blog spam attempts per day -- so
I really want to make sure my ruleset works (or make the necessary conversions)
before I upgrade to 2.0.

Thanks,

Mark 

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642