Apache mod-security

Clayton Dillard | 1 May 2009 15:18

ModSecurity Console Error - RPC Request

Hi all,
We are running the latest version of the console and since yesterday we have lots of errors stating the following:

Failed processing RPC request: For input string: "0, 0"

I remember discussing this sometime last year with Ivan but I think I did not provide enough information for him to solve the issue.

Thanks,
Clay

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

headers

Ryan Barnett | 1 May 2009 17:44

ModSecurity Training at Blackhat USA in Las Vegas

Greetings everyone,

I wanted to send out a quick note to let you all know that ModSecurity training has now been added to the Blackhat USA conference in Las Vegas at the end of July 2009 - http://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-RB-modsec.html. This is a 2-day training class focused on ModSecurity rules writing. We will discuss the ModSecurity Rules Language in detail including good rule writing tips, gotchas and virtual patching. The 2nd day of the class will mainly be spent as a hands-on lab where we will go through the OWASP Securing WebGoat with ModSecurity project which will allow you to test out the latest, cutting-edge rules concepts such as content injection and Lua.

Hope to see you all in Vegas!!!

-Ryan

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

headers

Brian Rectanus | 1 May 2009 17:50

Re: ModSecurity Console Error - RPC Request

Clayton Dillard wrote:
> Hi all,
>      We are running the latest version of the console and since
> yesterday we have lots of errors stating the following:
>
> Failed processing RPC request: For input string: "0, 0"
>
> I remember discussing this sometime last year with Ivan but I think I
> did not provide enough information for him to solve the issue.

Please write it up as a bug under the "ModSecurity Console" project with 
as much detail as you can:

https://www.modsecurity.org/tracker/

thanks,
-B

--

-- 
Brian Rectanus
Breach Security

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

headers

Security Admin (NetSec | 1 May 2009 20:33

Installing modsecurity on Red Hat 5.3 x64

Probably been asked and answered; however this is my first time installing modsecurity on a Red Hat Linux Box. On my OpenBSD systems I just downloaded the latest apache 2.x and compiled from source. Then installed modsecurity 2.x with minimal issues. Suspect I may have to do the same again but I hope not. System is a fully patched RHEL 5.3 x64 with the following version of apache running:

*********************************************************

Server version: Apache/2.2.3

Server built: Nov 12 2008 07:09:03

Server's Module Magic Number: 20051115:3

Server loaded: APR 1.2.7, APR-Util 1.2.7

Compiled using: APR 1.2.7, APR-Util 1.2.7

Architecture: 64-bit

Server MPM: Prefork

threaded: no

forked: yes (variable process count)

Server compiled with....

-D APACHE_MPM_DIR="server/mpm/prefork"

-D APR_HAS_SENDFILE

-D APR_HAS_MMAP

-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)

-D APR_USE_SYSVSEM_SERIALIZE

-D APR_USE_PTHREAD_SERIALIZE

-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT

-D APR_HAS_OTHER_CHILD

-D AP_HAVE_RELIABLE_PIPED_LOGS

-D DYNAMIC_MODULE_LIMIT=128

-D HTTPD_ROOT="/etc/httpd"

-D SUEXEC_BIN="/usr/sbin/suexec"

-D DEFAULT_PIDLOG="logs/httpd.pid"

-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"

-D DEFAULT_LOCKFILE="logs/accept.lock"

-D DEFAULT_ERRORLOG="logs/error_log"

-D AP_TYPES_CONFIG_FILE="conf/mime.types"

-D SERVER_CONFIG_FILE="conf/httpd.conf"

*******************************************************************************************

When trying to install modsecurity-apache_2.5.9 I get the following error when running ./configure:

configure: looking for Apache module support via DSO through APXS

configure: error: couldn't find APXS

could not find this directory. When I Google this error I found a “apache2-threaded-dev” module might be needed but I could not find. Any help regarding this installation issue would be appreciated.

--

-- 
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

headers

Clayton Dillard | 1 May 2009 21:42

Re: ModSecurity Console Error - RPC Request

Are there any log files that I could attach or paste from that would help?

Brian Rectanus wrote:
> Clayton Dillard wrote:
>> Hi all,
>>      We are running the latest version of the console and since
>> yesterday we have lots of errors stating the following:
>>
>> Failed processing RPC request: For input string: "0, 0"
>>
>> I remember discussing this sometime last year with Ivan but I think I
>> did not provide enough information for him to solve the issue.
>
> Please write it up as a bug under the "ModSecurity Console" project
> with as much detail as you can:
>
> https://www.modsecurity.org/tracker/
>
> thanks,
> -B
>

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

headers

Mike Duncan | 1 May 2009 20:50

Re: Installing modsecurity on Red Hat 5.3 x64


Security Admin (NetSec) wrote:
> Probably been asked and answered; however this is my first time
> installing modsecurity on a Red Hat Linux Box.  On my OpenBSD systems I
> just downloaded the latest apache 2.x and compiled from source.  Then
> installed modsecurity 2.x with minimal issues.  Suspect I may have to do
> the same again but I hope not.  System is a fully patched RHEL 5.3 x64
> with the following version of apache running:
> 
> *********************************************************
> 
> Server version: Apache/2.2.3
> 
> Server built:   Nov 12 2008 07:09:03
> 
> Server's Module Magic Number: 20051115:3
> 
> Server loaded:  APR 1.2.7, APR-Util 1.2.7
> 
> Compiled using: APR 1.2.7, APR-Util 1.2.7
> 
> Architecture:   64-bit
> 
> Server MPM:     Prefork
> 
>   threaded:     no
> 
>     forked:     yes (variable process count)
> 
> Server compiled with....
> 
>  -D APACHE_MPM_DIR="server/mpm/prefork"
> 
>  -D APR_HAS_SENDFILE
> 
>  -D APR_HAS_MMAP
> 
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
> 
>  -D APR_USE_SYSVSEM_SERIALIZE
> 
>  -D APR_USE_PTHREAD_SERIALIZE
> 
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
> 
>  -D APR_HAS_OTHER_CHILD
> 
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
> 
>  -D DYNAMIC_MODULE_LIMIT=128
> 
>  -D HTTPD_ROOT="/etc/httpd"
> 
>  -D SUEXEC_BIN="/usr/sbin/suexec"
> 
>  -D DEFAULT_PIDLOG="logs/httpd.pid"
> 
>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
> 
>  -D DEFAULT_LOCKFILE="logs/accept.lock"
> 
>  -D DEFAULT_ERRORLOG="logs/error_log"
> 
>  -D AP_TYPES_CONFIG_FILE="conf/mime.types"
> 
>  -D SERVER_CONFIG_FILE="conf/httpd.conf"
> 
> *******************************************************************************************
> 
> When trying to install modsecurity-apache_2.5.9 I get the following
> error when running ./configure:
> 
>  
> 
> configure: looking for Apache module support via DSO through APXS
> 
> configure: error: couldn't find APXS

Could you send your complete configure line, with options included? Or,
did you just simply run ./configure?

> 
>  
> 
> could not find this directory.  When I Google this error I found a
> ?apache2-threaded-dev? module might be needed but I could not find.  Any
> help regarding this installation issue would be appreciated.

The 'apache2-threaded-dev' is a package which contains apxs on some
distros (Ubuntu for sure as I needed to install this). For RHEL5, this
package is called 'httpd-devel', which you will need to subscribe to
Desktop Supplementary and/or RedHat Network Toolkit channels to get
access to.

This is what I had to do to get it compiled on RHEL5...

(after subscribing to the channels list above and running yum update)
# yum install libxml2-devel lua-devel httpd-devel curl-devel pcre-devel
# ./configure --with-apxs=/usr/sbin/apxs
# make
# make install

HTH. Thanks.

Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center

headers

Security Admin (NetSec | 2 May 2009 02:44

Re: Installing modsecurity on Red Hat 5.3 x64

<<<(after subscribing to the channels list above and running yum update)
# yum install libxml2-devel lua-devel httpd-devel curl-devel pcre-devel
# ./configure --with-apxs=/usr/sbin/apxs
# make
# make install>>>

After implementing what you suggested above I was able to compile.  My RHEL subscription allowed me to get
the rpms I needed.  I had to use "./configure" because "./configure --with-apxs=/usr/sbin/apxs" gave
the error listed below.  Other than that it was fine and thanks for the help!

Edward Ray
NetSec Consulting

Error output of "./configure --with-apxs=/usr/sbin/apxs" :

configure: looking for Apache module support via DSO through APXS
configure: found apxs at /usr/sbin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script... /usr/bin/pcre-config
configure: using '-lpcre' for pcre Library
checking for libapr config script... /usr/sbin/apxs
apxs:Error: Unknown option: -.
apxs:Error: Unknown option: -.
apxs:Error: Unknown option: f.
apxs:Error: Unknown option: -.
apxs:Error: Unknown option: f.
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
apxs:Error: Unknown option: -.
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
apxs:Error: Unknown option: -.
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
apxs:Error: Unknown option: -.
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
configure: *** apr library not found.
configure: error: apr library is required

-----Original Message-----
From: Mike Duncan [mailto:Mike.Duncan <at> noaa.gov] 
Sent: Friday, May 01, 2009 11:51 AM
To: Security Admin (NetSec)
Cc: mod-security-users <at> lists.sourceforge.net
Subject: Re: [mod-security-users] Installing modsecurity on Red Hat 5.3 x64

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Security Admin (NetSec) wrote:
> Probably been asked and answered; however this is my first time
> installing modsecurity on a Red Hat Linux Box.  On my OpenBSD systems I
> just downloaded the latest apache 2.x and compiled from source.  Then
> installed modsecurity 2.x with minimal issues.  Suspect I may have to do
> the same again but I hope not.  System is a fully patched RHEL 5.3 x64
> with the following version of apache running:
> 
> *********************************************************
> 
> Server version: Apache/2.2.3
> 
> Server built:   Nov 12 2008 07:09:03
> 
> Server's Module Magic Number: 20051115:3
> 
> Server loaded:  APR 1.2.7, APR-Util 1.2.7
> 
> Compiled using: APR 1.2.7, APR-Util 1.2.7
> 
> Architecture:   64-bit
> 
> Server MPM:     Prefork
> 
>   threaded:     no
> 
>     forked:     yes (variable process count)
> 
> Server compiled with....
> 
>  -D APACHE_MPM_DIR="server/mpm/prefork"
> 
>  -D APR_HAS_SENDFILE
> 
>  -D APR_HAS_MMAP
> 
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
> 
>  -D APR_USE_SYSVSEM_SERIALIZE
> 
>  -D APR_USE_PTHREAD_SERIALIZE
> 
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
> 
>  -D APR_HAS_OTHER_CHILD
> 
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
> 
>  -D DYNAMIC_MODULE_LIMIT=128
> 
>  -D HTTPD_ROOT="/etc/httpd"
> 
>  -D SUEXEC_BIN="/usr/sbin/suexec"
> 
>  -D DEFAULT_PIDLOG="logs/httpd.pid"
> 
>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
> 
>  -D DEFAULT_LOCKFILE="logs/accept.lock"
> 
>  -D DEFAULT_ERRORLOG="logs/error_log"
> 
>  -D AP_TYPES_CONFIG_FILE="conf/mime.types"
> 
>  -D SERVER_CONFIG_FILE="conf/httpd.conf"
> 
> *******************************************************************************************
> 
> When trying to install modsecurity-apache_2.5.9 I get the following
> error when running ./configure:
> 
>  
> 
> configure: looking for Apache module support via DSO through APXS
> 
> configure: error: couldn't find APXS

Could you send your complete configure line, with options included? Or,
did you just simply run ./configure?

> 
>  
> 
> could not find this directory.  When I Google this error I found a
> ?apache2-threaded-dev? module might be needed but I could not find.  Any
> help regarding this installation issue would be appreciated.

The 'apache2-threaded-dev' is a package which contains apxs on some
distros (Ubuntu for sure as I needed to install this). For RHEL5, this
package is called 'httpd-devel', which you will need to subscribe to
Desktop Supplementary and/or RedHat Network Toolkit channels to get
access to.

This is what I had to do to get it compiled on RHEL5...

(after subscribing to the channels list above and running yum update)
# yum install libxml2-devel lua-devel httpd-devel curl-devel pcre-devel
# ./configure --with-apxs=/usr/sbin/apxs
# make
# make install

HTH. Thanks.

Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkn7RJEACgkQnvIkv6fg9hY2iACfVWLfzTnBJGHl2eMloEBGQ5vl
RogAn0XYQpXsoOTzB03Kxvp6/lEDvd5o
=cojq
-----END PGP SIGNATURE-----

--

-- 
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

headers

Security Admin (NetSec | 2 May 2009 03:42

correct config file on a RHEL 5.3 x64 modsecurity install

I cheated and used my modsecurity config from an OpenBSD apache server. I wanted to check to see if this implementation is OK and/or any improvements I could make. The additions to my httpd.conf file are listed below. Thanks in advance!

Edward Ray

NetSec Consulting

From /etc/httpd/conf/httpd.conf:

# modsecurity files and modules

LoadFile /usr/lib64/libxml2.so

# LoadFile /usr/lib/liblua5.1.so

LoadModule security2_module modules/mod_security2.so

# mod_security configuration directives

# Turn ModSecurity On

SecFilterEngine On

# SecFilterEngine DynamicOnly

# SecFilterEngine Off

# Reject requests with status 403

SecFilterDefaultAction "deny,log,status:403"

# Some sane defaults

SecFilterScanPOST On

SecFilterCheckURLEncoding On

SecFilterCheckUnicodeEncoding Off

# Accept almost all byte values

SecFilterForceByteRange 1 255

# Server masking is optional

# SecServerSignature "Microsoft-IIS/5.0"

SecUploadDir /tmp

SecUploadKeepFiles Off

# Only record the interesting stuff

SecAuditEngine RelevantOnly

SecAuditLog logs/audit_log

# You normally won't need debug logging

SecFilterDebugLevel 0

SecFilterDebugLog logs/modsec_debug_log

# Only accept request encodings we know how to handle

# we exclude GET requests from this because some (automated)

# clients supply "text/html" as Content-Type

SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain

SecFilterSelective HTTP_Content-Type \

"!(^application/x-www-form-urlencoded$|^multipart/form-data;)"

# Do not accept GET or HEAD requests with bodies

SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" chain

SecFilterSelective HTTP_Content-Length "!^$"

# Require Content-Length to be provided with

# every POST request

SecFilterSelective REQUEST_METHOD "^POST$" chain

SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle

SecFilterSelective HTTP_Transfer-Encoding "!^$"

Include /etc/modsecurity/modsecurity_crs_10_config.conf

Include /etc/modsecurity/modsecurity_crs_20_protocol_violations.conf

Include /etc/modsecurity/modsecurity_crs_21_protocol_anomalies.conf

Include /etc/modsecurity/modsecurity_crs_23_request_limits.conf

Include /etc/modsecurity/modsecurity_crs_30_http_policy.conf

Include /etc/modsecurity/modsecurity_crs_35_bad_robots.conf

Include /etc/modsecurity/modsecurity_crs_40_generic_attacks.conf

Include /etc/modsecurity/modsecurity_crs_45_trojans.conf

Include /etc/modsecurity/modsecurity_crs_50_outbound.conf

</IfModule>

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

headers

Andrew Grauberg | 2 May 2009 05:31

Re: Installing modsecurity on Red Hat 5.3 x64


I have just upgraded 2.5.7 to 2.5.9 with no problems whatsoever via yum
update mod_security. I am using atomic RMPs. Initially, I had installed it
from fresh from the same depo; it resolved all the dependencies - no need
for the manual installation. I am on Centos 5.2 x64.

HTH

Andrew

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

headers

Michael Fleming | 2 May 2009 12:55

Re: correct config file on a RHEL 5.3 x64 modsecurity install

On Fri, 1 May 2009 18:42:30 -0700
"Security Admin (NetSec)" <secadmin <at> netsecdesign.com> wrote:

> I cheated and used my modsecurity config from an OpenBSD apache
> server.  I wanted to check to see if this implementation is OK and/or
> any improvements I could make.  The additions to my httpd.conf file
> are listed below.  Thanks in advance!
> 
> Edward Ray
> NetSec Consulting

Hi Edward,

I'm the package maintainer for mod_security's RHEL / CentOS package
(via the Extra Packages for Enterprise Linux project -
http://fedoraproject.org/wiki/EPEL)

> 
> >From /etc/httpd/conf/httpd.conf:
> 
> # modsecurity files and modules
> #
> LoadFile /usr/lib64/libxml2.so
> # LoadFile /usr/lib/liblua5.1.so

There's no need to load the XML / Lua libraries explicitly with current
packages, as they're correctly linked to the mod_security DSO

> LoadModule security2_module modules/mod_security2.so
> 

<rest snipped>

You might want to look at the /etc/httpd/conf.d/mod_security.conf file,
which has the correct LoadModule lines and references the Core Rules
and configuration directives, which are themselves kept
in /etc/httpd/modsecurity.d/

(modsecurity_crs_10_config.conf contains most of the items you want to
change if the above conf file does not)

I've tried to make it as seamless and painless as possible to install
and maintain 

Most of the changes you've got look fairly sane, just need to avoid
problems and make life simple by setting them in the appropriate place
for RHEL's layout

> <IfModule mod_security2.so>
> # mod_security configuration directives
> 

Michael Fleming
(Fedora/EPEL package wrangler)

--

-- 
Michael Fleming <mfleming <at> thatfleminggent.com>
URI: http://www.thatfleminggent.com
Fedora / Red Hat Packages http://www.thatfleminggent.com/packages.php

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Mon	Tue	Wed	Thu	Fri	Sat	Sun

				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

106	May 2013
69	April 2013
107	March 2013
96	February 2013
96	January 2013
60	December 2012
42	November 2012
52	October 2012
62	September 2012
64	August 2012
95	July 2012
60	June 2012
39	May 2012
11	April 2012
46	March 2012
123	February 2012
80	January 2012
44	December 2011
51	November 2011
78	October 2011
108	September 2011
104	August 2011
111	July 2011
66	June 2011
185	May 2011
54	April 2011
72	March 2011
69	February 2011
76	January 2011
26	December 2010
51	November 2010
69	October 2010
79	September 2010
67	August 2010
67	July 2010
59	June 2010
88	May 2010
59	April 2010
130	March 2010
117	February 2010
99	January 2010
80	December 2009
156	November 2009
112	October 2009
73	September 2009
134	August 2009
92	July 2009
78	June 2009
132	May 2009
104	April 2009
127	March 2009
131	February 2009
137	January 2009
85	December 2008
82	November 2008
84	October 2008
154	September 2008
167	August 2008
187	July 2008
95	June 2008
115	May 2008
89	April 2008
97	March 2008
134	February 2008
159	January 2008
56	December 2007
205	November 2007
135	October 2007
97	September 2007
162	August 2007
130	July 2007
250	June 2007
191	May 2007
150	April 2007
181	March 2007
161	February 2007
166	January 2007
104	December 2006
172	November 2006
103	October 2006
83	September 2006
101	August 2006
92	July 2006
116	June 2006
65	May 2006
139	April 2006
82	March 2006
148	February 2006
61	January 2006
74	December 2005
104	November 2005
49	October 2005
28	September 2005
51	August 2005
27	July 2005
71	June 2005
26	May 2005
53	April 2005
82	March 2005
61	February 2005
67	January 2005
12	December 2004
22	November 2004
28	October 2004
31	September 2004
24	August 2004
36	July 2004
20	June 2004
15	May 2004
47	April 2004
21	March 2004
13	February 2004
44	January 2004
18	December 2003
13	November 2003
11	October 2003
9	September 2003
7	August 2003
16	July 2003
1	June 2003