Clayton Dillard | 1 May 15:18 2009
Picon

ModSecurity Console Error - RPC Request

Hi all,
    We are running the latest version of the console and since yesterday we have lots of errors stating the following:

Failed processing RPC request: For input string: "0, 0"  

I remember discussing this sometime last year with Ivan but I think I did not provide enough information for him to solve the issue.

Thanks,
Clay
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Ryan Barnett | 1 May 17:44 2009

ModSecurity Training at Blackhat USA in Las Vegas

Greetings everyone,

I wanted to send out a quick note to let you all know that ModSecurity training has now been added to the Blackhat USA conference in Las Vegas at the end of July 2009 - http://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-RB-modsec.html.  This is a 2-day training class focused on ModSecurity rules writing.  We will discuss the ModSecurity Rules Language in detail including good rule writing tips, gotchas and virtual patching.  The 2nd day of the class will mainly be spent as a hands-on lab where we will go through the OWASP Securing WebGoat with ModSecurity project which will allow you to test out the latest, cutting-edge rules concepts such as content injection and Lua.

                                                                                                                                                                                                                                                      

Hope to see you all in Vegas!!!

 

-Ryan

 

 

 

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Brian Rectanus | 1 May 17:50 2009

Re: ModSecurity Console Error - RPC Request

Clayton Dillard wrote:
> Hi all,
>      We are running the latest version of the console and since
> yesterday we have lots of errors stating the following:
>
> Failed processing RPC request: For input string: "0, 0"
>
> I remember discussing this sometime last year with Ivan but I think I
> did not provide enough information for him to solve the issue.

Please write it up as a bug under the "ModSecurity Console" project with 
as much detail as you can:

https://www.modsecurity.org/tracker/

thanks,
-B

--

-- 
Brian Rectanus
Breach Security

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Security Admin (NetSec | 1 May 20:33 2009

Installing modsecurity on Red Hat 5.3 x64

Probably been asked and answered; however this is my first time installing modsecurity on a Red Hat Linux Box.  On my OpenBSD systems I just downloaded the latest apache 2.x and compiled from source.  Then installed modsecurity 2.x with minimal issues.  Suspect I may have to do the same again but I hope not.  System is a fully patched RHEL 5.3 x64 with the following version of apache running:

*********************************************************

Server version: Apache/2.2.3

Server built:   Nov 12 2008 07:09:03

Server's Module Magic Number: 20051115:3

Server loaded:  APR 1.2.7, APR-Util 1.2.7

Compiled using: APR 1.2.7, APR-Util 1.2.7

Architecture:   64-bit

Server MPM:     Prefork

  threaded:     no

    forked:     yes (variable process count)

Server compiled with....

 -D APACHE_MPM_DIR="server/mpm/prefork"

 -D APR_HAS_SENDFILE

 -D APR_HAS_MMAP

 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)

 -D APR_USE_SYSVSEM_SERIALIZE

 -D APR_USE_PTHREAD_SERIALIZE

 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT

 -D APR_HAS_OTHER_CHILD

 -D AP_HAVE_RELIABLE_PIPED_LOGS

 -D DYNAMIC_MODULE_LIMIT=128

 -D HTTPD_ROOT="/etc/httpd"

 -D SUEXEC_BIN="/usr/sbin/suexec"

 -D DEFAULT_PIDLOG="logs/httpd.pid"

 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"

 -D DEFAULT_LOCKFILE="logs/accept.lock"

 -D DEFAULT_ERRORLOG="logs/error_log"

 -D AP_TYPES_CONFIG_FILE="conf/mime.types"

 -D SERVER_CONFIG_FILE="conf/httpd.conf"

*******************************************************************************************

When trying to install modsecurity-apache_2.5.9 I get the following error when running ./configure:

 

configure: looking for Apache module support via DSO through APXS

configure: error: couldn't find APXS

 

could not find this directory.  When I Google this error I found a “apache2-threaded-dev” module might be needed but I could not find.  Any help regarding this installation issue would be appreciated.

 

  

 

--

-- 
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Clayton Dillard | 1 May 21:42 2009
Picon

Re: ModSecurity Console Error - RPC Request

Are there any log files that I could attach or paste from that would help?

Brian Rectanus wrote:
> Clayton Dillard wrote:
>> Hi all,
>>      We are running the latest version of the console and since
>> yesterday we have lots of errors stating the following:
>>
>> Failed processing RPC request: For input string: "0, 0"
>>
>> I remember discussing this sometime last year with Ivan but I think I
>> did not provide enough information for him to solve the issue.
>
> Please write it up as a bug under the "ModSecurity Console" project
> with as much detail as you can:
>
> https://www.modsecurity.org/tracker/
>
> thanks,
> -B
>

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Mike Duncan | 1 May 20:50 2009
Picon

Re: Installing modsecurity on Red Hat 5.3 x64


Security Admin (NetSec) wrote:
> Probably been asked and answered; however this is my first time
> installing modsecurity on a Red Hat Linux Box.  On my OpenBSD systems I
> just downloaded the latest apache 2.x and compiled from source.  Then
> installed modsecurity 2.x with minimal issues.  Suspect I may have to do
> the same again but I hope not.  System is a fully patched RHEL 5.3 x64
> with the following version of apache running:
> 
> *********************************************************
> 
> Server version: Apache/2.2.3
> 
> Server built:   Nov 12 2008 07:09:03
> 
> Server's Module Magic Number: 20051115:3
> 
> Server loaded:  APR 1.2.7, APR-Util 1.2.7
> 
> Compiled using: APR 1.2.7, APR-Util 1.2.7
> 
> Architecture:   64-bit
> 
> Server MPM:     Prefork
> 
>   threaded:     no
> 
>     forked:     yes (variable process count)
> 
> Server compiled with....
> 
>  -D APACHE_MPM_DIR="server/mpm/prefork"
> 
>  -D APR_HAS_SENDFILE
> 
>  -D APR_HAS_MMAP
> 
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
> 
>  -D APR_USE_SYSVSEM_SERIALIZE
> 
>  -D APR_USE_PTHREAD_SERIALIZE
> 
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
> 
>  -D APR_HAS_OTHER_CHILD
> 
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
> 
>  -D DYNAMIC_MODULE_LIMIT=128
> 
>  -D HTTPD_ROOT="/etc/httpd"
> 
>  -D SUEXEC_BIN="/usr/sbin/suexec"
> 
>  -D DEFAULT_PIDLOG="logs/httpd.pid"
> 
>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
> 
>  -D DEFAULT_LOCKFILE="logs/accept.lock"
> 
>  -D DEFAULT_ERRORLOG="logs/error_log"
> 
>  -D AP_TYPES_CONFIG_FILE="conf/mime.types"
> 
>  -D SERVER_CONFIG_FILE="conf/httpd.conf"
> 
> *******************************************************************************************
> 
> When trying to install modsecurity-apache_2.5.9 I get the following
> error when running ./configure:
> 
>  
> 
> configure: looking for Apache module support via DSO through APXS
> 
> configure: error: couldn't find APXS

Could you send your complete configure line, with options included? Or,
did you just simply run ./configure?

> 
>  
> 
> could not find this directory.  When I Google this error I found a
> ?apache2-threaded-dev? module might be needed but I could not find.  Any
> help regarding this installation issue would be appreciated.

The 'apache2-threaded-dev' is a package which contains apxs on some
distros (Ubuntu for sure as I needed to install this). For RHEL5, this
package is called 'httpd-devel', which you will need to subscribe to
Desktop Supplementary and/or RedHat Network Toolkit channels to get
access to.

This is what I had to do to get it compiled on RHEL5...

(after subscribing to the channels list above and running yum update)
# yum install libxml2-devel lua-devel httpd-devel curl-devel pcre-devel
# ./configure --with-apxs=/usr/sbin/apxs
# make
# make install

HTH. Thanks.

Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center
Security Admin (NetSec | 2 May 02:44 2009

Re: Installing modsecurity on Red Hat 5.3 x64

<<<(after subscribing to the channels list above and running yum update)
# yum install libxml2-devel lua-devel httpd-devel curl-devel pcre-devel
# ./configure --with-apxs=/usr/sbin/apxs
# make
# make install>>>

After implementing what you suggested above I was able to compile.  My RHEL subscription allowed me to get
the rpms I needed.  I had to use "./configure" because "./configure --with-apxs=/usr/sbin/apxs" gave
the error listed below.  Other than that it was fine and thanks for the help!

Edward Ray
NetSec Consulting

Error output of "./configure --with-apxs=/usr/sbin/apxs" :

configure: looking for Apache module support via DSO through APXS
configure: found apxs at /usr/sbin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script... /usr/bin/pcre-config
configure: using '-lpcre' for pcre Library
checking for libapr config script... /usr/sbin/apxs
apxs:Error: Unknown option: -.
apxs:Error: Unknown option: -.
apxs:Error: Unknown option: f.
apxs:Error: Unknown option: -.
apxs:Error: Unknown option: f.
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
apxs:Error: Unknown option: -.
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
apxs:Error: Unknown option: -.
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
apxs:Error: Unknown option: -.
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
configure: *** apr library not found.
configure: error: apr library is required

-----Original Message-----
From: Mike Duncan [mailto:Mike.Duncan <at> noaa.gov] 
Sent: Friday, May 01, 2009 11:51 AM
To: Security Admin (NetSec)
Cc: mod-security-users <at> lists.sourceforge.net
Subject: Re: [mod-security-users] Installing modsecurity on Red Hat 5.3 x64

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Security Admin (NetSec) wrote:
> Probably been asked and answered; however this is my first time
> installing modsecurity on a Red Hat Linux Box.  On my OpenBSD systems I
> just downloaded the latest apache 2.x and compiled from source.  Then
> installed modsecurity 2.x with minimal issues.  Suspect I may have to do
> the same again but I hope not.  System is a fully patched RHEL 5.3 x64
> with the following version of apache running:
> 
> *********************************************************
> 
> Server version: Apache/2.2.3
> 
> Server built:   Nov 12 2008 07:09:03
> 
> Server's Module Magic Number: 20051115:3
> 
> Server loaded:  APR 1.2.7, APR-Util 1.2.7
> 
> Compiled using: APR 1.2.7, APR-Util 1.2.7
> 
> Architecture:   64-bit
> 
> Server MPM:     Prefork
> 
>   threaded:     no
> 
>     forked:     yes (variable process count)
> 
> Server compiled with....
> 
>  -D APACHE_MPM_DIR="server/mpm/prefork"
> 
>  -D APR_HAS_SENDFILE
> 
>  -D APR_HAS_MMAP
> 
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
> 
>  -D APR_USE_SYSVSEM_SERIALIZE
> 
>  -D APR_USE_PTHREAD_SERIALIZE
> 
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
> 
>  -D APR_HAS_OTHER_CHILD
> 
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
> 
>  -D DYNAMIC_MODULE_LIMIT=128
> 
>  -D HTTPD_ROOT="/etc/httpd"
> 
>  -D SUEXEC_BIN="/usr/sbin/suexec"
> 
>  -D DEFAULT_PIDLOG="logs/httpd.pid"
> 
>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
> 
>  -D DEFAULT_LOCKFILE="logs/accept.lock"
> 
>  -D DEFAULT_ERRORLOG="logs/error_log"
> 
>  -D AP_TYPES_CONFIG_FILE="conf/mime.types"
> 
>  -D SERVER_CONFIG_FILE="conf/httpd.conf"
> 
> *******************************************************************************************
> 
> When trying to install modsecurity-apache_2.5.9 I get the following
> error when running ./configure:
> 
>  
> 
> configure: looking for Apache module support via DSO through APXS
> 
> configure: error: couldn't find APXS

Could you send your complete configure line, with options included? Or,
did you just simply run ./configure?

> 
>  
> 
> could not find this directory.  When I Google this error I found a
> ?apache2-threaded-dev? module might be needed but I could not find.  Any
> help regarding this installation issue would be appreciated.

The 'apache2-threaded-dev' is a package which contains apxs on some
distros (Ubuntu for sure as I needed to install this). For RHEL5, this
package is called 'httpd-devel', which you will need to subscribe to
Desktop Supplementary and/or RedHat Network Toolkit channels to get
access to.

This is what I had to do to get it compiled on RHEL5...

(after subscribing to the channels list above and running yum update)
# yum install libxml2-devel lua-devel httpd-devel curl-devel pcre-devel
# ./configure --with-apxs=/usr/sbin/apxs
# make
# make install

HTH. Thanks.

Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkn7RJEACgkQnvIkv6fg9hY2iACfVWLfzTnBJGHl2eMloEBGQ5vl
RogAn0XYQpXsoOTzB03Kxvp6/lEDvd5o
=cojq
-----END PGP SIGNATURE-----

--

-- 
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Security Admin (NetSec | 2 May 03:42 2009

correct config file on a RHEL 5.3 x64 modsecurity install

I cheated and used my modsecurity config from an OpenBSD apache server.  I wanted to check to see if this implementation is OK and/or any improvements I could make.  The additions to my httpd.conf file are listed below.  Thanks in advance!

 

Edward Ray

NetSec Consulting

 

From /etc/httpd/conf/httpd.conf:

 

# modsecurity files and modules

#

LoadFile /usr/lib64/libxml2.so

# LoadFile /usr/lib/liblua5.1.so

LoadModule security2_module modules/mod_security2.so

 

<IfModule mod_security2.so>

# mod_security configuration directives

 

# Turn ModSecurity On

 SecFilterEngine On

# SecFilterEngine DynamicOnly

# SecFilterEngine Off

 

# Reject requests with status 403

SecFilterDefaultAction "deny,log,status:403"

 

# Some sane defaults

SecFilterScanPOST On

SecFilterCheckURLEncoding On

SecFilterCheckUnicodeEncoding Off

 

# Accept almost all byte values

SecFilterForceByteRange 1 255

 

# Server masking is optional

# SecServerSignature "Microsoft-IIS/5.0"

SecUploadDir /tmp

SecUploadKeepFiles Off

 

# Only record the interesting stuff

SecAuditEngine RelevantOnly

SecAuditLog logs/audit_log

 

# You normally won't need debug logging

SecFilterDebugLevel 0

SecFilterDebugLog logs/modsec_debug_log

 

# Only accept request encodings we know how to handle

# we exclude GET requests from this because some (automated)

# clients supply "text/html" as Content-Type

SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain

SecFilterSelective HTTP_Content-Type \

"!(^application/x-www-form-urlencoded$|^multipart/form-data;)"

 

# Do not accept GET or HEAD requests with bodies

SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" chain

SecFilterSelective HTTP_Content-Length "!^$"

 

# Require Content-Length to be provided with

# every POST request

SecFilterSelective REQUEST_METHOD "^POST$" chain

SecFilterSelective HTTP_Content-Length "^$"

 

# Don't accept transfer encodings we know we don't handle

SecFilterSelective HTTP_Transfer-Encoding "!^$"

 

Include /etc/modsecurity/modsecurity_crs_10_config.conf

Include /etc/modsecurity/modsecurity_crs_20_protocol_violations.conf

Include /etc/modsecurity/modsecurity_crs_21_protocol_anomalies.conf

Include /etc/modsecurity/modsecurity_crs_23_request_limits.conf

Include /etc/modsecurity/modsecurity_crs_30_http_policy.conf

Include /etc/modsecurity/modsecurity_crs_35_bad_robots.conf

Include /etc/modsecurity/modsecurity_crs_40_generic_attacks.conf

Include /etc/modsecurity/modsecurity_crs_45_trojans.conf

Include /etc/modsecurity/modsecurity_crs_50_outbound.conf

 

</IfModule>

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Andrew Grauberg | 2 May 05:31 2009
Picon

Re: Installing modsecurity on Red Hat 5.3 x64


I have just upgraded 2.5.7 to 2.5.9 with no problems whatsoever via yum
update mod_security. I am using atomic RMPs. Initially, I had installed it
from fresh from the same depo; it resolved all the dependencies - no need
for the manual installation. I am on Centos 5.2 x64.

HTH

Andrew

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html

Michael Fleming | 2 May 12:55 2009

Re: correct config file on a RHEL 5.3 x64 modsecurity install

On Fri, 1 May 2009 18:42:30 -0700
"Security Admin (NetSec)" <secadmin <at> netsecdesign.com> wrote:

> I cheated and used my modsecurity config from an OpenBSD apache
> server.  I wanted to check to see if this implementation is OK and/or
> any improvements I could make.  The additions to my httpd.conf file
> are listed below.  Thanks in advance!
> 
> Edward Ray
> NetSec Consulting

Hi Edward,

I'm the package maintainer for mod_security's RHEL / CentOS package
(via the Extra Packages for Enterprise Linux project -
http://fedoraproject.org/wiki/EPEL)

> 
> >From /etc/httpd/conf/httpd.conf:
> 
> # modsecurity files and modules
> #
> LoadFile /usr/lib64/libxml2.so
> # LoadFile /usr/lib/liblua5.1.so

There's no need to load the XML / Lua libraries explicitly with current
packages, as they're correctly linked to the mod_security DSO

> LoadModule security2_module modules/mod_security2.so
> 

<rest snipped>

You might want to look at the /etc/httpd/conf.d/mod_security.conf file,
which has the correct LoadModule lines and references the Core Rules
and configuration directives, which are themselves kept
in /etc/httpd/modsecurity.d/

(modsecurity_crs_10_config.conf contains most of the items you want to
change if the above conf file does not)

I've tried to make it as seamless and painless as possible to install
and maintain :-)

Most of the changes you've got look fairly sane, just need to avoid
problems and make life simple by setting them in the appropriate place
for RHEL's layout

> <IfModule mod_security2.so>
> # mod_security configuration directives
> 

Michael Fleming
(Fedora/EPEL package wrangler)

--

-- 
Michael Fleming <mfleming <at> thatfleminggent.com>
URI: http://www.thatfleminggent.com
Fedora / Red Hat Packages http://www.thatfleminggent.com/packages.php

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html


Gmane