Red Hat / CentOS 安装 mod_security Apache 入侵检测和预防引擎
如何安装 ModSecurity – CentOS/RHEL/Red Hat Enterprise Linux 5.x 服务器下用于 Web 应用程序的开源入侵检测和预防引擎?
ModSecurity 嵌入到 Web 服务器 (httpd) 中,充当强大的保护伞 - 保护 Web 应用程序免受攻击。要使用 mod_security,您需要在 CentOS / RHEL Linux 下打开 EPEL repo。打开 repo 后,输入以下命令安装 ModSecurity:
# yum install mod_security
示例输出:
Loaded plugins: downloadonly, fastestmirror, priorities, protectbase Loading mirror speeds from cached hostfile * epel: www.gtlib.gatech.edu * base: mirror.skiplink.com * updates: centos.aol.com * addons: mirror.cs.vt.edu * extras: mirror.trouble-free.net 0 packages excluded due to repository protections Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package mod_security.x86_64 0:2.5.9-1.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================== Installing: mod_security x86_64 2.5.9-1.el5 epel 935 k Transaction Summary ============================================================================================================================================================== Install 1 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 935 k Is this ok [y/N]: y Downloading Packages: mod_security-2.5.9-1.el5.x86_64.rpm | 935 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : mod_security [1/1] Installed: mod_security.x86_64 0:2.5.9-1.el5 Complete!
mod_security 配置文件
- /etc/httpd/conf.d/mod_security.conf – mod_security Apache 模块的主要配置文件。
- /etc/httpd/modsecurity.d/ – mod_security Apache 的所有其他配置文件。
- /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf – 部署前应根据您的特定要求定制此文件中包含的配置。
- /var/log/httpd/modsec_debug.log – 使用调试消息来调试 mod_security 规则和其他问题。
- /var/log/httpd/modsec_audit.log – 所有触发 ModSecurity 事件(如检测到)或服务器错误的请求(“RelevantOnly”)都会记录到此文件中。
打开 /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf 文件,输入:
# vi /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
确保 SecRuleEngine 设置为“On”,以保护 Web 服务器免受攻击:
SecRuleEngine On
根据您的要求打开其他所需选项和策略。最后,重新启动 httpd:
# service httpd restart
确保一切正常:
# tail -f /var/log/httpd/error_log
示例输出:
[Sat May 09 23:18:31 2009] [notice] caught SIGTERM, shutting down [Sat May 09 23:18:33 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat May 09 23:18:34 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured. [Sat May 09 23:18:34 2009] [notice] Original server signature: Apache/2.2.3 (CentOS) [Sat May 09 23:18:34 2009] [notice] Digest: generating secret for digest authentication ... [Sat May 09 23:18:34 2009] [notice] Digest: done [Sat May 09 23:18:35 2009] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations
请参阅mod_security文档来了解安全策略。