Thursday, April 15, 2010

mod_security setup on Centos 5.4

Enable the EPEL repository.

rpm -Uvh

Install via yum.

yum install mod_security

This will load your basic mod_security configuration including the core rules.

Next I had to set SecDataDir in the config. This was not initially set and errors in the following form appeared in the log file.

ModSecurity: Unable to retrieve collection (name "", key ""). Use SecDataDir to define data directory first.

Fixed this up by creating SecDataDir and creating a directory for this purpose, making sure to give apache permission to use it.

vim /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
( Added SecDataDir /usr/local/apache/modsec_data )
mkdir /usr/local/apache
mkdir /usr/local/apache/modsec_data
chown apache:apache /usr/local/apache/modsec_data
chown apache:apache /usr/local/apache

After a restart modsecurity successfully began applying rules, but rather than blocking problem requests (my intention) it merely logged warnings. I changed the SecDefaultAction in vim /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf from

SecDefaultAction "phase:2,pass"


SecDefaultAction "phase:2,deny,log,status:403"

vim /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf