Installing ModSecurity2 On Debian Etch

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Thu, 2007-07-05 17:08. :: Debian | Apache | Security

Installing ModSecurity2 On Debian Etch

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 06/22/2007

This article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm assuming that Apache2 is already installed and fully functional on your Debian Etch system.

 

2 Installation

In Debian Sarge, ModSecurity was available as a .deb package in the official Debian repositories, but in Debian Etch it was removed due to some license issues. Fortunately, the original maintainer provides packages for Debian Etch in his own repository. To install these, we need to add his repository to /etc/apt/sources.list:

vi /etc/apt/sources.list

[...]
deb http://etc.inittab.org/~agi/debian/libapache-mod-security2/ etch/
[...]

Afterwards, we update our packages database like this:

apt-get update

Now we can install ModSecurity2 with this simple command:

apt-get install libapache2-mod-security2

That's it. The ModSecurity2 module gets enabled by default, and Apache2 is restarted automatically.

 

3 Configuration

Now it's time to configure ModSecurity2. The easiest way to do this is download the ModSecurity2 source package from http://www.modsecurity.org/download/index.html (e.g. http://www.modsecurity.org/download/modsecurity-apache_2.1.1.tar.gz) and unpack it. It contains a file modsecurity.conf-minimal with a basic configuration for ModSecurity2 which I will use here (but I have adjusted the lines SecDebugLog and SecAuditLog so that ModSecurity2 logs to the /var/log/apache2 directory, Debian's default Apache2 log directory).

We open Apache's main configuration file /etc/apache2/apache2.conf and put the following configuration into it, right before the end where the virtual hosts are included:

vi /etc/apache2/apache2.conf

[...]
<IfModule mod_security2.c>
    # Basic configuration options
    SecRuleEngine On
    SecRequestBodyAccess On
    SecResponseBodyAccess Off

    # Handling of file uploads
    # TODO Choose a folder private to Apache.
    # SecUploadDir /opt/apache-frontend/tmp/
    SecUploadKeepFiles Off

    # Debug log
    SecDebugLog /var/log/apache2/modsec_debug.log
    SecDebugLogLevel 0

    # Serial audit log
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus ^5
    SecAuditLogParts ABIFHZ
    SecAuditLogType Serial
    SecAuditLog /var/log/apache2/modsec_audit.log

    # Maximum request body size we will
    # accept for buffering
    SecRequestBodyLimit 131072

    # Store up to 128 KB in memory
    SecRequestBodyInMemoryLimit 131072

    # Buffer response bodies of up to
    # 512 KB in length
    SecResponseBodyLimit 524288

</IfModule>

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

Afterwards we restart Apache (it should restart without errors):

/etc/init.d/apache2 restart

If you haven't got any errors, ModSecurity2 is now working with a basic configuration. You can now modify/extend this basic configuration so that it fits your needs. A good starting point is the ModSecurity2 documentation. Also, there are more advanced rulesets in the ModSecurity2 sources that we've downloaded before (in the rules directory), and you can even download core rulesets from http://www.modsecurity.org/download/index.html (e.g. http://www.modsecurity.org/download/modsecurity-core-rules_2.1-1.4.tar.gz).

Christian Folini has provided a tutorial about Remo, a GUI for creating ModSecurity rulesets. This is another great way to create your own ModSecurity2 rulesets.

 

4 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by matiasCU (registered user) on Mon, 2011-03-21 23:33.

Hi Falko

To attach a file on RC the following error occurs:

ModSecurity: Request body (Content-Length) is larger than the configured limit (131072)

That happend because the value of SecRequestBodyLimit es 131072, I have configure with the value SecRequestBodyLimit 10000000. The units is KB right?

Best Regards. 

 

Submitted by Anonymous (not registered) on Sat, 2009-07-11 19:38.

What can I do? I get this massage:


Failed to fetch http://etc.inittab.org/~agi/debian/libapache-mod-security2/./mod-security-common_2.5.9-1_all.deb  Size mismatch
Failed to fetch http://etc.inittab.org/~agi/debian/libapache-mod-security2/./libapache-mod-security_2.5.9-1_amd64.deb  Size mismatch
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
 

Submitted by ButterflyOfFire (not registered) on Sun, 2009-07-26 02:47.

I have got the same error on Debian Lenny 5 :

Get: 1 http://etc.inittab.org etch/ mod-security-common 2.5.9-1 [840kB]
Get: 2 http://etc.inittab.org etch/ libapache-mod-security 2.5.9-1 [113kB]
Fetched 115kB in 3s (32.3kB/s)                
Failed to fetch http://etc.inittab.org/~agi/debian/libapache-mod-security2/./mod-security-common_2.5.9-1_all.deb  Size mismatch
Failed to fetch http://etc.inittab.org/~agi/debian/libapache-mod-security2/./libapache-mod-security_2.5.9-1_amd64.deb  Size mismatch
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
 

Submitted by Anonymous (not registered) on Thu, 2009-07-16 09:47.

For Debian 5.0 (Lenny), in /etc/apt/sources.list; this works: deb http://etc.inittab.org/~agi/debian/libapache-mod-security2/ ./ Then as above, gpg --keyserver pgpkeys.mit.edu --recv-keys C514AF8E4BA401C3 gpg --export -a C514AF8E4BA401C3 | apt-key add - apt-get update And finally: apt-get install libapache2-mod-security2

 

use this one

Submitted by madferret (registered user) on Fri, 2007-08-10 04:40.
I had to do this, since I was getting an  NO_PUBKEY error when running apt-get (after adding inittab.org to /etc/apt/sources.list):
 

# gpg --keyserver pgpkeys.mit.edu --recv-keys C514AF8E4BA401C3


# gpg --export -a C514AF8E4BA401C3 | apt-key add -


# apt-get update

 

Submitted by meto (registered user) on Sun, 2008-05-25 12:12.

For me MIT server wouldn't work, so i found alternative:

# gpg –keyserver wwwkeys.eu.pgp.net –recv-keys C514AF8E4BA401C3
# gpg –export C514AF8E4BA401C3 | apt-key add -

# apt-get update

 

Submitted by Stoneborn (registered user) on Sun, 2008-01-13 14:44.

I had to modify my sources.list as follows to get libapache2-mod-security2 installed via apt-get otherwise it gave me a 404 for  mod-security2-common and mod-security2-common packages:

deb http://etc.inittab.org/~agi/debian/libapache-mod-security2/etch ./ 

Submitted by wirechief (registered user) on Mon, 2007-08-20 20:14.

Err http://etc.inittab.org etch/ mod-security2-common 2.1.1-0
  404 Not Found
Err http://etc.inittab.org etch/ libapache2-mod-security2 2.1.1-0
  404 Not Found
Failed to fetch http://etc.inittab.org/~agi/debian/libapache-mod-security2/./mod-security2-common_2.1.1-0_all.deb  404 Not Found
Failed to fetch http://etc.inittab.org/~agi/debian/libapache-mod-security2/./libapache2-mod-security2_2.1.1-0_i386.deb  404 Not Found

I was unable to obtain the above. I got around the key problem but apparently it is not on the host now.

I did find a updated version but am getting dependency issues with 

http://etc.inittab.org/~agi/debian/libapache-mod-security2/

dpkg -i mod-security2-common_2.1.2-1_all.deb
Selecting previously deselected package mod-security2-common.
(Reading database ... 113386 files and directories currently installed.)

Almost, but not quite there....thanking you for your research into this, it sure looked like it might work.
Submitted by admin (registered user) on Tue, 2007-08-21 09:38.

Please run

apt-get update

and try again.

Submitted by Daniel15 (registered user) on Sat, 2007-07-21 04:26.

Note that you don't need to download the ModSecurity2 source package to get the minimal config. After you install the module, the same file will be at /usr/share/doc/mod-security2-common/examples/modsecurity.conf-minimal

Submitted by schiffmeister (registered user) on Sat, 2007-09-01 13:40.

Enter one of the following in your sourcelist: 

Packages for Sid:
deb http://etc.inittab.org/~agi/debian/libapache-mod-security2 ./

Packages for Etch are in etch/
deb http://etc.inittab.org/~agi/debian/libapache-mod-security2/etch ./

Packages for Sarge (apache2.0) are in sarge/
deb http://etc.inittab.org/~agi/debian/libapache-mod-security2/sarge ./

Source:
http://etc.inittab.org/~agi/debian/libapache-mod-security2/README 

 

Submitted by Tom Bailey (not registered) on Tue, 2009-03-17 05:08.

For Debian 5.0 (Lenny), in /etc/apt/sources.list;  this works:

deb http://etc.inittab.org/~agi/debian/libapache-mod-security2/ ./

Then as above,

gpg --keyserver pgpkeys.mit.edu --recv-keys C514AF8E4BA401C3
gpg --export -a C514AF8E4BA401C3 | apt-key add -
apt-get update

And finally:

apt-get install libapache2-mod-security2

 Also note that in other guides there are rule sets for mod_security that are NOT compatible with this module.

 

Submitted by Anonymous (not registered) on Mon, 2010-11-08 12:50.
I cannot get this working. apt always tells me that libapache-mod-security will be installed instead of libapache2-mod-security. Using lenny with your tip, keys + apt-get update obviously
Submitted by nima0102 (not registered) on Fri, 2009-07-10 23:11.
Thanks for your information have you installed that on Lenny without any problem?? what did you mean "Also note that in other guides there are rule sets for mod_security that are NOT compatible with this module" ?? thanks in advanced
Submitted by Anonymous (not registered) on Tue, 2010-02-02 16:18.

How to then add rules,

 Please help