HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   apache2 modsecurity in etch (http://www.howtoforge.com/forums/showthread.php?t=12515)

gabrix 4th May 2007 13:41

apache2 modsecurity in etch
 
I don't find apache2 mod-security in etch repositories. why is that ?Building it from source was out of my knowledge , how can i do without ?Is any alternative ?
Thanks !!!

x13317 4th May 2007 17:09

IIRC, it's been removed due to licensing issues. The original maintainer has a private repository at

http://etc.inittab.org/~agi/debian/l...mod-security2/

Proceed at your own peril.

gabrix 5th May 2007 13:54

Quote:

root@www:~# apt-cache search apache2 | grep mod-security2
libapache2-mod-security2 - Tighten web applications security for Apache 2.x
mod-security2-common - Tighten web applications security - common files
Pardon modsecurity exists still .i have a big problem: wherever i am if i run http://mysite.it/etc/passwd all passwords shows off .... permissions are:
Quote:

-rw------- 1 root root 1726 2007-05-04 12:39 /etc/passwd
i put a.c.l. directories in apache2.conf :
Quote:

<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
<Directory /web>
Order Allow,Deny
Allow from all
</Directory>
I have a2enmod mod-security2 and got all rules from gotroot site and it still shows off , it's a big problem never had before in stable sarge what shall i do ???

falko 5th May 2007 16:33

Quote:

Originally Posted by gabrix
Pardon modsecurity exists still .

As far as I know mod_security doesn't exist in the official Debian Etch repositories anymore. What's in your /etc/apt/sources.list?

gabrix 8th May 2007 19:50

Quote:

deb http://debian.osuosl.org/debian/ etch main non-free contrib
deb-src http://debian.osuosl.org/debian/ etch main non-free contrib
deb http://mirror.noreply.org/pub/tor etch main
deb-src http://mirror.noreply.org/pub/tor etch main
deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free
This is my sources.list and with or without the modsecurity the problem remains !!!

falko 9th May 2007 18:32

You can install apache2-devel and then compile http://www.modsecurity.org/download/...e_1.9.4.tar.gz as shown in the instructions (use apxs2 instead of apxs). Restart Apache2 afterwards, and mod_security should work again.
But I couldn't compile mod_security 2.1.1 on Debian Etch...

gabrix 9th May 2007 22:03

I don't actually see which change i made did make stop going on the "/" but now everything is allright
Quote:

192.168.1.6 - - [09/May/2007:22:00:56 +0200] "GET /etc/passwd HTTP/1.1" 404 208 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
The modsecurity audit.log is empty,so i think is because i put " " around the / in apache2.conf acl.


All times are GMT +2. The time now is 05:10.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.