Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 5th May 2007, 20:10
tsmaudio tsmaudio is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Location: UK
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via Skype™ to tsmaudio
Default

Hi falko

I just added my mod_security configuration to the end of the apache2.conf
with this line at the beginning as explained in the install instructions, "LoadModule security2_module modules/mod_security2.so"

i.e
LoadModule security2_module modules/mod_security2.so

<IfModule mod_security.c>
#Turn the filtering engine On or Off
SecFilterEngine On
# Change Server: string
SecServerSignature " "

etc...

</IfModule>

The output of apache2 -V is as follows:

Server version: Apache/2.2.3
Server built: Mar 27 2007 14:57:24
Server's Module Magic Number: 20051115:3
Server loaded: APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT=""
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"


thanks again..
Reply With Quote
Sponsored Links
  #12  
Old 6th May 2007, 13:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Quote:
Originally Posted by tsmaudio
Hi falko

I just added my mod_security configuration to the end of the apache2.conf
with this line at the beginning as explained in the install instructions, "LoadModule security2_module modules/mod_security2.so"

i.e
LoadModule security2_module modules/mod_security2.so
Please move this line to where the other LoadModule lines are.
Is mod_security2.so located in the same directory as the other modules? What's the output of
Code:
updatedb
locate mod_security2.so
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #13  
Old 7th May 2007, 02:39
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

another maybe unrelated question, but I thought it might fit in her:

after the upgrade there are a lot of new modules in the /etc/apache2/mods-enabled folder,.... is there a psot somewher explaining what these new moduels do and whic ones we coudl disable safely?

i.e. I have these:

Quote:
ls /etc/apache2/mods-enabled/
alias.load cgi.load include.load rewrite.load
auth_basic.load dir.conf mem_cache.conf setenvif.load
authn_file.load dir.load mem_cache.load ssl.conf
authz_default.load dosevasive.conf mime.load ssl.load
authz_groupfile.load env.load mod-security.conf status.load
authz_host.load fastcgi.conf negotiation.load suexec.load
authz_user.load fastcgi.load perl.load userdir.conf
autoindex.load fcgid.conf php4.conf userdir.load
cache.load fcgid.load php4.load
h898552:/usr/local/src/modsecurity-apache_2.1.1/apache2#
I didn't activate all those auth* stuff, I activated and use: cache, fastcgi + fcgid (as I never found out how to use only one of them :-) mem_cache + suexec... unsure about all the others except a few obvious ones like php4 and ssl - before the upgrade I was also using mod_security and dos_evasive which did not work after the upgrade so I took out their .load files until I fix the issue...

Last edited by Ovidiu; 7th May 2007 at 02:42.
Reply With Quote
  #14  
Old 7th May 2007, 10:39
tsmaudio tsmaudio is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Location: UK
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via Skype™ to tsmaudio
Default

Hi guys

Quote:
Please move this line to where the other LoadModule lines are.
Is mod_security2.so located in the same directory as the other modules? What's the output of

Code:
updatedb
locate mod_security2.so
The output is
/usr/lib/apache2/modules/mod_security2.so

This is the same directory as the other modules.
The only place i can find any LoadModule lines is inside files in these directories

/etc/apache2/mods-enabled

alias.load cgi.load php5.load
alias.load.22-04-07_19-02-23 cgi.load.22-04-07_19-02-23 php5.load.22-04-07_19-02-23
auth_basic.load dir.conf rewrite.load
auth_basic.load.22-04-07_19-02-23 dir.conf.22-04-07_19-02-23 rewrite.load.22-04-07_19-02-23
authn_file.load dir.load setenvif.load
authn_file.load.22-04-07_19-02-23 dir.load.22-04-07_19-02-23 setenvif.load.22-04-07_19-02-23
authz_default.load env.load ssl.conf
authz_default.load.22-04-07_19-02-23 env.load.22-04-07_19-02-23 ssl.conf.22-04-07_19-02-23
authz_groupfile.load include.load ssl.load
authz_groupfile.load.22-04-07_19-02-23 include.load.22-04-07_19-02-23 ssl.load.22-04-07_19-02-23
authz_host.load mime.load status.load
authz_host.load.22-04-07_19-02-23 mime.load.22-04-07_19-02-23 status.load.22-04-07_19-02-23
authz_user.load negotiation.load suexec.load
authz_user.load.22-04-07_19-02-23 negotiation.load.22-04-07_19-02-23 suexec.load.22-04-07_19-02-23
autoindex.load php5.conf
autoindex.load.22-04-07_19-02-23 php5.conf.22-04-07_19-02-23

and

/etc/apache2/mods-available


actions.load authz_groupfile.load dav_lock.load headers.load php4.conf speling.load
alias.load authz_host.load dbd.load ident.load php4.load ssl.conf
asis.load authz_owner.load deflate.conf imagemap.load php5.conf ssl.load
auth_basic.load authz_user.load deflate.load include.load php5.load status.load
auth_digest.load autoindex.load dir.conf info.load proxy.conf suexec.load
authn_alias.load cache.load dir.load ldap.load proxy.load unique_id.load
authn_anon.load cern_meta.load disk_cache.conf log_forensic.load proxy_ajp.load userdir.conf
authn_dbd.load cgi.load disk_cache.load mem_cache.conf proxy_balancer.load userdir.load
authn_dbm.load cgid.conf dump_io.load mem_cache.load proxy_connect.load usertrack.load
authn_default.load cgid.load env.load mime.load proxy_ftp.load version.load
authn_file.load charset_lite.load expires.load mime_magic.conf proxy_http.load vhost_alias.load
authnz_ldap.load dav.load ext_filter.load mime_magic.load rewrite.load
authz_dbm.load dav_fs.conf file_cache.load negotiation.load setenvif.load
authz_default.load dav_fs.load filter.load perl.load sick-hack-to-update-modules

Not sure what to do, i am sorry i am still a bit of a newbie.....

thanks again for any help.
Reply With Quote
  #15  
Old 8th May 2007, 17:09
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

I think I have to try mod_security myself on Etch before I can give any help. Seems a lot of things have changed...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #16  
Old 10th May 2007, 06:16
eze eze is offline
Junior Member
 
Join Date: May 2007
Posts: 1
Thanks: 0
Thanked 1 Time in 1 Post
Default

I ran into this problem a while ago when upgrading. It seems the mod security package has been removed from debian due to some license issue. I found an unofficial package here: http://etc.inittab.org/~agi/debian/l...e-mod-security which installed successfully for me.

Just add this line to /etc/apt/sources.list:

deb http://etc.inittab.org/~agi/debian/libapache-mod-security ./

then install with apt (note there is a different package for apache 2).

There might be a better way to do this, but it fixed my issue - hopefully it helps someone else.
Reply With Quote
The Following User Says Thank You to eze For This Useful Post:
falko (11th May 2007)
  #17  
Old 14th June 2007, 01:50
Boogiebruva Boogiebruva is offline
Junior Member
 
Join Date: Jun 2007
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

any more news on this? One client was dead impressed with mod_security but I can't for the life of me get it working on debian etch. Does anyone have a link to a detailed howto, or has the patience to write a step-by-step howto on installing mod_security with apache2 on debian etch? I have the feeling the author of such a howto will make friends for life!
And yes, I have googled.
Thanx in advance
Reply With Quote
  #18  
Old 14th June 2007, 02:45
Boogiebruva Boogiebruva is offline
Junior Member
 
Join Date: Jun 2007
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Oh for crying out loud, I'm always doing this! Posting a question and finding the answer ten minutes later! I didn't read the last post properly - go here:-

http://etc.inittab.org/~agi/debian/l...security/etch/

and download. The install asked for mod-security-common but synaptic dealt with that. Piece of cake in the end! Weeks of frustration and one happy client! Take note - read other posts carefully!!!
Reply With Quote
  #19  
Old 17th June 2007, 21:49
tsmaudio tsmaudio is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Location: UK
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via Skype™ to tsmaudio
Default

I have tried to install mod _security using the link provided by "eze".
It installed without any problems, but when I am testing it using the methods described here http://www.debian-administration.org/articles/65

It doesn't seem to be working or doing anything at all.
I had this in the error.log

[error] ModSecurity: ModSecurity requires mod_unique_id to be installed.

So I looked to see if it was on the system and it seemed to be, so I just enabled it using

a2enmod unique_id

and restarted apache, but it made no difference, it was still doing nothing.

I am wondering if anyone else has tested it to see if this install works?

Any help would be a god send!

Cheers
T.
Reply With Quote
  #20  
Old 18th June 2007, 12:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
 
Default

Do you still get that error now in the error log, or is it something else now?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 01:57
install fails, debian etch 4.0 edo660 Installation/Configuration 12 27th April 2007 03:40
ISPconfig on debian ETCH provell Installation/Configuration 15 23rd January 2007 11:02
Pls Help - Problem installing OpenVZ with Debian Etch. joelee HOWTO-Related Questions 3 14th January 2007 19:37
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 15:42


All times are GMT +2. The time now is 11:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.