Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th May 2007, 13:41
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
Question apache2 modsecurity in etch

I don't find apache2 mod-security in etch repositories. why is that ?Building it from source was out of my knowledge , how can i do without ?Is any alternative ?
Thanks !!!
__________________
http://www.gabrix.ath.cx
Reply With Quote
Sponsored Links
  #2  
Old 4th May 2007, 17:09
x13317 x13317 is offline
Junior Member
 
Join Date: May 2007
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

IIRC, it's been removed due to licensing issues. The original maintainer has a private repository at

http://etc.inittab.org/~agi/debian/l...mod-security2/

Proceed at your own peril.
Reply With Quote
  #3  
Old 5th May 2007, 13:54
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
Default

Quote:
root@www:~# apt-cache search apache2 | grep mod-security2
libapache2-mod-security2 - Tighten web applications security for Apache 2.x
mod-security2-common - Tighten web applications security - common files
Pardon modsecurity exists still .i have a big problem: wherever i am if i run http://mysite.it/etc/passwd all passwords shows off .... permissions are:
Quote:
-rw------- 1 root root 1726 2007-05-04 12:39 /etc/passwd
i put a.c.l. directories in apache2.conf :
Quote:
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
<Directory /web>
Order Allow,Deny
Allow from all
</Directory>
I have a2enmod mod-security2 and got all rules from gotroot site and it still shows off , it's a big problem never had before in stable sarge what shall i do ???
__________________
http://www.gabrix.ath.cx
Reply With Quote
  #4  
Old 5th May 2007, 16:33
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by gabrix
Pardon modsecurity exists still .
As far as I know mod_security doesn't exist in the official Debian Etch repositories anymore. What's in your /etc/apt/sources.list?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 8th May 2007, 19:50
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
Default

Quote:
deb http://debian.osuosl.org/debian/ etch main non-free contrib
deb-src http://debian.osuosl.org/debian/ etch main non-free contrib
deb http://mirror.noreply.org/pub/tor etch main
deb-src http://mirror.noreply.org/pub/tor etch main
deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free
This is my sources.list and with or without the modsecurity the problem remains !!!
__________________
http://www.gabrix.ath.cx
Reply With Quote
  #6  
Old 9th May 2007, 18:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

You can install apache2-devel and then compile http://www.modsecurity.org/download/...e_1.9.4.tar.gz as shown in the instructions (use apxs2 instead of apxs). Restart Apache2 afterwards, and mod_security should work again.
But I couldn't compile mod_security 2.1.1 on Debian Etch...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 9th May 2007, 22:03
gabrix gabrix is offline
Senior Member
 
Join Date: Sep 2006
Location: Napoli
Posts: 186
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via MSN to gabrix Send a message via Yahoo to gabrix Send a message via Skype™ to gabrix
 
Default

I don't actually see which change i made did make stop going on the "/" but now everything is allright
Quote:
192.168.1.6 - - [09/May/2007:22:00:56 +0200] "GET /etc/passwd HTTP/1.1" 404 208 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
The modsecurity audit.log is empty,so i think is because i put " " around the / in apache2.conf acl.
__________________
http://www.gabrix.ath.cx

Last edited by gabrix; 9th May 2007 at 22:14.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSI with Apache2 on Debian jchaven Server Operation 7 25th August 2008 17:06
Proftpd howto and Etch Jamesk5 Server Operation 16 30th May 2007 23:12
Apache2 without APXS ctroyp Installation/Configuration 8 29th January 2007 03:05
Web server offline after php4 and apache2 upgrade dfriis Installation/Configuration 11 7th December 2006 16:14
PHP on Apache2 no longer works after ISPconfig azorman Installation/Configuration 6 23rd July 2006 22:06


All times are GMT +2. The time now is 05:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.