How to mod_security & mod_evasive Ubuntu 9.10

[bodhi.zazen]

mod_security and mod_evasive are Apache Modules targeted at increasing Apache Security and are sometimes thought of as "application firewalls".

mod_security is designed to screen out bad url requests (such as /etc/shadow) , mysql injection, etc.

mod_evasive is designed to mitigate DOS and brute force attacks.

Both modules were somewhat difficult to implement in the past, but are much easier in Ubuntu 9.04.

I wrote a pair of blogs reviewing the installation :

How to mod_evasive

How to mod_security

[kevdog]

Thanks!

[ackbarr]

Awesome set of tutorials! Thanks for sharing.

[drubin]

Although I agree using this code for 3rd party code that you install and in general all code you put on your server.

This being said it is no excuse for bad coding to allow such requests! All script/applications that sit in a webserver should never even allow such absolute pathing and should allow serve up requests relevant to the current running website.

Please do not think that having these mods enabled allow for bad security on a users part.

(Great tuts on how to set them up, thanks bodhi)

[samiux]

For the modsecurity, the package that provided by Ubuntu 9.04 has DOS flaw. The up-to-date version of modsecurity is 2.5.9. You can download the deb packages at the official site of modsecurity (http://www.modsecurity.org/download/index.html).

The download site is http://etc.inittab.org/~agi/debian/l...mod-security2/

Download the packages

wget http://etc.inittab.org/~agi/debian/l....5.9-1_all.deb

For 32-bit system :

wget http://etc.inittab.org/~agi/debian/l...5.9-1_i386.deb

For 64-bit system :

wget http://etc.inittab.org/~agi/debian/l....9-1_amd64.deb

Installation
For 32-bit system :

sudo dpkg -i mod-security-common_2.5.9-1_all.deb libapache-mod-security_2.5.9-1_i386.deb

For 64-bit system :

sudo dpkg -i mod-security-common_2.5.9-1_all.deb libapache-mod-security_2.5.9-1_amd64.deb

That's all!

[buldozerceto]

I read somewhere that mod security could affect much the server performance. Is it worth installing?

[joycejohnson]

anyone tried this on an intel x64 platform yet?

[bodhi.zazen]

anyone tried this on an intel x64 platform yet?

I have run it on a 64 bit platform

[im_an_elf]

I followed this tutorial in a round about way and got to the application of the mod_security configuration rules and I get multiple errors.

Do I need to disable the mod before applying the rules? In the directed tutorial on the blog the insecure file still produces the same information although my server says the mod was installed. Is there any way to test further? The dpkg seemed to work the most error free.

I figured it out. Apache2.conf had to be reconfigured to allow for additional folders to be considered for the mod_security rules.

[Orange Kingdom]

Doesn't work here with 9.10 -64bit