Koozali.org formerly Contribs.org

mod_security for Apache

Offline newburns

  • *
  • 345
  • A good plumber, noob developer
    • Mt. Rose MEdia
mod_security for Apache
« on: June 13, 2013, 07:57:07 AM »
I was told that running so many applications on my web server, I would greatly benefit from mod_security. This was during an assessment from a consultant analyzing penetrations and intrusions.

Code: [Select]
yum --enablerepo=smecontribs --enablerepo=dag --enablerepo=fws --enablerepo=epel install mod_security

Code: [Select]
================================================================================
 Package               Arch            Version              Repository     Size
================================================================================
Installing:
 mod_security          x86_64          2.6.8-4.el5          epel          159 k

Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 159 k

Should I proceed. I do not have a test server at the moment, but I'm not really sure what mod_security does to the rest of my server to truly understand if it will break it. Just looking for advice
SME 8.0
Quad 6600
8gb DDR2 800
8 TB RAID 5
Dual Gigabit NIC
I Still Don't KNOW WHAT I AM DOING. Please, don't assume I know anything about Linux or Centos, I just know hardware

Offline Jean-Philippe Pialasse

  • *
  • 1,782
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: mod_security for Apache
« Reply #1 on: June 13, 2013, 10:31:37 PM »
As far as I know, installing it won't configure it, so you are pretty safe, as you will only have some more files on your server.

You will then need to use a template custom to insert a line to load it in you httpd.conf and then configure all the rules you want..... and finally expand templates and reload httpd-e-smith.... and that is only there you might see some trouble if all is not weel set !


Re: mod_security for Apache
« Reply #2 on: June 18, 2013, 03:54:08 AM »
Should I proceed. I do not have a test server at the moment, ...

You can set up a VM on any modern workstation or laptop. Or you could buy a used computer for < $100.