mod_security 是 Apache 的保安模組,可以預防多種針對網頁的攻擊,例如執行遠端程式碼, SQL Injection,路徑掃瞄等。以下是在 RHEL 及 CentOS 安裝 mod_security 的方法:
1. 安裝 mod_security 所需套件:
# yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git
2. 下載 mod_security 最新的穩定版源碼,進行編譯及安裝:
# wget https://www.modsecurity.org/tarball/2.9.0/modsecurity-2.9.0.tar.gz
# tar xzf modsecurity-apache_2.9.0.tar.gz
# cd modsecurity-apache_2.9.0
# ./configure
# make install
# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
# cp unicode.mapping /etc/httpd/conf.d/
# tar xzf modsecurity-apache_2.9.0.tar.gz
# cd modsecurity-apache_2.9.0
# ./configure
# make install
# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
# cp unicode.mapping /etc/httpd/conf.d/
3. 下載及設定 OWASP (Open Web Application Security Project) 的 rule 作為基本設定:
# cd /etc/httpd
# git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
# mv owasp-modsecurity-crs modsecurity-crs
# cd modsecurity-crs
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf
# git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
# mv owasp-modsecurity-crs modsecurity-crs
# cd modsecurity-crs
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf
4. 設定 mod_security:
開啟 /etc/httpd/conf/httpd.conf, 加入以下幾行載入 mod_security:
1 2 3 4 5 6 7 |
LoadModule security2_module modules/mod_security2.so <IfModule security2_module> Include conf.d/modsecurity.conf </IfModule> Include modsecurity-crs/modsecurity_crs_10_config.conf Include modsecurity-crs/base_rules/*.conf |
儲存 httpd.conf 後,最後重新啟動 Apache 就完成了。
備注:Yum 及 Apt-get 安裝
如果不想編譯源碼,用 Yum 及 Apt-get 安裝更簡單:
RHEL, CentOS, Fedora:
$ sudo yum install mod_security
$ sudo /etc/init.d/httpd restart
$ sudo /etc/init.d/httpd restart
Debian, Ubuntu
$ sudo apt-get install libapache2-mod-security
$ sudo a2enmod mod-security
$ sudo /etc/init.d/apache2 force-reload
$ sudo a2enmod mod-security
$ sudo /etc/init.d/apache2 force-reload
如果使用 sudo yum install mod_security这种方式安装,就不需要配置/httpd.conf了吗?