Mike and all:
  I am runinng mod_security on RHEL AS 5 with IBM http server.
  I am able to compile the source and create .so file with your instruction.
  however, when I tried to start mod_secuirty, see the errors below:

Syntax error on line 4 of /opt/IBMIHS/conf/mod_security.conf:
API module structure `security2_module' in file /opt/IBMIHS/modules/mod_security2.so is garbled - perhaps this is not an Apache module DSO?

 do you see such issue at all?
 will appreciate any help.
  thanks in advance.
FYI, here is my compile steps:

1. install the following devel packages; it is required for RHEL 5
# yum install libxml2-devel lua-devel httpd-devel curl-devel pcre-devel

2.

./configure  --with-apxs=/usr/sbin/apxs --with-apr=/usr/bin/apr-1-config --with-apu=/usr/bin/apu-1-config

On Fri, May 1, 2009 at 2:50 PM, Mike Duncan <Mike.Duncan@noaa.gov> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Security Admin (NetSec) wrote:
> Probably been asked and answered; however this is my first time
> installing modsecurity on a Red Hat Linux Box.  On my OpenBSD systems I
> just downloaded the latest apache 2.x and compiled from source.  Then
> installed modsecurity 2.x with minimal issues.  Suspect I may have to do
> the same again but I hope not.  System is a fully patched RHEL 5.3 x64
> with the following version of apache running:
>
> *********************************************************
>
> Server version: Apache/2.2.3
>
> Server built:   Nov 12 2008 07:09:03
>
> Server's Module Magic Number: 20051115:3
>
> Server loaded:  APR 1.2.7, APR-Util 1.2.7
>
> Compiled using: APR 1.2.7, APR-Util 1.2.7
>
> Architecture:   64-bit
>
> Server MPM:     Prefork
>
>   threaded:     no
>
>     forked:     yes (variable process count)
>
> Server compiled with....
>
>  -D APACHE_MPM_DIR="server/mpm/prefork"
>
>  -D APR_HAS_SENDFILE
>
>  -D APR_HAS_MMAP
>
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>
>  -D APR_USE_SYSVSEM_SERIALIZE
>
>  -D APR_USE_PTHREAD_SERIALIZE
>
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>
>  -D APR_HAS_OTHER_CHILD
>
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
>
>  -D DYNAMIC_MODULE_LIMIT=128
>
>  -D HTTPD_ROOT="/etc/httpd"
>
>  -D SUEXEC_BIN="/usr/sbin/suexec"
>
>  -D DEFAULT_PIDLOG="logs/httpd.pid"
>
>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>
>  -D DEFAULT_LOCKFILE="logs/accept.lock"
>
>  -D DEFAULT_ERRORLOG="logs/error_log"
>
>  -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>
>  -D SERVER_CONFIG_FILE="conf/httpd.conf"
>
> *******************************************************************************************
>
> When trying to install modsecurity-apache_2.5.9 I get the following
> error when running ./configure:
>
>
>
> configure: looking for Apache module support via DSO through APXS
>
> configure: error: couldn't find APXS

Could you send your complete configure line, with options included? Or,
did you just simply run ./configure?

>
>
>
> could not find this directory.  When I Google this error I found a
> ?apache2-threaded-dev? module might be needed but I could not find.  Any
> help regarding this installation issue would be appreciated.

The 'apache2-threaded-dev' is a package which contains apxs on some
distros (Ubuntu for sure as I needed to install this). For RHEL5, this
package is called 'httpd-devel', which you will need to subscribe to
Desktop Supplementary and/or RedHat Network Toolkit channels to get
access to.

This is what I had to do to get it compiled on RHEL5...

(after subscribing to the channels list above and running yum update)
# yum install libxml2-devel lua-devel httpd-devel curl-devel pcre-devel
# ./configure --with-apxs=/usr/sbin/apxs
# make
# make install


HTH. Thanks.

Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkn7RJEACgkQnvIkv6fg9hY2iACfVWLfzTnBJGHl2eMloEBGQ5vl
RogAn0XYQpXsoOTzB03Kxvp6/lEDvd5o
=cojq
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html