Re: [mod-security-users] Test it
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <Bri...@br...> - 2010-05-24 16:02:02
|
On 05/24/2010 01:46 AM, Jordi wrote: > Hi, > > I've installed ModSecurity 2.5 in FreeBSD; all seems fine, but I don't What ModSecurity version (2.5.x)? > know how I can test that it works really. I mean that logs are not > created and I don't see any activity. > > I've checked the conf and all seems ok: > > In /usr/local/etc/apache2/http.conf exists > > LoadModule security2_module libexec/apache2/mod_security2.so > LoadModule xmlns_module libexec/apache2/mod_xmlns.so > Include etc/apache2/Includes/*.conf > > In /usr/local/etc/apache2/Includes/mod_security2.conf > > <IfModule security2_module> > Include etc/apache2/Includes/mod_security2/*.conf > Include etc/apache2/Includes/mod_security2/base_rules/*.conf > </IfModule> What files did that include above? This is CRS? What version? Maybe do not load them via '*', but rather explicitly load the files you desire? Try adding a test rule like this to that last block: SecRule ARGS "ajksleuitudnfgjsdkje" \ "phase:2,t:none,deny,status:403,msg:'testing'" And then a request like this: http://your.host.com/page?testing=ajksleuitudnfgjsdkje Also make sure that the IfModule is triggering (ie remove this restriction and see if the rules load or there is an error). > > And, of course, /usr/local/etc/apache2/Includes/mod_security2/ and > usr/local/etc/apache2/Includes/mod_security2/base_rules exists also and > contains de rules and de conf files. > > I've configured the > /usr/local/etc/apache2/mod_security2/modsecurity_crs_10_config.conf file > (I understant it as the main ModSecurity conf file) with > > SecRuleEngine On > SecAuditEngine On > SecDebugLog /var/log/httpd-modsec2_debug.log > SecDebugLogLevel 9 > > trying to see a simple web activity, but I don't see anything in logs. Looks like it is all loaded globally. I am assuming that your sites are all loaded as VirtualHosts? Check that SecRuleInheritance is not set to "Off". Is the /var/log/httpd-modsec2_debug.log created? You should get lots of output at level 9 for each request that gets processed. > > �How can I check that ModSecurity is working correctly? In the Apache error log, is there a line like this (notice level): ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/) configured. Any errors in error_log that may indicate that there is a permissions issue writting logs? Check your selinux logs if you have that running. -B -- Brian Rectanus Breach Security |