Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
Brought to you by:
victorhora,
zimmerletw
From: Reindl H. <h.r...@th...> - 2021-02-22 18:38:06
|
first can you use a proper mail client not converting everything to HTML? Am 22.02.21 um 18:49 schrieb Jason Long via mod-security-users: > I thought nobody here answered because that version 2.9.2 is old! you got answers you problem is that you touch 1000 things at once while not understand modsec and the corerules and your distribution at all > Uninstall version 3? most likely yes i get tired from your "But I can't see any "mod_security.conf" file in "httpd" directory!" *what* is the "httpd" directory - /etc/httpd or /etc/httpd/conf.d - maybe you even don't understand .d-directories please do your homework just learn some basics like "rpm -q --filesbypkg", make sure you have *both* the corerules and modsec installed and don't insist in edit things you don't understand at the moment just get a basic install without nonsense like compile stuff at your own and fankly don't mix random fedira packages into your centos setup - you won't be able to maintain the mess you are creating "yum install mod_security mod_security_crs" should give you everything you need and then *look* what files it provide and where - forget random howtos at least for details, i can package every file whereever i want when building a package > On Monday, February 22, 2021, 03:37:55 PM GMT+3:30, Reindl Harald > <h.r...@th...> wrote: > > > > > Am 21.02.21 um 20:28 schrieb Jason Long via mod-security-users: > > Thank you so much for your answer. > > I installed ModSecurity as below: > > > > # yum install gcc-c++ flex bison yajl yajl-devel curl-devel curl > > GeoIP-devel doxygen zlib-devel pcre-devel > > # cd /opt/ > > # git clone https://github.com/SpiderLabs/ModSecurity > <https://github.com/SpiderLabs/ModSecurity> > > # cd ModSecurity > > # git checkout -b v3/master origin/v3/master > > # sh build.sh > > # git submodule init > > # git submodule update > > # ./configure > > # yum install > > > https://archives.fedoraproject.org/pub/archive/fedora/linux/updates/23/x86_64/b/bison-3.0.4-3.fc23.x86_64.rpm > <https://archives.fedoraproject.org/pub/archive/fedora/linux/updates/23/x86_64/b/bison-3.0.4-3.fc23.x86_64.rpm> > > # make > > # make install > > what he hell are you doing? > > compiling stuff? > mixing Fedora and CentOS packaging? > > > But I can't see any "mod_security.conf" file in "httpd" directory! > > Why? > > what about install modsec and the core ruleset from *packages* (EPEL if > needed) and look tighter with "ls -lhaR /etc/httpd/"? > > yum install mod_security mod_security_crs > > it's in /etc/httpd/conf.d > > > [harry@srv-rhsoft <mailto:harry@srv-rhsoft>:/downloads]$ rpm -q > --filesbypkg > mod_security-2.9.3-9.eln109.x86_64.rpm > mod_security /etc/httpd/conf.d/mod_security.conf > mod_security /etc/httpd/conf.modules.d/10-mod_security.conf > mod_security /etc/httpd/modsecurity.d > mod_security /etc/httpd/modsecurity.d/activated_rules > mod_security /etc/httpd/modsecurity.d/local_rules > mod_security > /etc/httpd/modsecurity.d/local_rules/modsecurity_localrules.conf > mod_security /usr/lib/.build-id > mod_security /usr/lib/.build-id/c0 > > mod_security > > /usr/lib/.build-id/c0/9fe3397f1beb60cd30f4fa5a3ac1a24f2c93df > mod_security /usr/lib64/httpd/modules/mod_security2.so > mod_security /usr/share/doc/mod_security > mod_security /usr/share/doc/mod_security/CHANGES > mod_security /usr/share/doc/mod_security/LICENSE > mod_security /usr/share/doc/mod_security/NOTICE > mod_security /usr/share/doc/mod_security/README.md > mod_security /var/lib/mod_security > > > [harry@srv-rhsoft <mailto:harry@srv-rhsoft>:/downloads]$ rpm -q > --filesbypkg > mod_security_crs-3.0.0-12.eln109.noarch.rpm > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-901-INITIALIZATION.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-905-COMMON-EXCEPTIONS.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-910-IP-REPUTATION.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-911-METHOD-ENFORCEMENT.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-912-DOS-PROTECTION.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-913-SCANNER-DETECTION.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-921-PROTOCOL-ATTACK.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/RESPONSE-950-DATA-LEAKAGES.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/RESPONSE-959-BLOCKING-EVALUATION.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/RESPONSE-980-CORRELATION.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/crawlers-user-agents.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/iis-errors.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/java-code-leakages.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/java-errors.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/lfi-os-files.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/php-config-directives.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/php-errors.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/php-function-names-933150.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/php-function-names-933151.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/php-variables.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/restricted-files.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/scanners-headers.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/scanners-urls.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/scanners-user-agents.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/scripting-user-agents.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/sql-errors.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/sql-function-names.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/unix-shell.data > mod_security_crs > /etc/httpd/modsecurity.d/activated_rules/windows-powershell-commands.data > mod_security_crs /etc/httpd/modsecurity.d/crs-setup.conf > mod_security_crs /usr/share/doc/mod_security_crs > mod_security_crs /usr/share/doc/mod_security_crs/CHANGES > mod_security_crs /usr/share/doc/mod_security_crs/README.md > mod_security_crs /usr/share/licenses/mod_security_crs > mod_security_crs /usr/share/licenses/mod_security_crs/LICENSE > mod_security_crs /usr/share/mod_modsecurity_crs > mod_security_crs /usr/share/mod_modsecurity_crs/rules > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-901-INITIALIZATION.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-910-IP-REPUTATION.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-912-DOS-PROTECTION.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-913-SCANNER-DETECTION.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/RESPONSE-950-DATA-LEAKAGES.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/RESPONSE-980-CORRELATION.conf > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/crawlers-user-agents.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/iis-errors.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/java-code-leakages.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/java-errors.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/lfi-os-files.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/php-config-directives.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/php-errors.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/php-function-names-933150.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/php-function-names-933151.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/php-variables.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/restricted-files.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/scanners-headers.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/scanners-urls.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/scanners-user-agents.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/scripting-user-agents.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/sql-errors.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/sql-function-names.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/unix-shell.data > mod_security_crs > /usr/share/mod_modsecurity_crs/rules/windows-powershell-commands.data |