Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
|
From: Williams, D. A. <dav...@US...> - 2021-03-02 20:22:12
|
I'm not claiming this is right... (And I apologize for editing the included email chain, Outlook likes to rebuild links in ways I don't like.)
I installed via yum these two packages: mod_security-2.9.2-1.el7.x86_64 and mod_security_crs-2.2.9-1.el7.noarch. I recognize that's an older version, but I expect the configuration files may be similar. That gave me /etc/httpd/conf.d/mod_security.conf: the entry point to the configuration; I can't include the full file, but in my case these are some key lines to set up engine. The first two lines tell it about the other directories for further configuration:
IncludeOptional modsecurity.d/*.conf
IncludeOptional modsecurity.d/activated_rules/*.conf
SecRuleEngine On
SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProce
ssor=XML"
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecRequestBodyInMemoryLimit 131072
I also have some global tuning in that file (again, not saying that's "right"), like several:
SecRuleRemoveById XXXXs
/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf is the base rule for the core rule set (I believe). The mod sec engine needs rules to enforce; CRS is a good starting point. With that base CRS configuration in place, the files in /etc/httpd/modsecurity.d/activated_rules are the real meat of the rules to enforce with some brief file names to outline the sorts of things they look for and protect against, like protocol_anomalies.conf or bad_robots.conf.
I hope that bit of my experience will help.
-David
-----Original Message-----
From: Jason Long via mod-security-users <mod...@li...>
Sent: Tuesday, March 2, 2021 1:56 PM
To: Ervin Hegedüs <ai...@gm...>
Cc: Jason Long <hac...@ya...>; Jason Long via mod-security-users <mod...@li...>
Subject: Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
Hi Ervin,
Thank you so much.
I found two files:
1- /etc/httpd/conf.modules.d/10-mod_security.conf
2- /etc/httpd/conf.d/mod_security.conf
The content of the first file is :
$ cat /etc/httpd/conf.modules.d/10-mod_security.conf
LoadModule security2_module modules/mod_security2.so
<IfModule !mod_unique_id.c>
LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>
And the content of the second file is :
....
I don't know the difference between of the two files :(
Nobody here using CentOS?
On Tuesday, March 2, 2021, 01:18:13 PM GMT+3:30, Ervin Hegedüs <ai...@gm...> wrote:
Hi Jason,
On Tue, Mar 02, 2021 at 09:13:30AM +0000, Jason Long wrote:
> Hi Ervin,Thank you so much for your reply.I ... and I have other questions:
> 1- At ... I read "Download our release from ... and unpack it into a new owasp-modsecurity-crs folder". Thus, I must create a "owasp-modsecurity-crs" directory in the "/etc/httpd/modsecurity.d/" directory?
that's your decision. You can unpack them where you want: into a
new (sub) directory, or you can overwrite the existing rules.
> 2- In the "httpd.conf" file, you can add some configuration lines and as ... said, it is :
> <IfModule security2_module> Include modsecurity.d/owasp-modsecurity-crs/crs-setup.conf Include modsecurity.d/owasp-modsecurity-crs/rules/*.conf </IfModule>
(sorry for the side-note, others already wrote you please stop
the HTML e-mails)
> But, it just for Debian? The "httpd.conf/apache2.conf" file is for Debian.
No. Debian uses /etc/apache2 directory to store the configuration
files.
> How about CentOS? Should I add above lines to "/etc/httpd/conf/httpd.conf" file?
You need to find where CentOS stores the configuration files,
which loads the modules. I have few RH instance, they stores
these files under /etc/httpd/conf.modules.d, eg:
# cat /etc/httpd/conf.modules.d/01-cgi.conf
# This configuration file loads a CGI module appropriate to the MPM
# which has been configured in 00-mpm.conf. mod_cgid should be used
# with a threaded MPM; mod_cgi with the prefork MPM.
<IfModule mpm_worker_module>
LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_event_module>
LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
LoadModule cgi_module modules/mod_cgi.so
</IfModule>
You should read the CentOS Apache documentation.
> 3- You said "Also I think local_rules contains the whole rule set", but in the "local_rules" directory, I just have one "modsecurity_localrules.conf" with below contents:
> # User defined rules and settings .## You can use this file/directory to drop your local rules or# to remove some rules provided by mod_security_crs package with SecRuleRemoveById## You can also disable mod_security for some incompatible web applications (eg. phpMyAdmin).##
> Is it normal?
may be - as I wrote, I don't know CentOS.
a.
_______________________________________________
mod-security-users mailing list
mod...@li...
...
|
