mod_security seems to be no longer on Debian repositories. The installation seems quite complicated. The only one I could find is Zorp, which seems even more complicated.
Hence I'd like to ask for up to date mod_security howto's or alternative solutions.
Many thanks!
Which version of debian are you using. libapache-mod-security is available in lenny-backports.
I have CentOS, and I compiled it a month or two ago, so you may have to tweak this. mod_security2.5 is the new version http://www.modsecurity.org/.
You need liblua readline-dev and ncurses dev as well as libxml2.
aptget install readline-dev ncurses-dev libxml2 libxml2-dev
I had to make Lua from source because CentOS doesn't have it in the default repos:
wget http://www.lua.org/ftp/lua-5.1.tar.gz
tar -xvf lua-5.1.tar.gz
cd lua-5.1
make linux && make install
gcc -shared -o /usr/local/lib/liblua.5.1.3.so /usr/local/lib/liblua.a # Compile liblua library into a Shared Object for Apache to use
Mod_security2
wget http://www.modsecurity.org/download/modsecurity-apache_2.5.12.tar.gz
tar -xvf modsecurity-apache_2.5.12
cd modsecurity-apache_2.5.12
cd apache2
./configure
make && make install
cd ../
mkdir /etc/httpd/modsecurity.d
cp modsecurity.conf-minimal /etc/httpd/modsecurity.d/mod_security_minimal.conf # Copy the minimal rule set to our configuration
You will need to modify your Apache config to load liblua and libxml2. Notice this is LoadFile not Load Module. /etc/httpd/conf/httpd.conf
LoadFile /usr/lib/libxml2.so
LoadFile /usr/local/lib/liblua.5.1.3.so
And you probably want to keep your rules organized:
Include modsecurity.d/*.conf
For further configuration add your own ruleset in the modsecurity.d directory, and you can also copy any default rulesets you want from the mod_security folder extracted above under the rules folder.
Restarting httpd will be required.
