[root@sysdocu]# wget http://www.modsecurity.org/download/modsecurity-apache_2.5.12.tar.gz
[root@sysdocu]# tar xvzf modsecurity-apache_2.5.12.tar.gz
[root@sysdocu]# cd modsecurity-apache_2.5.12/apache2
[root@sysdocu]# ./configure --with-apxs=/usr/local/apache/bin/apxs --with-apr=/usr/local/apache/bin/apr-1-config --with-apu=/usr/local/apache/bin/apu-1-config --with-lua
[root@sysdocu]# make
[root@sysdocu]# make install
1) 확인
LoadModule security2_module modules/mod_security2.so
2) 추가
<IfModule mod_security2.c>
Include conf/mod_security.conf
</IfModule>
[에러]
apache 2.4 버전에 mod_security 2.5.12 를 설치하는중 아래와 같은 문제가 발생하였다.
[root@sysdocu]# make
/usr/local/apache/build/libtool --silent --mode=compile gcc -std=gnu99 -prefer-pic -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -O2 -g -Wall -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -I/usr/local/apache/include -I/usr/local/apache/include -I. -I/usr/local/src/APM_Setup/httpd-2.4.3/srclib/apr/include -I/usr/local/src/APM_Setup/httpd-2.4.3/srclib/apr-util/include -I/usr/local/pcre/include -I/usr/include/libxml2 -c -o mod_security2.lo mod_security2.c && touch mod_security2.slo
mod_security2.c: In function 'create_tx_context':
mod_security2.c:363: error: 'conn_rec' has no member named 'remote_ip'
mod_security2.c:364: error: 'conn_rec' has no member named 'remote_addr'
mod_security2.c: In function 'register_hooks':
mod_security2.c:1136: warning: passing argument 1 of 'ap_hook_error_log' from incompatible pointer type
/usr/local/apache/include/http_core.h:888: note: expected 'void (*)(const struct ap_errorlog_info *, const char *)' but argument is of type 'void (*)(const char *, int, int, apr_status_t, const struct server_rec *, const struct request_rec *, struct apr_pool_t *, const char *)'
apxs:Error: Command failed with rc=65536
.
make: *** [mod_security2.la] 오류 1
[해결]
[root@sysdocu]# vi mod_security2.c
(363, 364 라인의 뒷부분의 remote 를 client 로 변경)
msr->remote_addr = r->connection->client_ip;
msr->remote_port = r->connection->client_addr->port;
[root@sysdocu]# vi apache2_util.c
(305 라인의 뒷부분의 remote 를 client 로 변경)
ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
"[client %s] ModSecurity: %s%s [uri \"%s\"]%s", r->connection->client_ip, str1,
hostname, log_escape(msr->mp, r->uri), unique_id);
그리고 make 진행..
그러나 httpd syntax 체크시 오류 출력..
지원되는 버전 문제로 보여 httpd 2.4 에는 mod_security 2.7.x mod_security 2.7.0 을 설치해서 해결함
mod_security 2.7
[root@sysdocu]# wget https://sourceforge.net/projects/mod-security/files/modsecurity-apache/2.7.0/modsecurity-apache_2.7.0.tar.gz
[root@sysdocu]# tar xvzf modsecurity-apache_2.7.0.tar.gz
[root@sysdocu]# cd modsecurity-apache_2.7.0
[root@sysdocu]# ./configure --with-apxs=/usr/local/apache/bin/apxs
[root@sysdocu]# make
[root@sysdocu]# make install
mod_security 2.9.1
[root@sysdocu]#./configure --with-apxs=/usr/local/apache/bin/apxs --with-pcre=/usr/local/pcre --with-apr=/usr/local/apache/bin/apr-1-config --with-apu=/usr/local/apache/bin/apu-1-config
[root@sysdocu]# make
[root@sysdocu]# make install
./configure 에서 잘 안되면 그냥 옵션 다 빼고 ./configure 만 해도 된다.
룰셋은 별도의 포스팅 참조..
modsecurity_seminar_26.pdf
mod_security-1.9.5.tar.gz