To install and configure mod_security on Red Hat or CentOS, you can follow these steps:
- Install the mod_security package using
yum:sudo yum install mod_security
- After installation, the
mod_securitymodule is enabled by default. You can edit themod_security.conffile to customize its configuration, if needed:sudo vi /etc/httpd/conf.d/mod_security.conf
This file contains various directives that control the behavior of mod_security, such as the location of the rules files and the response to certain events.
- By default, mod_security is configured to log events to the Apache error log. You can view these logs to see if any attacks have been detected:
sudo tail -f /var/log/httpd/error_log
- To enable the OWASP Core Rule Set, which provides a set of basic security rules to protect against common attacks, you can download and install it from the OWASP website:
sudo yum install mod_security_crs
After installation, the rule set files are located in the
/etc/httpd/modsecurity.d/activated_rulesdirectory. - You can enable or disable specific rules by editing the appropriate rule files in the
activated_rulesdirectory. - Once you have made any changes to the mod_security configuration or rules files, you should restart the Apache web server to apply the changes:
sudo systemctl restart httpd
After following these steps, mod_security will be installed and running on your Red Hat or CentOS system, providing basic intrusion detection and prevention capabilities for your Apache web server.