Installing mod_security and mod_evasive on Debian
Installing mod_security and mod_evasive on Debian
In this article I’m going to show you how to install mod_security for web scanning and mod_evasive for dos protection. First thing you need to have a Webserver like apache installed and also with mod_headers enabled:
1 |
a2enmod headers |
After you are done installing the Webserver we can begin and install the modules that we were talking about at the beginning.
- Installing mod_security
On Debian based operating system you would install the packages using apt or aptitude, for example:
1 2 |
sudo apt-get update sudo apt-get libapache-mod-security |
It will let you know that you need to install other dependencies, choose Yes and finish the installation.
The next part is to enable mod_security by editing the recommended configuration file:
1 2 |
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf sudo vi /etc/modsecurity/modsecurity.conf |
You will need to change the following line containing the string SecRuleEngine to enable the security engine:
1 |
SecRuleEngine on |
And also need to enable the apache module
1 |
sudo a2enmod mod-security |
I would also recommend adding or changing the values of the bellow directive to 16MB
1 2 |
SecRequestBodyLimit 16384000 SecRequestBodyInMemoryLimit 16384000 |
By default this is only set to 128kb and most dynamic websites will have problems when writing content or posting data or uploading content.
I’ll probably make another article showing you how you can harden/add more security rules, but for now we only need it installed and default settings set.
Now just restart the Webserver and we are done:
1 |
sudo /etc/init.d apache2 restart |
- Installing mod_evasive
Similar to how we installed mod_security, we install mod_evasive by running the command:
1 |
sudo apt-get install libapache2-mod-evasive |
We now need to create a log directory for mod_evasive and set proper permission:
1 2 |
sudo mkdir /var/log/mod_evasive sudo chown www-data:www-data /var/log/mod_evasive/ |
The same as before, we need to create the module configuration file inside
1 |
sudo vi /etc/apache2/mods-available/mod-evasive.conf |
and also add the configurations based on the ones you need. Keep just mind to whitelist the server IP in case you have a reverse proxy or similar configuration.
1 2 3 4 5 6 7 8 9 |
DOSHashTableSize 3097 DOSPageCount 10 DOSSiteCount 150 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSLogDir /var/log/mod_evasive DOSEmailNotify email@yourdomain.com DOSWhitelist 127.0.0.1 |
More information here:
http://www.helicontech.com/ape/doc/mod_evasive.htm
Then enable the apache module running the command:
1 |
sudo a2enmod mod-evasive |
and also restart the Webserver:
1 |
sudo /etc/init.d/apache2 restart |