参考:
https://geekflare.com/apache-web-server-hardening-security/
1,因为我有装epel, 可以通过yum 来安装modsecurity 和rules,不过我还是用的笨办法。手动编译安装了。
-
[root@22062 httpd]#yum search mod_security
-
========================================= N/S matched: mod_security =========================================
-
mod_security.x86_64 : Security module for the Apache HTTP Server
-
mod_security_crs.noarch : ModSecurity Rules
2. 源代码安装
-
wget https://www.modsecurity.org/tarball/2.9.1-rc1/modsecurity-2.9.1-RC1.tar.gz
-
tar -zxvf modsecurity-2.9.1-RC1.tar.gz
-
./configure
-
make
-
make install
3. 下载rules,然后重新命名为crs.存放目录为/etc/httpd/。
-
wget https://github.com/SpiderLabs/owasp-modsecurity-crs/zipball/master
-
unzip master
4. 参照
https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended。 自己建一个modsecurity.conf
需要注释掉一行,在文件最后加上一行。并修改SecRuleEngine On
-
#SecUnicodeMapFile unicode.mapping 20127
-
Include /etc/httpd/crs/modsecurity_crs_10_setup.conf.example
-
SecRuleEngine On
5. 修改httpd.conf.
-
<IfModule security2_module>
-
Include crs/modsecurity.conf
-
Include crs/base_rules/*.conf
-
</IfModule>
6. reload httpd. 至此mod_security 安装完成。
7. mod_security 参考资料:
http://modsecurity.org/download.html mod_security 网站。
https://www.feistyduck.com/library/modsecurity-handbook-free/online/ modsecurity handbook.
阅读(1563) | 评论(0) | 转发(0) |
