How To Install And Setup ModSecurity with OWASP On CentOS 7

How To Install And Setup ModSecurity with OWASP On CentOS 7

ModSecurity is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity must be configured with rules. In order to enable users to take full advantage of ModSecurity out of the box, Trustwave’s SpiderLabs created the OWASP ModSecurity Core Rule Set (CRS) Project. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS provides generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded.

Prerequisites

# yum -y update

# yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git

Installing mod_security

#cd /opt/

#wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz

#tar xzfv modsecurity-2.9.1.tar.gz

#cd modsecurity-2.9.1

#./configure

# make install

Configure mod_security

# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

# cp unicode.mapping /etc/httpd/conf.d/

Now we need to configure the Apache web server . Open the web server configuration file and add the following lines in it.

# vim /etc/httpd/conf/httpd.conf

LoadModule security2_module modules/mod_security2.so

LoadModule unique_id_module modules/mod_unique_id.so

Save the changes using ‘:wq!’ and restart Apache services.

# systemctl restart httpd.service

# systemctl status httpd.service

# systemctl enable httpd.service

Installing OWASP

Now we will install OWSAP CRS to be integrated with Apache’s ModSecurity. Use below commands to download and configure OWASP (Open Web Application Security Project) core rule set for a base configuration.

# cd /etc/httpd

# git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

#mv owasp-modsecurity-crs modsecurity-crs

#cd modsecurity-crs

#cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Now once again open the Apache configuration file to add the following lines at the end.

LoadModule security2_module modules/mod_security2.so

LoadModule unique_id_module modules/mod_unique_id.so

So now you’ve installed Mod_Security and OWASP-CRS, it’s time to restart Apache service so the module can be loaded along with its rules.

# systemctl restart httpd.service

---------------------------------------------------------------------------------------

Enjoy some basic necessary protection on your Linux CentOS 7 Apache server. It gives you couple of other advantages like below.

Real-time Blacklist Lookups: utilizes 3rd Party IP Reputation
Web-based Malware Detection: identifies malicious web content by check against the Google Safe Browsing API.
Identification of Application Defects: alerts on application misconfigurations.
HTTP Denial of Service Protections: defense against HTTP Flooding and Slow HTTP DoS Attacks.
Tracking Sensitive Data: Tracks Credit Card usage and blocks leakages.
Trojan Protection: Detecting access to Trojans horses.
Integration with AV Scanning for File Uploads – detects malicious files uploaded through the web application.
Error Detection and Hiding: Disguising error messages sent by the server.
Common Web Attacks Protection: detecting common web application security attack.
Automation Detection: Detecting bots, crawlers, scanners and other surface malicious activity.
HTTP Protection: detecting violations of the HTTP protocol and a locally defined usage policy.

---------------------------------------------------------------------------------------

Conclusion

Mod_security is basically used to protect and monitor real time HTTP traffic and web applications from brute fore attacks and it also acts as intrusion detection and prevention system for web applications. In order to become useful, ModSecurity must be configured with rules which we can then use OWASP (Open Web Application Security Project) which is a Core Rules Set (CRS) for mod_security base configuration.