This article assumes that you have installed a RedHat Enterprise or CentOS and not guaranteed to work, although we have tested on several CentOS 4.5 with success.
The first thing is make sure we have installed the libxml2 library, for it only have to do a search on our system, if installed normally. (XPC Note: Try “yum install libxml2-devel”)
You can check if it is installed with the command:
rpm -q libxml2
To compile ModSecurity install and need some additional packages, then you can uninstall it because it is not necessary.
The packages needed are:
In case you miss some package for CentOS can install as follows:
yum install libxml2
yum install httpd-devel
Now go on the mod_security, for this visit the official website ModSecurity to download the latest version. The example shows the version available today, we have to unzip, I recommend downloading everything in / usr / local / share /, for example:
tar zxf modsecurity-apache_2.1.3.tar.gz
Now we have once unzipped edit the Makefile in the directory will be apache2 file just unzip.
(XPC Note: After unzipping go to /apache2 and follow the instructions “Run the configure script to generate a Makefile.” on the ModSecurity documentation.
In this file we must change the line to tell where we have indicated the Apache installed with the development package (httpd-devel) installed before.
top_dir = /usr/lib/httpd
We are now ready to compile and install ModSecurity with the following commands
service httpd stop
now in the Apache configuration in / etc / httpd / conf / editing httpd.conf with your favorite editor, I would do this:
and look for the module loading area, looking for “LoadModule” (Control + K + F joe).
At the beginning of this section adds:
And then at the end of this section of apache module loading added:
LoadModule security2_module modules/mod_security2.so
and immediately made this policy must be updated by doing the following configuration:
M.K.D.I.R /etc/httpd/conf/modsecurity;C.D /etc/httpd/conf/modsecurity
tar zxf modsecurity-core-rules_2.1-1.4.3.tar.gz
rm -f modsecurity-core-rules_2.1-1.4.3.tar.gz
And now you have the default policies, remember that you can adapt them by editing the configuration files you installed for ModSecurity.
Do not forget to restart apache with:
service httpd restart
and of course remove the package that may no longer need to:
rpm -e httpd-devel
rpm -e apr-util-devel
rpm -e apr-devel
rpm -e pcre-devel
Congratulations, now you have mod_security installed on your Apache2 server with CentOS and Plesk panel.
VERY IMPORTANT: If you do not know please delegate this task to your provider or system administrator preferred.
Source: carrero.es (Translated from Spanish to English with Google)