The security of your Directadmin server is one of the most important, but also one of the hardest things to improve. This is part two of a serie of posts where we will take a look at the security of your Directadmin server and try to bring the security to a next level.
Part two: mod_security
In the last tutorial we restricted the access to our Directadmin server with a decent dynamic firewall. Today we are going to implement mod_security. Mod_security is an Apache module which will prevent high-risk webscripts to be executed. It tries to shield web applications from attacks such as SQL injection, cross-site scripting, and many more. The module adds a security layer to the webserver and is very useful in a hosting environment because of all the different web applications used. We are going to install mod_security with the standard ruleset.
Login into your Directadmin server as the user root through SSH. Then prepare the Apache configuration for mod_security.
sed -i 's/ServerTokens Major/ServerTokens Full/' /etc/httpd/conf/extra/httpd-default.conf sed -i 's/ServerSignature Off/ServerSignature On/' /etc/httpd/conf/extra/httpd-default.conf sed -i 's/ServerSignature EMail/ServerTokens On/' /etc/httpd/conf/extra/httpd-default.conf
After that adjustment we can use the following commands to download and install mod_security:
cd /usr/local/src mkdir modsecurity2 cd !$ wget https://www.modsecurity.org/tarball/2.7.4/modsecurity-apache_2.7.4.tar.gz tar xzf modsecurity-apache* cd modsecurity-apache* ./configure make make install
Mod_security2 is now installed, but doesn’t has a ruleset to operate from. We will install a good default ruleset in the next steps:
mkdir /etc/modsecurity2 cd !$ wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/master.zip unzip master mv owasp-modsecurity-crs-master/* . rm -rf master owasp-modsecurity-crs-master mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf ln -s /etc/modsecurity2test/modsecurity_crs_10_setup.conf /etc/modsecurity2test/activated_rules/modsecurity_crs_10_setup.conf for f in `ls base_rules/` ; do sudo ln -s /etc/modsecurity2test/base_rules/$f activated_rules/$f ; done for f in `ls optional_rules/ | grep comment_spam` ; do sudo ln -s /etc/modsecurity2test/optional_rules/$f activated_rules/$f ; done
You can list all the activated rules in the actived_rules directory:
ls -l /etc/modsecurity2/activated_rules/
Now, open up the /etc/httpd/conf/httpd.conf file and add the following lines under the other LoadModule lines:
LoadFile /usr/local/lib/libxml2.so LoadModule security2_module /usr/lib/apache/mod_security2.so
Don’t close the file yet, you still have to add the rules to the httpd.conf. Add these lines at the end of the file
That was it, a little bit more difficult to install compared to CSF but it adds a great security layer to any webserver. In the next tutorial we will dig a little deeper and do some basic server security by editing a few configurations and hardening some processes.
Thank you for reading and don’t forget to subscribe!