Improve the security of your Directadmin server: Part two – Mod_security

By | July 16, 2013

The security of your Directadmin server is one of the most important, but also one of the hardest things to improve. This is part two of a serie of posts where we will take a look at the security of your Directadmin server and try to bring the security to a next level.

Part 1: The firewall
Part 2: Mod_security
Part 3: Tips and Tweaks
Part 4: Secure email
Part 5: SFTP, FTPS and securing websites

Part two: mod_security

In the last tutorial we restricted the access to our Directadmin server with a decent dynamic firewall. Today we are going to implement mod_security. Mod_security is an Apache module which will prevent high-risk webscripts to be executed. It tries to shield web applications from attacks such as SQL injection, cross-site scripting, and many more. The module adds a security layer to the webserver and is very useful in a hosting environment because of all the different web applications used. We are going to install mod_security with the standard ruleset.

Login into your Directadmin server as the user root through SSH. Then prepare the Apache configuration for mod_security.

sed -i 's/ServerTokens Major/ServerTokens Full/' /etc/httpd/conf/extra/httpd-default.conf
sed -i 's/ServerSignature Off/ServerSignature On/' /etc/httpd/conf/extra/httpd-default.conf
sed -i 's/ServerSignature EMail/ServerTokens On/' /etc/httpd/conf/extra/httpd-default.conf

After that adjustment we can use the following commands to download and install mod_security:

cd /usr/local/src
mkdir modsecurity2
cd !$
wget https://www.modsecurity.org/tarball/2.7.4/modsecurity-apache_2.7.4.tar.gz
tar xzf modsecurity-apache*
cd modsecurity-apache*
./configure
make
make install

Mod_security2 is now installed, but doesn’t has a ruleset to operate from. We will install a good default ruleset in the next steps:

mkdir /etc/modsecurity2
cd !$
wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/master.zip
unzip master
mv owasp-modsecurity-crs-master/* .
rm -rf master owasp-modsecurity-crs-master
mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
ln -s /etc/modsecurity2test/modsecurity_crs_10_setup.conf /etc/modsecurity2test/activated_rules/modsecurity_crs_10_setup.conf
for f in `ls base_rules/` ; do sudo ln -s /etc/modsecurity2test/base_rules/$f activated_rules/$f ; done
for f in `ls optional_rules/ | grep comment_spam` ; do sudo ln -s /etc/modsecurity2test/optional_rules/$f activated_rules/$f ; done

You can list all the activated rules in the actived_rules directory:

ls -l /etc/modsecurity2/activated_rules/

Now, open up the /etc/httpd/conf/httpd.conf file and add the following lines under the other LoadModule lines:

LoadFile /usr/local/lib/libxml2.so
LoadModule security2_module /usr/lib/apache/mod_security2.so

Don’t close the file yet, you still have to add the rules to the httpd.conf. Add these lines at the end of the file


        Include /etc/modsecurity2/activated_rules/*.conf

That was it, a little bit more difficult to install compared to CSF but it adds a great security layer to any webserver. In the next tutorial we will dig a little deeper and do some basic server security by editing a few configurations and hardening some processes.

Thank you for reading and don’t forget to subscribe!

7 thoughts on “Improve the security of your Directadmin server: Part two – Mod_security

  1. Pingback: Improve the security of your Directadmin server: Part one – The firewall | Directadmin Guru

  2. Pingback: Improve the security of your Directadmin server: Part four – Secure email | Directadmin Guru

  3. youri

    after
    make
    i have errors:
    /usr/bin/ld: cannot find -lexpat
    collect2: ld returned 1 exit status
    make[1]: *** [mod_security2.la] Error 1
    make[1]: Leaving directory `/usr/local/src/modsecurity2/modsecurity-apache_2.7.4/apache2′
    make: *** [install-recursive] Error 1

    Centos 6.4 with directadmin 1.433

    Reply
    1. M. Pas Post author

      You can solve this error by installing expat:
      yum install expat expat-devel

      Reply
  4. Adam

    Hello,

    For those coming to this post to install mod_Security and for the above erro I noted two issues with this tutorial:

    1. on Centos you must install expat-devel package to not get a compilation error ( yum install expat-devel)
    2. There is a typo in the links for the mod_security rules, you will see above in the links they used ‘modsecurity2test’ in the links, as your directory is not named this (seems when the tutorial was written the author missed fixing this) you will need to change this to ‘modsecurity2′ instead.

    Hopefully this helps a few people.

    Cheers!

    Reply
  5. Jeroen

    Installed succesfull (after changing the modsecurity2test directory)
    But I don’t understand the first three changes in the apache configuration.
    Why are these needed?
    And what do they do?

    Reply
  6. Pingback: Tăng Tính Bảo Mật Cho Server DirectAdmin: Phần 2 – Mod_security

Leave a Reply

Your email address will not be published. Required fields are marked *