Archive
Using VI Editor to insert at the beginning/end of each line
This replaces the beginning of each line with “replace”:
:%s!^!replace!
This replaces the beginning of each selected line (use visual mode to select) with “replace”:
:'<,’>s!^!replace!
YES you can change the symbol ! to /
:%s/^/replace/
:'<,’>s/^/replace/
This replaces the end of each line
:%s/$/replace/g
Compile mod security(Web Application Firewall) on Ubuntu
Currently Mod security package only available on this version of Ubuntu
Package libapache-mod-security
•lucid (web): Tighten web applications security for Apache [universe]
2.5.11-1: amd64 i386
•maverick (web): Tighten web applications security for Apache [universe]
2.5.12-1: amd64 i386
•natty (web): Tighten web applications security for Apache [universe]
2.5.12-1: amd64 i386
•oneiric (web): Dummy transitional package [universe]
2.5.13-1: all
Package libapache2-mod-security
•dapper (web): Tighten web applications security for Apache 2.x
1.8.7-1ubuntu1: amd64 i386 powerpc
Find ubuntu package:
Steps by steps to compile mod security:
Download source mod_security from http://modsecurity.org/
1) install g++ environment
apt-get install g++ doc-base autoconf automake1.9 bison bison libtool make
2) install preconditions for mod_security2
apt-get install apache2-threaded-dev libxml2-dev libcurl4-gnutls-dev
try to run configure with missing libraries or header files
./configure –with-apxs2=/usr/bin/apxs2
result:
checking for strtol… yes
configure: looking for Apache module support via DSO through APXS
configure: error: couldn’t find APXS
install apache apxs
apt-get install apache2-threaded-dev
next error with configure: missing libxml2
checking for libxml2 config script… no
configure: *** libxml2 library not found.
configure: error: libxml2 library is required
install libxml2-dev
sudo apt-get install libxml2-dev
next error with configure: missing libcurl
this step is optional, only needed if you want to build mlogc, id did it.
checking for libcurl config script… no
configure: *** curl library not found.
configure: NOTE: curl library is only required for building mlogc
install libcurl4-gnutls-dev
sudo apt-get install libcurl4-gnutls-dev
3) final configure works, run make now
cd ~/modsecurity-apache_2.5.6/apache2
./configure –with-apx2=/usr/bin/apxs2
output:
checking for g++… g++
checking for C++ compiler default output file name… a.out
checking whether the C++ compiler works… yes
checking whether we are cross compiling… no
checking for suffix of executables…
checking for suffix of object files… o
checking whether we are using the GNU C++ compiler… yes
checking whether g++ accepts -g… yes
checking for gcc… gcc
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ISO C89… none needed
checking how to run the C preprocessor… gcc -E
checking for a BSD-compatible install… /usr/bin/install -c
checking whether ln -s works… yes
checking whether make sets $(MAKE)… yes
checking for ranlib… ranlib
checking for perl… /usr/bin/perl
checking for grep that handles long lines and -e… /bin/grep
checking for egrep… /bin/grep -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking fcntl.h usability… yes
checking fcntl.h presence… yes
checking for fcntl.h… yes
checking limits.h usability… yes
checking limits.h presence… yes
checking for limits.h… yes
checking for stdlib.h… (cached) yes
checking for string.h… (cached) yes
checking for unistd.h… (cached) yes
checking for an ANSI C-conforming const… yes
checking for inline… inline
checking for C/C++ restrict keyword… __restrict
checking for size_t… yes
checking whether struct tm is in sys/time.h or time.h… time.h
checking for uint8_t… yes
checking for stdlib.h… (cached) yes
checking for GNU libc compatible malloc… yes
checking for working memcmp… yes
checking for atexit… yes
checking for fchmod… yes
checking for getcwd… yes
checking for memset… yes
checking for strcasecmp… yes
checking for strchr… yes
checking for strdup… yes
checking for strerror… yes
checking for strncasecmp… yes
checking for strrchr… yes
checking for strstr… yes
checking for strtol… yes
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /usr/bin/apxs2
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script… /usr/bin/pcre-config
configure: using ‘-L/usr/lib -lpcre’ for pcre Library
checking for libapr config script… /usr/bin/apr-1-config
configure: using ‘ -luuid -lrt -lcrypt -lpthread -ldl’ for apr Library
checking for libapr-util config script… /usr/bin/apu-1-config
configure: using ‘ -L/usr/lib -laprutil-1’ for apu Library
checking for libxml2 config script… /usr/bin/xml2-config
configure: using ‘-lxml2’ for libxml Library
checking for pkg-config script for lua library… no
configure: optional lua library not found
checking for libcurl config script… /usr/bin/curl-config
configure: using ‘-lcurl -lgssapi_krb5’ for curl Library
configure: creating ./config.status
config.status: creating Makefile
config.status: creating build/apxs-wrapper
config.status: creating t/run-unit-tests.pl
config.status: creating t/run-regression-tests.pl
config.status: creating t/gen_rx-pm.pl
config.status: creating t/csv_rx-pm.pl
config.status: creating t/regression/server_root/conf/httpd.conf
config.status: creating ../tools/rules-updater.pl
config.status: creating mod_security2_config.h
make
4) install mod_security2
i did this manual way to control what is installed,
of course you can use “make install”.
cp modsecurity-apache_2.5.6/apache2/.libs/mod_security2.so /usr/lib/apache2/modules
chmod 644 /usr/lib/apache2/modules/mod_security2.so
chown root:root /usr/lib/apache2/modules/mod_security2.so
5) include mod_security2 in the apache2 way
/etc/apache2/mods-available# vi mod_security2.load
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
/etc/apache2/mods-enabled# ln -s ../mods-available/mod_security2.load mod_security2.load
6) load apache2 mod_unique_id
run apache2ctl configtest and find the missing mod_unique_id error
apache2ctl configtest
less /var/log/apache2/error.log
[Fri Aug 15 11:59:34 2008] [error] ModSecurity: ModSecurity requires mod_unique_id to be installed
fix it with a2enmod of make a manual symlink in mods-enabled
a2enmod mod_unique_id
manually enable mod
/etc/apache2/mods-enabled#ln -s ../mods-available/unique_id.load unique_id.load
7) reload apache config
reload config and check error.log
apache2ctl configtest
apache2ctl graceful
less /var/log/apache2/error.log
after reloading apache, make test to you webserver and check access.log and error.log
8) initial mod_security configuration
After initial installation of mod_security2 you can add mod_security2 rules. For example you can add a core rule, for example add rule to apache conf directory:
/etc/apache2/conf.d/mod_security2# ls
modsecurity_crs_10_config.conf
9) adopt log path
SecAuditLog /var/log/apache2/modsec_audit.log
SecDebugLog /var/log/apache2/modsec_debug.log
10) example: set higher SecDebugLogLevel
# NOTE Debug logging is generally very slow. You should never
# use values greater than “3” in production.
# 0 – no logging.
# 1 – errors (intercepted requests) only.
# 2 – warnings.
# 3 – notices // default value.
# 4 – details of how transactions are handled.
# 5 – as above, but including information about each piece of information handled.
# 9 – log everything, including very detailed debugging information.
SecDebugLogLevel 5
Getting Ubuntu Version
There is a few option to find Ubuntu version:
1) viewing /etc/issue file
#cat /etc/issue
Ubuntu 8.04.4 LTS \n \l
2) run command lsb_release -a
#lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.04.4 LTS
Release: 8.04
Codename: hardy
Just Technical Information 