mod_security is an Apache plugin which is a good way to prevent malicious attacks on your web application and even just using the base/default configuration from the EPEL repository rpm package gives a pretty decent rule set and helps with hardening your system. mod_security is all about rule sets and looking for specific types of attacks like cross site scripting (XSS), SQL injection, etc. So the more comprehensive your rule set configuration is, the better your system will be.
All I’m showing you here is how to install the plugin with the base rule set to get you going, you’ll probably want to look further into additional rule sets like owasp.org’s OWASP CRS (Core Rule Set) and there are even some paid rule set services you can get which will actively update based on their services.
1. First make sure you have the EPEL repo installed
2. Install mod_security
vmhacks.com]# yum install mod_security
3. The default rules will be auto loaded and activated after an apache restart now. You can take a look at the default config in /etc/httpd/conf.d/mod_security.conf. Note important items like “SecRuleEngine On” is already set up. So give Apache a restart to load the new mod_security module and config:
vmhacks.com]# service httpd restart
4. Verify it’s loaded:
vmhacks.com]# apachectl -M | grep sec