본문 바로가기
Linux

CentOS 6 apache 2.4 modsecurity 2.9 compile install

by 씨엔아이소프트 2017. 9. 27.
반응형
CentOS 6 apache 2.4 modsecurity 2.9 compile install



어플리케이션 계정 생성
# useradd -d /app app
# passwd app
Changing password for user app.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
의존 패키지 설치
# yum install gcc gcc-c++ make perl zip unzip wget git zlib-devel libxml2 libxml2-devel ncurses ncurses-devel expat expat-devel
소스파일 다운로드
# mkdir /app/src/
# cd /app/src
# wget https://www.rndit.net/files/apr-1.5.2.tar.gz
# wget https://www.rndit.net/files/apr-util-1.5.4.tar.gz
# wget https://www.rndit.net/files/httpd-2.4.25.tar.gz
# wget https://www.rndit.net/files/openssl-1.0.2j.tar.gz
# wget https://www.rndit.net/files/pcre-8.39.tar.gz
# wget https://www.rndit.net/files/modsecurity-2.9.1.tar.gz
압축해제
# tar zxvf apr-1.5.2.tar.gz
# tar zxvf apr-util-1.5.4.tar.gz
# tar zxvf httpd-2.4.25.tar.gz
# tar zxvf openssl-1.0.2j.tar.gz
# tar zxvf pcre-8.39.tar.gz
# tar zxvf modsecurity-2.9.1.tar.gz
파일 소유자 변경
# chown -R app.app /app
pcre 8.39 설치
# cd /app/src/pcre-8.39
# ./configure
# make && make install
openssl 1.0.2j 설치
# cd /app/src/openssl-1.0.2j
# ./config --prefix=/usr/local/openssl-1.0.2j -fPIC enable-tlsext
# make && make install
 
// 심볼릭 링크 설정
# mv /usr/bin/openssl /usr/bin/openssl.bak
# ln -s /usr/local/openssl-1.0.2j/bin/openssl /usr/bin/openssl
 
// 버전 확인
# openssl version
OpenSSL 1.0.2j  26 Sep 2016
Apache 2.4.25 설치
// 계정 전환
# su - app
 
// 아파치 설치
$ mkdir -p /app/server
$ mkdir -p /app/dev
$ cd /app/src/
$ cp -R apr-1.5.2 httpd-2.4.25/srclib/apr
$ cp -R apr-util-1.5.4 httpd-2.4.25/srclib/apr-util
$ cd httpd-2.4.25
$ ./configure --prefix=/app/server/httpd-2.4.25 --with-ssl=/usr/local/openssl-1.0.2j --with-included-apr
$ make && make install
ModSecurity 설치
$ cd /app/src/modsecurity-2.9.1
$ ./configure --prefix=/app/dev/modsecurity-2.9.1 --with-apxs=/app/server/httpd-2.4.25/bin/apxs --with-apr=/app/server/httpd-2.4.25/bin/apr-1-config --with-apu=/app/server/httpd-2.4.25/bin/apu-1-config
$ make && make install
 
// 설정파일 복사
$ cp modsecurity.conf-recommended /app/server/httpd-2.4.25/conf/modsecurity.conf
$ cp unicode.mapping /app/server/httpd-2.4.25/conf/
 
// 권한 변경
$ chmod 755 /app/server/httpd-2.4.25/modules/mod_security2.so
 
// 룰 다운로드
$ cd /app/server/httpd-2.4.25/
$ git clone https://github.com/spiderLabs/owasp-modsecurity-crs.git
$ mv owasp-modsecurity-crs/ modsecurity-crs
$ cd modsecurity-crs
$ cp crs-setup.conf.example crs-setup.conf
Apache 설정 파일 수정
$ vi /app/server/httpd-2.4.25/conf/httpd.conf
 
// 모듈 추가
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
 
// 최하단에 아래 내용 추가
# ModSecurity configuration
<IfModule security2_module>
Include conf/modsecurity.conf
Include modsecurity-crs/crs-setup.conf
Include modsecurity-crs/rules/*.conf
</IfModule>
Apache 기동
# /app/server/httpd-2.4.25/bin/apachectl start
원문
https://www.rndit.net/confluence/display/DEV/CentOS+6+apache+2.4+modsecurity+2.9+compile+install


반응형

댓글