[Installation of lamp]--mod_security and mod_evasive modules

Source: Internet
Author: User
Tags modsecurity

System version: Red Hat 6

HTTPD version: httpd-2.4.20

Tar package: modsecurity-apache_2.5.9.tar.gz mod_evasive_1.10.1.tar.gz

About apxs:http://itlab.idcquan.com/linux/manual/apachemanual/programs/apxs.html

Installation of the Mod_evasive module

# Tar XF mod_evasive_1.10.1.tar.gz# cd mod_evasive# lschangelog mod_evasive20.c mod_evasive20.o Mod_evasiveNSAPI . clicense mod_evasive20.la mod_evasive20.slo readmemakefile.tmpl mod_evasive20.lo mod_evasive.c test.pl# A Pxs-i-a-c mod_evasive20.c/usr/lib/apr-1/build/libtool--silent--mode=compile gcc-prefer-pic-o2-g-pipe-wall-wp,- D_fortify_source=2-fexceptions-fstack-protector--param=ssp-buffer-size=4-m32-march=i686-mtune=atom- Fasynchronous-unwind-tables-wformat-security-fno-strict-aliasing-dlinux=2-d_reentrant-d_gnu_source-d_ Largefile64_source-pthread-i/usr/include/httpd-i/usr/include/apr-1-i/usr/include/apr-1-c-o Mod_evasive20.lo MoD _EVASIVE20.C && Touch mod_evasive20.slomod_evasive20.c: In function ' create_hit_list ': mod_evasive20.c:118: Warning: Return statement not found in function with return value MOD_EVASIVE20.C: in function ' Access_checker ': mod_evasive20.c:212: Warning: Implicitly declaring function ' Getpid ' mod_ EVASIVE20.C:212: Warning: Format '%ld ' requires type ' long int ', but the type of argument 3 is ' int ' mod_evasive20.c:229: Warning: Ignore declaration has The return value of the ' system ' of the Warn_unused_result property mod_evasive20.c: In function ' destroy_hit_list ': mod_evasive20.c:301: Warning: Not found in function with return value Return statement/usr/lib/apr-1/build/libtool--silent--mode=link gcc-o mod_evasive20.la-rpath/usr/lib/httpd/modules- Module-avoid-version mod_evasive20.lo/usr/lib/httpd/build/instdso.sh sh_libtool= '/usr/lib/apr-1/build/libtool ' Mod_evasive20.la/usr/lib/httpd/modules/usr/lib/apr-1/build/libtool--mode=install CP mod_evasive20.la/usr/lib/ HTTPD/MODULES/LIBTOOL:INSTALL:CP. Libs/mod_evasive20.so/usr/lib/httpd/modules/mod_evasive20.solibtool:install: CP. LIBS/MOD_EVASIVE20.LAI/USR/LIB/HTTPD/MODULES/MOD_EVASIVE20.LALIBTOOL:INSTALL:CP. libs/mod_evasive20.a/usr/ Lib/httpd/modules/mod_evasive20.alibtool:install:chmod 644/usr/lib/httpd/modules/mod_evasive20.alibtool:install : Ranlib/usr/lib/httpd/modules/mod_evasive20.alibtool:finish:path= "/usr/lib/qt-3.3/bin:/usr/local/sbin:/usr/ Local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/inotify/bin:/root/bin:/sbin "Ldconfig-n /usr/lib/httpd/modules----------------------------------------------------------------------Libraries have been Installed in:/usr/lib/httpd/modules------> #被安装到了这里If ever happen to want to link against installed Librariesi n a given directory, Libdir, you must either use Libtool, andspecify the full pathname of the library, or use the '-llibdi     R ' flag during linking and do at least one of the following:-add Libdir to the ' Ld_library_path ' environment variable During Execution-add Libdir to the ' Ld_run_path ' environment variable during linking-use the '-wl,-rpath-w L,LIBDIR ' linker Flag-have Your system administrator add Libdir to '/etc/ld.so.conf ' see any operating system documenta tion about shared libraries Formore information, such as the LD (1) and ld.so (8) manual pages.----------------------------- -----------------------------------------chmod 755/usr/lib/httpd/modules/mod_evasive20.so

After that, a line can be seen in the configuration file (because the module loaded by the Apxs method is automatically generated)

# vim/usr/local/httpd/conf/httpd.conf LoadModule evasive20_module   modules/mod_evasive20.so

Add

If you encounter such an error:

#/usr/local/httpd/bin/apxs-i-a-c mod_evasive20.c/usr/local/apr/build-1/libtool--silent--mode=compile gcc-std=  Gnu99-prefer-pic-dlinux-d_reentrant-d_gnu_source-d_largefile64_source-o2-pg-pthread-i/usr/local/httpd/include -i/usr/local/apr/include/apr-1-i/usr/local/apr-util/include/apr-1-i/usr/local/apr-iconv/include/apr-1-I/usr/ Local/apr-iconv/include-c-o mod_evasive20.lo mod_evasive20.c && Touch mod_evasive20.slomod_evasive20.c:in function ' Access_checker ': mod_evasive20.c:142:error: ' Conn_rec ' has no member named ' Remote_ip ' mod_evasive20.c:146: Error: ' Conn_rec ' has no member named ' Remote_ip ' mod_evasive20.c:158:error: ' Conn_rec ' have no member named ' REMOTE_IP ' MoD _evasive20.c:165:error: ' Conn_rec ' has no member named ' Remote_ip ' mod_evasive20.c:180:error: ' Conn_rec ' have no member NA Med ' remote_ip ' mod_evasive20.c:187:error: ' Conn_rec ' has no member named ' Remote_ip ' Mod_evasive20.c:208:error: ' Conn_ Rec ' has no member named ' Remote_ip ' Mod_evasive20.C:212:warning:implicit declaration of function ' Getpid ' mod_evasive20.c:215:error: ' Conn_rec ' has no member named ' Remot E_ip ' mod_evasive20.c:221:error: ' Conn_rec ' has no member named ' Remote_ip ' mod_evasive20.c:222:error: ' Conn_rec ' have no M Ember named ' remote_ip ' mod_evasive20.c:228:error: ' Conn_rec ' has no member named ' Remote_ip ' Apxs:Error:Command failed WI Th rc=65536

The solution is to change the "remote" of the corresponding line to "client"

Installation of the Mod_security module

# tar XF modsecurity-apache_2.5.9.tar.gz# lsapache2 doc modsecurity.conf-minimal README. TXT toolschanges LICENSE modsecurity_licensing_exception rules# cd apache2/# apxs-i-a-c Mod_security2.c/usr/lib/ap R-1/build/libtool--silent--mode=compile gcc-prefer-pic-o2-g-pipe-wall-wp,-d_fortify_source=2-fexceptions-fstack -protector--param=ssp-buffer-size=4-m32-march=i686-mtune=atom-fasynchronous-unwind-tables-wformat-security- fno-strict-aliasing-dlinux=2-d_reentrant-d_gnu_source-d_largefile64_source-pthread-i/usr/include/httpd-i/usr/ Include/apr-1-i/usr/include/apr-1-c-o mod_security2.lo mod_security2.c && touch Mod_security2.slo included from Modse                 curity.h:38 file, from mod_security2.c:24:msc_pcre.h:24:18: Error: Pcre.h: There is no file or directory in the file containing the self-modsecurity.h:40, From mod_security2.c:24:msc_xml.h:25:31: Error: Libxml/xmlschemas.h: There is no file or directory msc_xml.h:26:26: Error: libxml/xpath.h: no that            Files or directories in the file included from Modsecurity.h:40,     From mod_security2.c:24: 

 ===> Error

# yum install libxml*#./configure--WITH-APXS=/USR/LOCAL/HTTPD/BIN/APXS--with-httpd-src=/usr/local/httpd/-- With-pcre=/usr/local/pcre/--with-apr=/usr/local/apr/bin/apr-1-config--with-libxml=/usr/------> How to install by compiling # make; Make Installmake: * * * [mod_security2.la] Error 1/usr/local/apr/build-1/libtool--silent--mode=compile gcc-std=gnu99- prefer-pic-dlinux-d_reentrant-d_gnu_source-d_largefile64_source-o2-pg-pthread-i/usr/local/httpd/include-i/usr/ Local/apr/include/apr-1-i/usr/local/apr-util/include/apr-1-i/usr/local/apr-iconv/include/apr-1-I/usr/local/ Apr-iconv/include-o2-g-wall-i/usr/local/httpd/include-i/usr/local/httpd/include-i.-I/usr/local/apr/include/ Apr-1-i/usr/local/apr-util/include/apr-1-i/usr/local/apr-iconv/include/apr-1-i/usr/local/apr-iconv/include-i/ Usr/local/pcre/include-i/usr/local/httpd//srclib/pcre-i/usr/local/pcre/include-i/usr/include/libxml2-c-O Mod_ Security2.lo mod_security2.c && Touch Mod_security2.slomod_security2.c:in function ' Create_tx_context ': mod_security2.c:345:error: ' Conn_rec ' has no member named ' Remote_ip ' Mod_ Security2.c:346:error: ' Conn_rec ' has no member named ' REMOTE_ADDR '------> #报错的地方mod_security2. c:in function ' Regi Ster_hooks ': mod_security2.c:1118:warning:passing argument 1 of ' ap_hook_error_log ' from incompatible pointer type/usr/  local/httpd/include/http_core.h:948:note:expected ' void (*) (const struct Ap_errorlog_info *, const char *) ' but argument is of type ' void (*) (const char *, int, int, apr_status_t, const struct SERVER_REC *, const struct REQUEST_REC *, Stru CT apr_pool_t *, const char *) ' Apxs:Error:Command failed with rc=65536

===> Error

# Vim MOD_SECURITY2.C

Change the original "remote" to the client:

There was a similar error at the back of ===>, and the same approach was resolved:

Then the installation succeeds:

Libraries has been installed in:   /usr/local/httpd/modules    ------> #安装到了这里If You ever happen to want to link Aga Inst installed librariesin A given directory, Libdir, you must either use Libtool, andspecify the full pathname of the Lib Rary, or use the '-llibdir ' flag during linking and does at least one of the following:   -add Libdir to the ' ld_library_p ATH ' environment variable     during execution   -add libdir to the ' Ld_run_path ' environment variable during     link ing   -Use the '-WL,-RPATH-WL,LIBDIR ' linker flag   -Has your system administrator add Libdir to '/etc/ld.so.conf ' See all operating system documentation about shared libraries Formore information, such as the LD (1) and ld.so (8) Manual P Ages.----------------------------------------------------------------------chmod 755/usr/local/httpd/modules/ Mod_security2.so

===> the error when starting the service:

#./apachectl Starthttpd:syntax error on line 169 Of/usr/local/httpd/conf/httpd.conf:cannot load Modules/mod_security2. So into server:/usr/local/httpd/modules/mod_security2.so:undefined symbol:unixd_set_global_mutex_perms

The contents of line 169 are as follows: LoadModule Security2_module modules/mod_security2.so
Not resolved ...

[Installation of lamp]--mod_security and mod_evasive modules

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.