System version: Red Hat 6
HTTPD version: httpd-2.4.20
Tar package: modsecurity-apache_2.5.9.tar.gz mod_evasive_1.10.1.tar.gz
About apxs:http://itlab.idcquan.com/linux/manual/apachemanual/programs/apxs.html
Installation of the Mod_evasive module
# Tar XF mod_evasive_1.10.1.tar.gz# cd mod_evasive# lschangelog mod_evasive20.c mod_evasive20.o Mod_evasiveNSAPI . clicense mod_evasive20.la mod_evasive20.slo readmemakefile.tmpl mod_evasive20.lo mod_evasive.c test.pl# A Pxs-i-a-c mod_evasive20.c/usr/lib/apr-1/build/libtool--silent--mode=compile gcc-prefer-pic-o2-g-pipe-wall-wp,- D_fortify_source=2-fexceptions-fstack-protector--param=ssp-buffer-size=4-m32-march=i686-mtune=atom- Fasynchronous-unwind-tables-wformat-security-fno-strict-aliasing-dlinux=2-d_reentrant-d_gnu_source-d_ Largefile64_source-pthread-i/usr/include/httpd-i/usr/include/apr-1-i/usr/include/apr-1-c-o Mod_evasive20.lo MoD _EVASIVE20.C && Touch mod_evasive20.slomod_evasive20.c: In function ' create_hit_list ': mod_evasive20.c:118: Warning: Return statement not found in function with return value MOD_EVASIVE20.C: in function ' Access_checker ': mod_evasive20.c:212: Warning: Implicitly declaring function ' Getpid ' mod_ EVASIVE20.C:212: Warning: Format '%ld ' requires type ' long int ', but the type of argument 3 is ' int ' mod_evasive20.c:229: Warning: Ignore declaration has The return value of the ' system ' of the Warn_unused_result property mod_evasive20.c: In function ' destroy_hit_list ': mod_evasive20.c:301: Warning: Not found in function with return value Return statement/usr/lib/apr-1/build/libtool--silent--mode=link gcc-o mod_evasive20.la-rpath/usr/lib/httpd/modules- Module-avoid-version mod_evasive20.lo/usr/lib/httpd/build/instdso.sh sh_libtool= '/usr/lib/apr-1/build/libtool ' Mod_evasive20.la/usr/lib/httpd/modules/usr/lib/apr-1/build/libtool--mode=install CP mod_evasive20.la/usr/lib/ HTTPD/MODULES/LIBTOOL:INSTALL:CP. Libs/mod_evasive20.so/usr/lib/httpd/modules/mod_evasive20.solibtool:install: CP. LIBS/MOD_EVASIVE20.LAI/USR/LIB/HTTPD/MODULES/MOD_EVASIVE20.LALIBTOOL:INSTALL:CP. libs/mod_evasive20.a/usr/ Lib/httpd/modules/mod_evasive20.alibtool:install:chmod 644/usr/lib/httpd/modules/mod_evasive20.alibtool:install : Ranlib/usr/lib/httpd/modules/mod_evasive20.alibtool:finish:path= "/usr/lib/qt-3.3/bin:/usr/local/sbin:/usr/ Local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/inotify/bin:/root/bin:/sbin "Ldconfig-n /usr/lib/httpd/modules----------------------------------------------------------------------Libraries have been Installed in:/usr/lib/httpd/modules------> #被安装到了这里If ever happen to want to link against installed Librariesi n a given directory, Libdir, you must either use Libtool, andspecify the full pathname of the library, or use the '-llibdi R ' flag during linking and do at least one of the following:-add Libdir to the ' Ld_library_path ' environment variable During Execution-add Libdir to the ' Ld_run_path ' environment variable during linking-use the '-wl,-rpath-w L,LIBDIR ' linker Flag-have Your system administrator add Libdir to '/etc/ld.so.conf ' see any operating system documenta tion about shared libraries Formore information, such as the LD (1) and ld.so (8) manual pages.----------------------------- -----------------------------------------chmod 755/usr/lib/httpd/modules/mod_evasive20.so
After that, a line can be seen in the configuration file (because the module loaded by the Apxs method is automatically generated)
# vim/usr/local/httpd/conf/httpd.conf LoadModule evasive20_module modules/mod_evasive20.so
Add
If you encounter such an error:
#/usr/local/httpd/bin/apxs-i-a-c mod_evasive20.c/usr/local/apr/build-1/libtool--silent--mode=compile gcc-std= Gnu99-prefer-pic-dlinux-d_reentrant-d_gnu_source-d_largefile64_source-o2-pg-pthread-i/usr/local/httpd/include -i/usr/local/apr/include/apr-1-i/usr/local/apr-util/include/apr-1-i/usr/local/apr-iconv/include/apr-1-I/usr/ Local/apr-iconv/include-c-o mod_evasive20.lo mod_evasive20.c && Touch mod_evasive20.slomod_evasive20.c:in function ' Access_checker ': mod_evasive20.c:142:error: ' Conn_rec ' has no member named ' Remote_ip ' mod_evasive20.c:146: Error: ' Conn_rec ' has no member named ' Remote_ip ' mod_evasive20.c:158:error: ' Conn_rec ' have no member named ' REMOTE_IP ' MoD _evasive20.c:165:error: ' Conn_rec ' has no member named ' Remote_ip ' mod_evasive20.c:180:error: ' Conn_rec ' have no member NA Med ' remote_ip ' mod_evasive20.c:187:error: ' Conn_rec ' has no member named ' Remote_ip ' Mod_evasive20.c:208:error: ' Conn_ Rec ' has no member named ' Remote_ip ' Mod_evasive20.C:212:warning:implicit declaration of function ' Getpid ' mod_evasive20.c:215:error: ' Conn_rec ' has no member named ' Remot E_ip ' mod_evasive20.c:221:error: ' Conn_rec ' has no member named ' Remote_ip ' mod_evasive20.c:222:error: ' Conn_rec ' have no M Ember named ' remote_ip ' mod_evasive20.c:228:error: ' Conn_rec ' has no member named ' Remote_ip ' Apxs:Error:Command failed WI Th rc=65536
The solution is to change the "remote" of the corresponding line to "client"
Installation of the Mod_security module
# tar XF modsecurity-apache_2.5.9.tar.gz# lsapache2 doc modsecurity.conf-minimal README. TXT toolschanges LICENSE modsecurity_licensing_exception rules# cd apache2/# apxs-i-a-c Mod_security2.c/usr/lib/ap R-1/build/libtool--silent--mode=compile gcc-prefer-pic-o2-g-pipe-wall-wp,-d_fortify_source=2-fexceptions-fstack -protector--param=ssp-buffer-size=4-m32-march=i686-mtune=atom-fasynchronous-unwind-tables-wformat-security- fno-strict-aliasing-dlinux=2-d_reentrant-d_gnu_source-d_largefile64_source-pthread-i/usr/include/httpd-i/usr/ Include/apr-1-i/usr/include/apr-1-c-o mod_security2.lo mod_security2.c && touch Mod_security2.slo included from Modse curity.h:38 file, from mod_security2.c:24:msc_pcre.h:24:18: Error: Pcre.h: There is no file or directory in the file containing the self-modsecurity.h:40, From mod_security2.c:24:msc_xml.h:25:31: Error: Libxml/xmlschemas.h: There is no file or directory msc_xml.h:26:26: Error: libxml/xpath.h: no that Files or directories in the file included from Modsecurity.h:40, From mod_security2.c:24:
===> Error
# yum install libxml*#./configure--WITH-APXS=/USR/LOCAL/HTTPD/BIN/APXS--with-httpd-src=/usr/local/httpd/-- With-pcre=/usr/local/pcre/--with-apr=/usr/local/apr/bin/apr-1-config--with-libxml=/usr/------> How to install by compiling # make; Make Installmake: * * * [mod_security2.la] Error 1/usr/local/apr/build-1/libtool--silent--mode=compile gcc-std=gnu99- prefer-pic-dlinux-d_reentrant-d_gnu_source-d_largefile64_source-o2-pg-pthread-i/usr/local/httpd/include-i/usr/ Local/apr/include/apr-1-i/usr/local/apr-util/include/apr-1-i/usr/local/apr-iconv/include/apr-1-I/usr/local/ Apr-iconv/include-o2-g-wall-i/usr/local/httpd/include-i/usr/local/httpd/include-i.-I/usr/local/apr/include/ Apr-1-i/usr/local/apr-util/include/apr-1-i/usr/local/apr-iconv/include/apr-1-i/usr/local/apr-iconv/include-i/ Usr/local/pcre/include-i/usr/local/httpd//srclib/pcre-i/usr/local/pcre/include-i/usr/include/libxml2-c-O Mod_ Security2.lo mod_security2.c && Touch Mod_security2.slomod_security2.c:in function ' Create_tx_context ': mod_security2.c:345:error: ' Conn_rec ' has no member named ' Remote_ip ' Mod_ Security2.c:346:error: ' Conn_rec ' has no member named ' REMOTE_ADDR '------> #报错的地方mod_security2. c:in function ' Regi Ster_hooks ': mod_security2.c:1118:warning:passing argument 1 of ' ap_hook_error_log ' from incompatible pointer type/usr/ local/httpd/include/http_core.h:948:note:expected ' void (*) (const struct Ap_errorlog_info *, const char *) ' but argument is of type ' void (*) (const char *, int, int, apr_status_t, const struct SERVER_REC *, const struct REQUEST_REC *, Stru CT apr_pool_t *, const char *) ' Apxs:Error:Command failed with rc=65536
===> Error
# Vim MOD_SECURITY2.C
Change the original "remote" to the client:
There was a similar error at the back of ===>, and the same approach was resolved:
Then the installation succeeds:
Libraries has been installed in: /usr/local/httpd/modules ------> #安装到了这里If You ever happen to want to link Aga Inst installed librariesin A given directory, Libdir, you must either use Libtool, andspecify the full pathname of the Lib Rary, or use the '-llibdir ' flag during linking and does at least one of the following: -add Libdir to the ' ld_library_p ATH ' environment variable during execution -add libdir to the ' Ld_run_path ' environment variable during link ing -Use the '-WL,-RPATH-WL,LIBDIR ' linker flag -Has your system administrator add Libdir to '/etc/ld.so.conf ' See all operating system documentation about shared libraries Formore information, such as the LD (1) and ld.so (8) Manual P Ages.----------------------------------------------------------------------chmod 755/usr/local/httpd/modules/ Mod_security2.so
===> the error when starting the service:
#./apachectl Starthttpd:syntax error on line 169 Of/usr/local/httpd/conf/httpd.conf:cannot load Modules/mod_security2. So into server:/usr/local/httpd/modules/mod_security2.so:undefined symbol:unixd_set_global_mutex_perms
The contents of line 169 are as follows: LoadModule Security2_module modules/mod_security2.so
Not resolved ...
[Installation of lamp]--mod_security and mod_evasive modules