Quantcast
Channel: CSx1
Viewing all articles
Browse latest Browse all 2

Linux VPS Security with mod_security and fail2ban

0
0

Our VPS team wanted to improve the security on our Linux VPS VMs.  We opted to use mod_security and fail2ban.  Note that we use them independently.  We do not ban visits that violate mod_security, we simply discard the visit.

NOTE:

mod_evasive doesn’t work with Apache 2.4.1 anymore.

It stores the violation counts PER CHILD.  Attackers don’t hit the same child enough times in the time interval to trip the system.
If you have 100 child threads, then you are diluted 1/100 for the time interval

DO NOT USE mod_evasive.

Use mod_security instead
but it won’t ban IP addresses
yum install mod_security (install mod_security)
yum install mod-security_crs (install OWASP security rules for mod_security)

After installing mod_security, you may get a FAILED message at service httpd restart
You’ll find a similar message in /var/log/httpd/error_log
[alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of “myserver.mydomain.local”
BE CERTAIN that the HOSTNAME value in /etc/syscconfig/network is also a 127.0.0.1 record in /etc/hosts

Use fail2ban

yum install fail2ban
vi /etc/fail2ban/jail.local
[apache-banhermes]
enabled = true
filter = apache-banhermes
logpath = /var/log/httpd/access_log
maxretry = 1
bantime = 60000
action = iptables-multiport[name=banhermes, port=”http,https”]
backend = polling

vi /etc/fail2ban/filter.d/apache-banhermes.conf
[Definition]

failregex = ^<HOST> -.*”(GET|POST) \/hermes\/
ignoreregex =

service start fail2ban

The post Linux VPS Security with mod_security and fail2ban appeared first on CSx1.


Viewing all articles
Browse latest Browse all 2

Latest Images

Trending Articles





Latest Images