MODSEC: Difference between revisions
Jump to navigation
Jump to search
Created page with ' <h1><center>MODSEC</center></h1> '''my whitelisting script''' <pre> wget http://shooltz.net/modsec_whitelister.sh chmod +x…' |
No edit summary |
||
| Line 1: | Line 1: | ||
<h1><center>MODSEC</center></h1> | <h1><center>MODSEC</center></h1> | ||
===== Modsec database is missing ===== | |||
When cpanel emails the customer an error similar to this follow this guide. | |||
/etc/cron.hourly/modsecparse.pl: | |||
DBI connect('modsec:localhost','modsec',...) failed: Access | |||
denied for user 'modsec'@'localhost' (using password: YES) at | |||
/etc/cron.hourly/modsecparse.pl line 19 Unable to connect to mysql database at | |||
/etc/cron.hourly/modsecparse.pl line 19. | |||
First check phpmyadmin to see if the modsec DB exists. If it does not please use the following to create it. | |||
mysql | |||
create database modsec; | |||
use modsec; | |||
CREATE TABLE `modsec` ( `id` int(11) NOT NULL auto_increment, `ip` varchar(15) default NULL, `date` date default NULL, `time` time default NULL, `handler` varchar(254) default NULL, `get` text, `host` varchar(254) default NULL, `mod_security_message` text, `mod_security_action` text, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; | |||
'''my whitelisting script''' | '''my whitelisting script''' | ||
Revision as of 12:31, 25 December 2010
MODSEC
Modsec database is missing
When cpanel emails the customer an error similar to this follow this guide.
/etc/cron.hourly/modsecparse.pl:
DBI connect('modsec:localhost','modsec',...) failed: Access
denied for user 'modsec'@'localhost' (using password: YES) at
/etc/cron.hourly/modsecparse.pl line 19 Unable to connect to mysql database at
/etc/cron.hourly/modsecparse.pl line 19.
First check phpmyadmin to see if the modsec DB exists. If it does not please use the following to create it.
mysql create database modsec; use modsec; CREATE TABLE `modsec` ( `id` int(11) NOT NULL auto_increment, `ip` varchar(15) default NULL, `date` date default NULL, `time` time default NULL, `handler` varchar(254) default NULL, `get` text, `host` varchar(254) default NULL, `mod_security_message` text, `mod_security_action` text, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
my whitelisting script
wget http://shooltz.net/modsec_whitelister.sh chmod +x modsec_whitelister.sh ./modsec_whitelister.sh
Remove specified directory from modsec
SecRule REQUEST_URI "URI goes here" phase:1,nolog,allow,ctl:ruleEngine=Off
Add to this file and restart
vi /usr/local/apache/conf/modsec2/whitelist.conf /etc/init.d/httpd restart /etc/init.d/apf restart
Remove a whole domain
SecRule SERVER_NAME "handymanreality.com" phase:1,nolog,allow,ctl:ruleEngine=Off
Common modsec uri's
/wp-admin/post.php /wp-admin/admin-ajax.php /wp-admin/page.php
Script to email Modsec logs
per day to the customer.
First make the script
touch /root/modseclog.sh touch /root/tmplog.txt touch /root/tmplog2.txt chmod +x /root/modseclog.sh vim /root/modseclog.sh
Paste the following into it.
#!/bin/bash
date=`date | awk '{print$2, $3}'`
echo "" > /root/tmplog.txt && echo "" > /root/tmplog2.txt
cat /usr/local/apache/logs/error_log | grep modsec > /root/tmplog.txt
cat /root/tmp.txt | grep "$date" > /root/tmplog2.txt
cat /root/tmplog2.txt | mail -s "Modsec Log for $date" (email goes here)
Save it and then add the following line into your crontab.
57 23 * * * /root/modseclog.sh
Now wait for 11:57 and then check your email. :P