Slitaz Apache 與 mod_security

近日對 Slitaz 既興趣越來越高, 但係原來佢都係有唔完美缺點既. 佢既優點當然係容量小, 電腦硬件要求低. 正正因為容量小, 軟件包支援亦相對少, 而且就算有支援亦並非代表可以有功能上既擴展. 例如, 沒有 mod_security 軟件包提供, 要各位努力 compile. 雖然 modsecurity 有完善既說明文件, 但在 Slitaz 身上卻變成有點困難. 下文會先列出必須既軟件, 最後才將安裝步驟簡單列出.

在 Slitaz, 先安裝套件:
slitaz-toolchain, gcc, apache-dev, apr-dev, lua-dev, curl-dev, apr-util-dev, pcre-dev, libxml2-dev, expat-dev

用 modsecurity  網站所提及既步驟便可:
1. 先解壓 source;
2. cd apache2;
3. 執行 ./configure;
4. 執行 make;
5. 執行 make test;
6. mlogc 因為還未找到方法安裝, 所以在此省略;
7. 執行 make install 安裝 apache module 至/usr/share/apache/modules/mod_security2.so
8. 修改 apache 設定檔, 在 LoadModule 段最後一行加入 LoadModule security2_module share/apache/modules/mod_security2.so;
9. 重啟 apache

下一步便是加入 mod_security rules set 及進一步針對自己需要修改 rules set. 因為小弟仲未完全掌握, 所以就請各位多多交流.

English Version:
mini-Howto Slitaz apache with mod_security

I know it is quite straight forward, but it’s a good way for my reference.

  1. install Slitaz
  2. install apache, you may got a ssl cert. problem by default, please read my other article or search in web
  3. install the following packages:
    slitaz-toolchain, gcc, apache-dev, apr-dev, lua-dev, curl-dev, apr-util-dev, pcre-dev, libxml2-dev, expat-dev
  4. download the mod_security source from the official web site – http://www.modsecurity.org
  5. unzip the tarball
  6. cd to ./apache2
  7. make
  8. make test
  9. mlogc is optional, so ignored it
  10. make install
  11. copy mod_security module to /usr/share/apache/modules/mod_security2.so
  12. edit apache config, in the last line of LoadModule, add an extra entry:
    LoadModule security2_module share/apache/modules/mod_security2.so;
  13. save the changes in config file
  14. restart apache

The final stage will be applied the rule sets and fine tune it. As my skill is also limited on this, it’s welcome you all to share with me.

/usr/share/apache/modules/mod_security2.so

Leave a comment

Please leave your comment on the topic

This site uses Akismet to reduce spam. Learn how your comment data is processed.