#!/usr/bin/perl my $controlPanel = undef; my $apacheVersion = undef; $| = 1; ### # Detect control panel ### if(-e "/usr/local/cpanel") { $controlPanel = 'cpanel'; } elsif(-e "/etc/cobalt-release") { $controlPanel = 'raq'; } elsif(-e "/usr/local/psa") { $controlPanel = 'plesk'; } elsif(-e "/usr/lib/opcenter") { $controlPanel = 'ensim'; } else { $controlPanel = 'stock'; } ### # Detect apache version ### if($controlPanel eq 'cpanel') { $apacheVersion = '1'; } else { my $output = `rpm -q httpd`; if($output =~ /not installed/i) { $apacheVersion = '1'; } else { $apacheVersion = '2'; } } if($controlPanel eq 'raq') { $apacheVersion = '1'; } ### # Print details and confirm ### print qq~ Please confirm installation information: Apache Version: $apacheVersion Control Panel: $controlPanel Confirm (y/N): ~; my $confirmOutput = ; chomp($confirmOutput); unless(($confirmOutput eq 'y') or ($confirmOutput eq 'Y')) { exit; } ### # Now lets do the install ### print "Getting mod_security and extracting....\n"; # Get mod_security chdir("/tmp"); system("cd /tmp"); system("wget http://www.modsecurity.org/download/modsecurity-apache-1.9.1.tar.gz"); system("tar -zxf modsecurity-apache-1.9.1.tar.gz"); system("cd modsecurity-apache-1.9,1/apache${apacheVersion}"); chdir("/tmp/modsecurity-apache-1.9.1/apache${apacheVersion}"); print "Building mod_security for Apache $apacheVersion....\n"; if($controlPanel eq 'cpanel') { system("/usr/local/apache/bin/apxs -cia mod_security.c"); } else { system("/usr/sbin/apxs -cia mod_security.c"); } print "Installing mod_security...."; if($controlPanel eq 'cpanel') { system("echo 'Include /usr/local/apache/etc/mod_security.conf' >> /usr/local/apache/conf/httpd.conf"); open(FILE, ">/usr/local/apache/etc/mod_security.conf"); print FILE qq~ AddModule mod_security.c # Turn the filtering engine On or Off SecFilterEngine On # Change Server: string SecServerSignature "Apache" # This setting should be set to On only if the Web site is # using the Unicode encoding. Otherwise it may interfere with # the normal Web site operation. SecFilterCheckUnicodeEncoding Off # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis. "On" will log everything, # "DynamicOrRelevant" will log dynamic requests or violations, # and "RelevantOnly" will only log policy violations SecAuditEngine RelevantOnly # The name of the audit log file SecAuditLog logs/audit_log # Should mod_security inspect POST payloads SecFilterScanPOST On # Action to take by default SecFilterDefaultAction "deny,log,status:403" # Require HTTP_USER_AGENT and HTTP_HOST in all requests # SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^\$" # Require Content-Length to be provided with # every POST request SecFilterSelective REQUEST_METHOD "^POST\$" chain SecFilterSelective HTTP_Content-Length "^\$" # Don't accept transfer encodings we know we don't handle # (and you don't need it anyway) SecFilterSelective HTTP_Transfer-Encoding "!^\$" # Protecting from XSS attacks through the PHP session cookie SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*\$" SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*\$" SecFilter "viewtopic\.php\?" chain SecFilter "chr\(([0-9]{1,3})\)" "deny,log" # Block various methods of downloading files to a server SecFilterSelective THE_REQUEST "wget " SecFilterSelective THE_REQUEST "lynx " SecFilterSelective THE_REQUEST "scp " SecFilterSelective THE_REQUEST "ftp " SecFilterSelective THE_REQUEST "cvs " SecFilterSelective THE_REQUEST "rcp " SecFilterSelective THE_REQUEST "curl " SecFilterSelective THE_REQUEST "telnet " SecFilterSelective THE_REQUEST "ssh " SecFilterSelective THE_REQUEST "echo " SecFilterSelective THE_REQUEST "links -dump " SecFilterSelective THE_REQUEST "links -dump-charset " SecFilterSelective THE_REQUEST "links -dump-width " SecFilterSelective THE_REQUEST "links http:// " SecFilterSelective THE_REQUEST "links ftp:// " SecFilterSelective THE_REQUEST "links -source " SecFilterSelective THE_REQUEST "mkdir " SecFilterSelective THE_REQUEST "cd /tmp " SecFilterSelective THE_REQUEST "cd /var/tmp " SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy " SecFilterSelective THE_REQUEST "/config.php?v=1\&DIR " SecFilterSelective THE_REQUEST "/../../ " SecFilterSelective THE_REQUEST "\&highlight=\%2527\%252E " SecFilterSelective THE_REQUEST "changedir=\%2Ftmp\%2F.php " SecFilterSelective THE_REQUEST "arta\.zip " SecFilterSelective THE_REQUEST "cmd=cd\x20/var " SecFilterSelective THE_REQUEST "HCL_path=http " SecFilterSelective THE_REQUEST "clamav-partial " SecFilterSelective THE_REQUEST "vi\.recover " SecFilterSelective THE_REQUEST "netenberg " SecFilterSelective THE_REQUEST "psybnc " SecFilterSelective THE_REQUEST "fantastico_de_luxe " #Block BCC/PHP Spam SecFilterSelective THE_REQUEST "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:" # WEB-PHP phpbb quick-reply.php arbitrary command attempt SecFilterSelective THE_REQUEST "/quick-reply\.php" chain SecFilter "phpbb_root_path=" ~; close(FILE); } else { if($apacheVersion < 2) { system("echo 'Include /etc/httpd/conf/mod_security.conf' >> /etc/httpd/conf/httpd.conf"); open(FILE, ">/etc/httpd/conf/mod_security.conf"); print FILE qq~ AddModule mod_security.c # Turn the filtering engine On or Off SecFilterEngine On # Change Server: string SecServerSignature "Apache" # This setting should be set to On only if the Web site is # using the Unicode encoding. Otherwise it may interfere with # the normal Web site operation. SecFilterCheckUnicodeEncoding Off # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis. "On" will log everything, # "DynamicOrRelevant" will log dynamic requests or violations, # and "RelevantOnly" will only log policy violations SecAuditEngine RelevantOnly # The name of the audit log file SecAuditLog logs/audit_log # Should mod_security inspect POST payloads SecFilterScanPOST On # Action to take by default SecFilterDefaultAction "deny,log,status:403" ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## # Require HTTP_USER_AGENT and HTTP_HOST in all requests # SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^\$" # Require Content-Length to be provided with # every POST request SecFilterSelective REQUEST_METHOD "^POST\$" chain SecFilterSelective HTTP_Content-Length "^\$" # Don't accept transfer encodings we know we don't handle # (and you don't need it anyway) SecFilterSelective HTTP_Transfer-Encoding "!^\$" # Protecting from XSS attacks through the PHP session cookie SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*\$" SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*\$" SecFilter "viewtopic\.php\?" chain SecFilter "chr\(([0-9]{1,3})\)" "deny,log" # Block various methods of downloading files to a server SecFilterSelective THE_REQUEST "wget " SecFilterSelective THE_REQUEST "lynx " SecFilterSelective THE_REQUEST "scp " SecFilterSelective THE_REQUEST "ftp " SecFilterSelective THE_REQUEST "cvs " SecFilterSelective THE_REQUEST "rcp " SecFilterSelective THE_REQUEST "curl " SecFilterSelective THE_REQUEST "telnet " SecFilterSelective THE_REQUEST "ssh " SecFilterSelective THE_REQUEST "echo " SecFilterSelective THE_REQUEST "links -dump " SecFilterSelective THE_REQUEST "links -dump-charset " SecFilterSelective THE_REQUEST "links -dump-width " SecFilterSelective THE_REQUEST "links http:// " SecFilterSelective THE_REQUEST "links ftp:// " SecFilterSelective THE_REQUEST "links -source " SecFilterSelective THE_REQUEST "mkdir " SecFilterSelective THE_REQUEST "cd /tmp " SecFilterSelective THE_REQUEST "cd /var/tmp " SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy " SecFilterSelective THE_REQUEST "/config.php?v=1&DIR " SecFilterSelective THE_REQUEST "/../../ " SecFilterSelective THE_REQUEST "\&highlight=\%2527\%252E " SecFilterSelective THE_REQUEST "changedir=\%2Ftmp\%2F.php " SecFilterSelective THE_REQUEST "arta\.zip " SecFilterSelective THE_REQUEST "cmd=cd\x20/var " SecFilterSelective THE_REQUEST "HCL_path=http " SecFilterSelective THE_REQUEST "clamav-partial " SecFilterSelective THE_REQUEST "vi\.recover " SecFilterSelective THE_REQUEST "netenberg " SecFilterSelective THE_REQUEST "psybnc " SecFilterSelective THE_REQUEST "fantastico_de_luxe " #Block BCC/PHP Spam SecFilterSelective THE_REQUEST "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:" # WEB-PHP phpbb quick-reply.php arbitrary command attempt SecFilterSelective THE_REQUEST "/quick-reply\.php" chain SecFilter "phpbb_root_path=" ~; close(FILE); } else { open(FILE, ">/etc/httpd/conf.d/mod_security.conf"); print FILE qq~ LoadModule security_module modules/mod_security.so # Turn the filtering engine On or Off SecFilterEngine On # Change Server: string SecServerSignature "Apache" # This setting should be set to On only if the Web site is # using the Unicode encoding. Otherwise it may interfere with # the normal Web site operation. SecFilterCheckUnicodeEncoding Off # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis. "On" will log everything, # "DynamicOrRelevant" will log dynamic requests or violations, # and "RelevantOnly" will only log policy violations SecAuditEngine RelevantOnly # The name of the audit log file SecAuditLog logs/audit_log # Should mod_security inspect POST payloads SecFilterScanPOST On # Action to take by default SecFilterDefaultAction "deny,log,status:403" ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## # Require HTTP_USER_AGENT and HTTP_HOST in all requests # SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^\$" # Require Content-Length to be provided with # every POST request SecFilterSelective REQUEST_METHOD "^POST\$" chain SecFilterSelective HTTP_Content-Length "^\$" # Don't accept transfer encodings we know we don't handle # (and you don't need it anyway) SecFilterSelective HTTP_Transfer-Encoding "!^\$" # Protecting from XSS attacks through the PHP session cookie SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*\$" SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*\$" SecFilter "viewtopic\.php\?" chain SecFilter "chr\(([0-9]{1,3})\)" "deny,log" # Block various methods of downloading files to a server SecFilterSelective THE_REQUEST "wget " SecFilterSelective THE_REQUEST "lynx " SecFilterSelective THE_REQUEST "scp " SecFilterSelective THE_REQUEST "ftp " SecFilterSelective THE_REQUEST "cvs " SecFilterSelective THE_REQUEST "rcp " SecFilterSelective THE_REQUEST "curl " SecFilterSelective THE_REQUEST "telnet " SecFilterSelective THE_REQUEST "ssh " SecFilterSelective THE_REQUEST "echo " SecFilterSelective THE_REQUEST "links -dump " SecFilterSelective THE_REQUEST "links -dump-charset " SecFilterSelective THE_REQUEST "links -dump-width " SecFilterSelective THE_REQUEST "links http:// " SecFilterSelective THE_REQUEST "links ftp:// " SecFilterSelective THE_REQUEST "links -source " SecFilterSelective THE_REQUEST "mkdir " SecFilterSelective THE_REQUEST "cd /tmp " SecFilterSelective THE_REQUEST "cd /var/tmp " SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy " SecFilterSelective THE_REQUEST "/config.php?v=1\&DIR " SecFilterSelective THE_REQUEST "/../../ " SecFilterSelective THE_REQUEST "\&highlight=\%2527\%252E " SecFilterSelective THE_REQUEST "changedir=\%2Ftmp\%2F.php " SecFilterSelective THE_REQUEST "arta\.zip " SecFilterSelective THE_REQUEST "cmd=cd\x20/var " SecFilterSelective THE_REQUEST "HCL_path=http " SecFilterSelective THE_REQUEST "clamav-partial " SecFilterSelective THE_REQUEST "vi\.recover " SecFilterSelective THE_REQUEST "netenberg " SecFilterSelective THE_REQUEST "psybnc " SecFilterSelective THE_REQUEST "fantastico_de_luxe " #Block BCC/PHP Spam SecFilterSelective THE_REQUEST "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:" # WEB-PHP phpbb quick-reply.php arbitrary command attempt SecFilterSelective THE_REQUEST "/quick-reply\.php" chain SecFilter "phpbb_root_path=" ~; close(FILE); } } print "\n\n\nDone...\n";