How to install and secure egroupware - Directory UMM

More documents

Recommendations

Info

ModSecurity supports Apache 1.3x and Apache 2.x. 6.2.1 Installing ModSecurity Unpack the mod_security source: [root@server tmp]# tar xzvf mod_security-x.x.x.tar.gz Change to the mod_security directory: [root@server tmp]# cd mod_security-x.x.x/apache2 You can compile the module as an Apache DSO (Dynamic Shared Object) module or statically into the web server. If you compile it statically, you must also recompile Apache. This may yield a slight performance gain, but in general it is not significant. The following example shows only how to compile ModSecurity as a DSO module: [root@server apache2]# apxs -cia mod_security.c Under Redhat, add the follow line to your httpd.conf under the section where the modules are loaded: [root@server mod_security-1.7.4]# vi /etc/httpd/conf/httpd.conf Include /etc/httpd/conf.d/mod_security.conf You must restart your Apache web server to activate ModSecurity: 6.2.2 Basic setup [root@server mod_security-1.7.4]# apachectl stop [root@server mod_security-1.7.4]# apachectl start ModSecurity has some sample setup files included to help you configure it. You can also convert Snort rules to use them inside ModSecurity. Sample Snort rules can found on the project server or you can convert them yourself. # Turn the filtering engine On or Off SecFilterEngine On # Make sure that URL encoding is valid SecFilterCheckURLEncoding On # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis. "On" will log everything, # "DynamicOrRelevant" will log dynamic requests or violations, # and "RelevantOnly" will only log policy violations SecAuditEngine RelevantOnly Reiner Jung Install and Secure eGroupWare Page 34 of 67
# The name of the audit log file SecAuditLog logs/audit_log SecFilterDebugLog logs/modsec_debug_log SecFilterDebugLevel 0 # Should mod_security inspect POST payloads SecFilterScanPOST On # Action to take by default SecFilterDefaultAction "deny,log,status:500" # Prevent path traversal (..) attacks SecFilter "\.\./" # Weaker XSS protection but allows common HTML tags SecFilter "
Page 1 and 2: How to Install and Secure eGroupWar
Page 3 and 4: Index Index .......................
Page 5 and 6: 7.5.3 Step 3 - Set Up Your User Acc
Page 7 and 8: 2 Express Install HOWTO This “How
Page 9 and 10: 4) Ensure that your web server and
Page 11 and 12: and for initial setup only 12) Mana
Page 13 and 14: 4 Updating eGroupWare 4.1 Updating
Page 15 and 16: [root@server root]# gpg --list-keys
Page 17 and 18: [user@server tmp]$ md5sum eGroupWar
Page 19 and 20: [user@server tmp]$ unzip /tmp/eGrou
Page 21 and 22: Conclusion: Minimum necessary open
Page 23 and 24: • strings.c: quick and dirty stri
Page 25 and 26: � If possible, use only SSHv2 con
Page 27 and 28: There is one important line in the
Page 29 and 30: verbose=5 report_url=file:/var/log/
Page 31 and 32: [ -z "$MAILTO" ] && MAILTO="root" i
Page 33: Inode : 111362 , 111363 MD5 : UM0er
Page 37 and 38: Handler: cgi-script ---------------
Page 39 and 40: %description devel The php-devel pa
Page 41 and 42: 6.4.4 Web interface Turck MMCache c
Page 43 and 44: log_errors = On ; Store the last er
Page 45 and 46: localityName = Locality Name (eg, c
Page 47 and 48: 6.7 The web server Secure your web
Page 49 and 50: 7 Setup eGroupWare 7.1 Creating you
Page 51 and 52: 7.4 Creating your header.inc.php Mo
Page 53 and 54: Click Re-Check My Installation: If
Page 55 and 56: � Enter the hostname of your serv
Page 57 and 58: 7.5.4 Step 4 - Manage Languages The
Page 59 and 60: 9.5 Cannot get past the Check Insta
Page 61 and 62: 10 Software Map AIDE, Advanced Intr
Page 63 and 64: php project Platform Linux / BSD /
Page 65 and 66: * Sun Nov 22 2003 Reiner Jung 0.3
Page 67: 13 Humanly-Readable License Attribu

How to install and secure egroupware - Directory UMM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?