Parallels H-Sphere Documentation Administrator Guide

 

Using Gotroot.com Modsecurity&trade Rules With H-Sphere

(3.1 Patch 1+) 		 
 

Related Docs:   Advanced Web Server Settings H-Sphere Apache (Sysadmin Guide) Web Server Configuration (Sysadmin Guide)

Last modified: 23 Jul 2008

 

WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the official Parallels site.

Since Parallels H-Sphere 3.1 Patch 1, we provide a new tool for loading Gotroot.com Modsecurity rules included into hsphere-apache-shared-h3.1 package.

At the moment, the following Gotroot rules are supported (the list may differ for Apache 1.x and 2.x, modsecurity 1.9 and 2.0-2.1 versions):

  • apache2-rules
  • badips
  • blacklist2
  • blacklist
  • exclude
  • jitp
  • proxy
  • recons
  • rootkits
  • rules
  • useragents

You can download Gotroot rules from http://www.gotroot.com/tiki-index.php?page=mod_security+rules

To be able to use Gotroot rules in Parallels H-Sphere, follow steps below:

Step One: Download necessary Gotroot rules archives and place them into the corresponding directories in your web box(es).

  • Apache 1.x: the rules are available for modsec 1.9 only.
    1. Enter a temporary directory
    2. Download archived Gotroot rules:
      # wget http://www.gotroot.com/downloads/ftp/mod_security/apache1/apache1-gotrootrules-latest.tar.gz
    3. Untar it into the temporary directory
      # tar zxf apache1-gotrootrules-latest.tar.gz
    4. Copy the configuration *.conf files to the /hsphere/pkg/config/httpd/gotrootrules directory:
      # cp -f ./apache1/*.conf /hsphere/pkg/config/httpd/gotrootrules/
  • Apache 2.x: it is required to download the rules for both modsec 1.9 and 2.0-2.1 versions.
    • modsec 1.9
      1. Enter a temporary directory
      2. Download archived Gotroot rules:
        # wget http://www.gotroot.com/downloads/ftp/mod_security/apache2/apache2-gotrootrules-latest.tar.gz
      3. Untar it into the temporary directory:
        # tar zxf apache2-gotrootrules-latest.tar.gz
      4. Copy the configuration *.conf files to the /hsphere/pkg/config/httpd2/gotrootrules directory:
        # cp -f ./apache2/*.conf /hsphere/pkg/config/httpd2/gotrootrules/
    • modsec 2.0-2.1
      1. Enter a temporary directory
      2. Download archived Gotroot rules:
        # wget http://www.gotroot.com/downloads/ftp/mod_security/2.0/apache2/apache2-gotrootrules-modsec2.0-latest.tar.gz
      3. Untar it into the /hsphere/pkg/config/httpd2/gotrootrules2 directory:
        # tar zxf apache2-gotrootrules-modsec2.0-latest.tar.gz -C /hsphere/pkg/config/httpd2/gotrootrules2

Step Two: run apache-load-gotrootrules.sh tool to load Gotroot rules into H-Sphere from configuration files:

# /hsphere/shared/scripts/apache-load-gotrootrules.sh -h

-h|--help option will show usage details:

usage:  apache-load-gotrootrules.sh [-f|--force] [<rule> <rule2> <ruleN>] [-h|--help]

        -f|--force : process rules from gotrootrules configuration files '*.conf' by force even if they were already loaded ('*.conf.tmpl' exists).
        <rule*>    : process rules from file '<rule*>.conf' only. Space separated list allowing to process more then one gotrootrule configuration file.
        -h|--help  : print this help messagee.
    
        Following gotrootrules are supported:
        apache2-rules badips blacklist2 blacklist exclude jitp proxy recons rootkits rules useragents

Examples:
        # apache-load-gotrootrules.sh --force jitp
        Process rules from 'jitp.conf' even if 'jitp.conf.tmpl' already exists

        # apache-load-gotrootrules.sh
        That will process only rules from new configuration files (if '*.conf' exista and '*.conf.tmpl' - not).

Step Three: enable Apache mod_security options in Admin CP:

Apache Mod_security Options
  • asecurity_rules - Web Application protection. Config file: rules.conf. Default: 0 (disabled).
  • asecurity_jitp - Just in Time Patches for Vulnerable Applications. Config file: jitp.conf. Default: 0 (disabled).
  • asecurity_useragents - Bad UserAgents blocking. Config file: useragents.conf. Default: 0 (disabled).
  • asecurity_blacklist - Comment spam blacklist. Config file: blacklist.conf. Default: 0 (disabled).
  • asecurity_blacklist2 - Compromised/Hacker boxes blacklist. Config file: blacklist2.conf. Default: 0 (disabled).
  • asecurity_apache2-rules - Additional Apache 2.x rules. Effective for apache 2.2 only. Config file: apache2-rules.conf. Default: 0 (disabled).
  • asecurity_rootkits - Known rootkits/worms. Config file: rootkits.conf. Default: 0 (disabled).
  • asecurity_exclude - Rule Exclusions. Config file: exclude.conf. Default: 0 (disabled).
  • asecurity_recons - "Google Hacks" signatures. Config file: recons.conf. Default: 0 (disabled).

Related Docs:   Advanced Web Server Settings H-Sphere Apache (Sysadmin Guide) Web Server Configuration (Sysadmin Guide)



Home Products Documentation Forums Partners Support Contact Us
© Copyright 2010. Parallels Holdings. All rights reserved.