Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: War on AMP |
|
| Author |
|
somnang
Joined: 08 Apr 2011
Posts: 61
|
 Posted: Fri 15 Apr '11 1:48 Post subject: War on AMP |
 |
|
Hi guys,
As far as I can tell, it seems to me that there's not many sites out there with such a degree of experience with AMP. I have been trying to set up AMP on my computer as a production site with a security as tight as possible. I have use google as my tool to battle with this and end up with only a few links to bookmark.
For the last two weeks, I have exhausted many hours of searching for a possible solution to this. At this time, I am pleading to you guys for help. If you have any tips or definitive info on how to do all this, I will be in debt to you.
I have so many questions that I just don't know where to start. I have been using ModSecurity with the latest core security rule set. I have read and soaked up so much on this issue but yet I have learn very little. To cut to the chase, here's my objective.
Objectives/Goals:
My aim is to have a personal web blogging site using Joomla as CMS. What module is required of such task? I need to iron out the problem that I been having with ModSecurity. Why is it acting strangely between v2.5.12 and v2.5.13?
Currently, I've just realized that my logging are not real-time. The logs are held in memory and will not update the log until I "Stop" the Apache service for the log to be passed to the log file.
My Apache runs but with hints that it is not working properly. When I use "httpd -e debug" I get syntax error "Failed to open log file."
Modsec_audit.log although reported in debug mode as "file cannot be found", still accept logs from cache but not in real-time logging.
Modsec_debug.log is always 0byte in file size. It does not contain any type of log data.
Under Joomla CMS blogging environment on a "Production" base server, will these modules suffice?
| Code: | LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_alias_module modules/mod_authn_alias.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cache_module modules/mod_cache.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule dumpio_module modules/mod_dumpio.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule filter_module modules/mod_filter.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
#LoadModule ldap_module modules/mod_ldap.so
LoadModule logio_module modules/mod_logio.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule security2_module modules/mod_security2.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule status_module modules/mod_status.so
#LoadModule substitute_module modules/mod_substitute.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule version_module modules/mod_version.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
|
Please help letting me know which modules are required for such environment.
In "mod_security.conf" as shown below:
| Code: |
# Debug log
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 0
# Serial audit log
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus ^5
SecAuditLogParts ABIFHZ
SecAuditLogType Serial
SecAuditLog logs/modsec_audit.log
|
Both of the files are tagged as file does not exist but yet the files are there. Apache starts up fine. Only see error in debug mode. Apache ONLY make use of modsec_audit.log but not modsec_debug.log.
Thank you so much for the help as I have been trying to do this for almost two weeks now with very little sleep. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Fri 15 Apr '11 5:45 Post subject: |
|
|
Which OS? I'm guessing Vista/2008/7, which Apache seems to be "funny" when run at the command line as a user (tho file problems seem to disappear when run as a service, even if service is running as a limited user).
I'm not a cache expert but seems both disk & mem cache could cause a problem, but this is simply 'my' theory.
No deflate? Care to save some Australians & others on bandwidth meters a few bytes here and there?
Joomla doesn't require much special as far as Apache, rewrite is the only thing I can think of off the top of my head.
Why mod_security is so different between 2.5.12 & 2.5.13 could be the module switched authors between those two versions. I was reluctant to even build 2.5.13 because of that. Of course, adding features/rules always leaves room for more features (read bugs). Let's not forget how lucky a number 13 is. 
Harden up your php, that is probably a good idea. Most servers seem to be pwned these days thanks to php apps so keep that joomla, php & Windoze up to date, Apache too. I think there's a 2.2.18 on the near horizon with some security related fixes.
Hopefully some others here can shed more light than I just have. |
|
| Back to top |
|
somnang
Joined: 08 Apr 2011
Posts: 61
|
| Posted: Fri 15 Apr '11 8:07 Post subject: |
|
|
Yes I am running Windows 7. Yeah the command prompt seems to give all sorts of different things.
Yeah I will disable cache on both and test server again.
I will take your suggestion on deflate. I thought I probably didn't need them.
lol yeah must be the number 13  I'll probably wait for 2.2.18. Thanks for your reply. |
|
| Back to top |
|
|
|
|
|
|
