source-git / mod_security

Clone
Source Code
GIT

Blame README_WINDOWS.TXT

c8 c8s master
  1.   ba188dece0c583a56872d605e0b5e95102d754bb
  2.   README_WINDOWS.TXT
Blob History Raw
Packit Service 384592 
=====================================================================
Packit Service 384592 
MOD_SECURITY 2.6  Command-line Build notes for Windows       4/2/2011
Packit Service 384592 
by Tom Donovam
Packit Service 384592 
=====================================================================
Packit Service 384592
Packit Service 384592 
PREREQUISITES:
Packit Service 384592
Packit Service 384592 
    Microsoft Visual Studio C++                                                     tested with Visual Studio 2008 (aka VC9)
Packit Service 384592
Packit Service 384592 
    CMake build system from:   http://www.cmake.org/                                tested with CMake v2.8.0
Packit Service 384592
Packit Service 384592 
    Apache 2.2.x  from:        http://httpd.apache.org/                             tested with Apache 2.2.17
Packit Service 384592 
        Apache must be built from source using the same Visual Studio compiler as mod_security.
Packit Service 384592
Packit Service 384592 
    PCRE  Perl Compatible Regular Expression library from: http://www.pcre.org/     tested with PCRE v8.12
Packit Service 384592
Packit Service 384592 
    LibXML2 from: http://xmlsoft.org/                       tested with LibXML2 v2.7.7
Packit Service 384592 
        Note that LibXML2 v2.7.8 does not build correctly for Windows
Packit Service 384592
Packit Service 384592 
    Lua Scripting Language from:  http://www.lua.org/       tested with Lua v5.1.4
Packit Service 384592
Packit Service 384592 
    cURL multiprotocol file transfer library from: http://curl.haxx.se/             tested with cURL v7.21.4
Packit Service 384592
Packit Service 384592
Packit Service 384592 
BEFORE BUILDING
Packit Service 384592
Packit Service 384592 
The directory where you build software from source ( C:\work in this exmaple)
Packit Service 384592 
must contain the Apache source you used to build the Apache web serverand the mod_security source
Packit Service 384592
Packit Service 384592 
    Apache source is in             C:\work\httpd-2.2.17    in this example.
Packit Service 384592 
    Apache has been installed to    C:\Apache2217           in this example.
Packit Service 384592 
    Mod_security source is in       C:\work\mod_security    in this example.
Packit Service 384592
Packit Service 384592 
Download and untar the prerequite library sources:
Packit Service 384592
Packit Service 384592 
    Download pcre-8.12.tar.gz     from ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
Packit Service 384592 
    untar it into C:\work\  creating C:\work\pcre-8.12
Packit Service 384592
Packit Service 384592 
    Download libxml2-2.7.7.tar.gz    from ftp://xmlsoft.org/libxml2/
Packit Service 384592 
    untar it into C:\work\ creating C:\work\libxml2-2.7.7
Packit Service 384592
Packit Service 384592 
    Download lua-5.1.4.tar.gz from http://www.lua.org/ftp/
Packit Service 384592 
    untar it into C:\work\ creating C:\work\lua-5.1.4
Packit Service 384592
Packit Service 384592 
    Download curl-7.21.4.tar.gz from http://curl.haxx.se/download.html
Packit Service 384592 
    untar it into C:\work\ creating C:\work\curl-7.21.4
Packit Service 384592
Packit Service 384592 
Setup your build environment:
Packit Service 384592
Packit Service 384592 
    The PATH environment variable must include the Visual Studio variables as set by vsvars32.bat
Packit Service 384592 
    The PATH environment variable must also include the CMAKE bin\ directory
Packit Service 384592
Packit Service 384592 
    Set an environment variable to the Apache source code directory:
Packit Service 384592
Packit Service 384592 
        SET HTTPD_BUILD=C:\work\httpd-2.2.17
Packit Service 384592
Packit Service 384592 
    If OpenSSL and Zlib support were included when you built Apache 2.2, and you want them available to LIBXML2 and CURL
Packit Service 384592
Packit Service 384592 
        Ensure that cURL and libXML2 can find the OpenSSL and Zlib includes and libraries that Apache was built with.
Packit Service 384592
Packit Service 384592 
            SET INCLUDE=%INCLUDE%;%HTTPD_BUILD%\srclib\openssl\inc32;%HTTPD_BUILD%\srclib\zlib
Packit Service 384592 
            SET LIB=%LIB%;%HTTPD_BUILD%\srclib\openssl\out32dll;%HTTPD_BUILD%\srclib\zlib
Packit Service 384592
Packit Service 384592 
        Ensure that cURL and libXML2 don't use the static zlib library: zlib.lib.
Packit Service 384592 
        Force cURL and libXML2 to use zdll.lib instead, requiring zlib1.dll at runtime:
Packit Service 384592
Packit Service 384592 
            IF EXIST %HTTPD_BUILD%\srclib\zlib\zlib.lib  DEL %HTTPD_BUILD%\srclib\zlib\zlib.lib
Packit Service 384592
Packit Service 384592 
BUILD PCRE-8.12
Packit Service 384592
Packit Service 384592 
    CD C:\work\pcre-8.12
Packit Service 384592 
    CMAKE   -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True
Packit Service 384592 
    NMAKE
Packit Service 384592
Packit Service 384592 
BUILD LIBXML2-2.7.7  (note: the more recent version: 2.7.8 does not build correctly on Windows)
Packit Service 384592
Packit Service 384592 
    CD C:\work\libxml2-2.7.7\win32
Packit Service 384592 
    CSCRIPT configure.js iconv=no vcmanifest=yes zlib=yes
Packit Service 384592 
    NMAKE -f Makefile.msvc
Packit Service 384592
Packit Service 384592 
BUILD LUA-5.1.4
Packit Service 384592
Packit Service 384592 
    CD C:\work\lua-5.1.4\src
Packit Service 384592 
    CL /Ox /arch:SSE2 /GF /GL /Gy /FD /EHsc /MD  /Zi /TC /wd4005 /D "_MBCS" /D "LUA_CORE" /D "LUA_BUILD_AS_DLL" /D "_CRT_SECURE_NO_WARNINGS" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_WIN32" /D "_WINDLL" /c *.c
Packit Service 384592 
    DEL lua.obj luac.obj
Packit Service 384592 
    LINK /DLL /LTCG /DEBUG /OUT:lua5.1.dll *.obj
Packit Service 384592 
    IF EXIST lua5.1.dll.manifest MT  -manifest lua5.1.dll.manifest -outputresource:lua5.1.dll;2
Packit Service 384592
Packit Service 384592 
BUILD CURL-7.21.4
Packit Service 384592
Packit Service 384592 
    CD C:\work\curl-7.21.4
Packit Service 384592 
    CMAKE   -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True -DCURL_ZLIB=True
Packit Service 384592 
    NMAKE
Packit Service 384592
Packit Service 384592 
BUILD MOD_SECURITY-2.6
Packit Service 384592
Packit Service 384592 
    CD C:\work\mod_security\apache2
Packit Service 384592 
    NMAKE -f Makefile.win APACHE=C:\Apache2217 PCRE=C:\work\pcre-8.12 LIBXML2=C:\work\libxml2-2.7.7 LUA=C:\work\lua-5.1.4\src
Packit Service 384592
Packit Service 384592 
INSTALL MOD_SECURITY AND RUN APACHE
Packit Service 384592
Packit Service 384592 
Copy these five files to C:\Apache2217\bin:
Packit Service 384592 
    C:\work\pcre-8.12\pcre.dll C:\Apache2217\bin\
Packit Service 384592 
    C:\work\lua-5.1.4\src\lua5.1.dll C:\Apache2217\bin\
Packit Service 384592 
    C:\work\libxml2-2.7.7\win32\bin.msvc\libxml2.dll  C:\Apache2217\bin\
Packit Service 384592 
    C:\work\curl-7.21.4\libcurl.dll  C:\Apache2217\bin\
Packit Service 384592 
    C:\work\mod_security\apache2\mlogc-src\mlogc.exe
Packit Service 384592
Packit Service 384592 
Copy this one file to C:\Apache2217\modules:
Packit Service 384592
Packit Service 384592 
    C:\work\mod_security\apache2\mod_security2.so
Packit Service 384592
Packit Service 384592 
You may also copy C:\work\curl-7.21.4\curl.exe to C:\Apache2217\bin, if you want to use the cURL command-line program.
Packit Service 384592
Packit Service 384592 
Download the core rules from http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/
Packit Service 384592 
and unzip them into C:\Apache2217\conf\modsecurity_crs
Packit Service 384592
Packit Service 384592 
Add configuration directives to your Apache conf\httpd.conf:
Packit Service 384592
Packit Service 384592 
    # mod_security requires mod_unique_id
Packit Service 384592 
    LoadModule unique_id_module modules/mod_unique_id.so
Packit Service 384592
Packit Service 384592 
    # mod_security
Packit Service 384592 
    LoadModule security2_module  modules/mod_security2.so
Packit Service 384592 
    <IfModule security2_module>
Packit Service 384592 
        SecRuleEngine On
Packit Service 384592 
        SecDataDir   logs
Packit Service 384592 
        Include conf/modsecurity_crs/*.conf
Packit Service 384592 
        Include conf/modsecurity_crs/base_rules/*.conf
Packit Service 384592 
        SecAuditEngine RelevantOnly
Packit Service 384592 
        SecAuditLogRelevantStatus "^(?:5|4\d[^4])"
Packit Service 384592 
        SecAuditLogType Serial
Packit Service 384592 
        SecAuditLogParts ABCDEFGHZ
Packit Service 384592 
        SecAuditLog logs/modsecurity.log
Packit Service 384592 
    </IfModule>
Packit Service 384592
Packit Service 384592
Packit Service 384592 
==============================================================================================
Packit Service 384592 
OPTIONAL:   BUILD AND CONFIGURE THE MOD_SECURITY-2.6 MLOGC piped-logging program
Packit Service 384592
Packit Service 384592 
Edit the top of C:\work\mod_security\apache2\mlogc-src\Makefile.win and set your local paths
Packit Service 384592
Packit Service 384592 
        # Path to Apache httpd installation
Packit Service 384592 
        BASE = C:\Apache2217
Packit Service 384592
Packit Service 384592 
        # Paths to required libraries
Packit Service 384592 
        PCRE = C:\work\pcre-8.12
Packit Service 384592 
        CURL = C:\work\curl-7.21.4
Packit Service 384592
Packit Service 384592 
        # Linking libraries
Packit Service 384592 
        LIBS = $(BASE)\lib\libapr-1.lib \
Packit Service 384592 
               $(BASE)\lib\libaprutil-1.lib \
Packit Service 384592 
               $(PCRE)\pcre.lib \
Packit Service 384592 
               $(CURL)\libcurl_imp.lib \
Packit Service 384592 
               wsock32.lib
Packit Service 384592
Packit Service 384592 
Build the mlogc.exe program:
Packit Service 384592
Packit Service 384592 
        CD  C:\work\mod_security_trunk\mlogc
Packit Service 384592 
        NMAKE -f Makefile.win
Packit Service 384592
Packit Service 384592 
Copy mlocg.exe to C:\Apache2217\bin\
Packit Service 384592
Packit Service 384592 
Create a new command file C:\Apache2217\bin\mlogc.bat with one line:
Packit Service 384592
Packit Service 384592 
        C:\Apache2217\bin\mlogc.exe C:\Apache2217\conf\mlogc.conf
Packit Service 384592
Packit Service 384592 
Create a new configuration file C:\Apache2217\conf\mlogc.conf to control the piped-logging program mlogc.exe.
Packit Service 384592 
Here is an example conf\mlogc.conf:
Packit Service 384592
Packit Service 384592 
    CollectorRoot       "C:/Apache2217/logs"
Packit Service 384592 
    ConsoleURI          "https://localhost:8888/rpc/auditLogReceiver"
Packit Service 384592 
    SensorUsername      "test"
Packit Service 384592 
    SensorPassword      "testtest"
Packit Service 384592 
    LogStorageDir       "data"
Packit Service 384592 
    TransactionLog      "mlogc-transaction.log"
Packit Service 384592 
    QueuePath           "mlogc-queue.log"
Packit Service 384592 
    ErrorLog            "mlogc-error.log"
Packit Service 384592 
    LockFile            "mlogc.lck"
Packit Service 384592 
    KeepEntries         0
Packit Service 384592 
    ErrorLogLevel       2
Packit Service 384592 
    MaxConnections      10
Packit Service 384592 
    MaxWorkerRequests   1000
Packit Service 384592 
    TransactionDelay    50
Packit Service 384592 
    StartupDelay        5000
Packit Service 384592 
    CheckpointInterval  15
Packit Service 384592 
    ServerErrorTimeout  60
Packit Service 384592
Packit Service 384592 
Change the SecAuditLog directive in conf\httpd.conf to pipe the log data to mlogc
Packit Service 384592 
instead of writing them to a file:
Packit Service 384592
Packit Service 384592 
    SecAuditLog |C:/Apache2217/bin/mlogc.bat

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation