LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Review: Mod-Security 2.5 by Magnus Mischel Print E-mail
User Rating:      How can I rate this item?
Source: Eric Lubow - Posted by Dave Wreski   
Book Reviews Thanks to Eric Lubow for contributing this great review.

Being a SysAdmin (as most of you who read this blog regularly know), I love to look at logs to solve problems. If there is an issue, the first thing I always do is look at the logs to see what went wrong. Even when I am writing programs, I build debugging in from the beginning to make sure I know whatís going on at all times (especially when something goes wrong).

One of my favorite things about mod_security is that (amongst other things), it provides logging where none was provided. In fact, there is a whole chapter dedicated to it (chapter 4 on audit logging). And thus the first chapter I went to (just for fun). So I started flipping back and forth between chapters 2 (writing rules) and 4 (audit logging) to create my ruleset. I quickly realized that it was going to be a pain to do it that way. So I sucked it up and started reading the book. I normally hate doing that because typically technical books read like watching paint dry, but this one read fairly easily. I also happen to really like the type face conventions used by Packt Publishing to make examples separate from text separate from whatever else needs to stand out.

I skimmed chapter 1 because I not only have built programs including Apache modules in my time, but I have also setup mod_security 1 before. This is why I was so excited to dive into this book since it has been a while and I wanted to see what has changed in mod_security over the years.

Right into chapter 2, I wrote a few logging rules and some protection from SQL injection. And then I tried out the recipe to stop all visitors from the US from accessing the web site. Needless to say that worked, so I apologize for the few min of downtime you all may have experienced.

Chapter 3 was inevitably about performance. This is always a concern amongst admins. Most of your fears are assuaged by chart after comparison chart of how Apache works under the load of httperf along with a few experience based suggestions on how to reduce Apacheís memory footprint and other helpful items. It even tails off with optimizing how you employ regular expressions.

Now chapter 4 again, audit logging. The logs themselves have quite a bit of information in them. Although they can be read, it can be pretty tedious. The mod_security console discussed in the book makes this a lot easier.

Virtual patching is an interesting concept that allows for the ability to apply a patch for a vulnerability without one being supplied by the vendor. There are a few examples, including the Twitter worm of 2009 of where it can be practically applicable. It is covered pretty extensively in chapter 5.

Chapter 6 is actually the meat of the book. It is where the commonly used recipes are. In fact, I have added more than a few of these recipe to some of the various web servers I run.

As an admin, one is usually concerned with security. Letís face it, why else would you be looking into mod_security? If you are into host security, then have a look at chapter 7 about using chroot jails. There is a section discussing where this is appropriate and if it is, how to implement it without having to put Apache fully in a chroot jail.

Just like any tool with an archaic interface for rules (like the original days of SELinux or configuring Nagios), there inevitably comes GUI tools. Remo is one of those tools. One of the coolest things about Remo (in my opinion) is that its written in Rails and can therefore be run using either Webrick or another Rails engine (like Phusion Passenger in Apache or Mongrel). If you donít want to dive too heavily into the Apache config files, then give Remo a shot.

The book finishes up by showing an fairly detailed example ruleset for a live web application. And really, who doesnít have one of those (live web application).

Other than the one major editing flaw of labeling chapter 5 as chapter 9, the book was excellent. Not only would I recommend this book to other SAs, I already have. Besides being very readable, there are many recipes in this book that are immediately applicable and easily implemented. Mod_security has a fairly low barrier to entry and the simplicity in this book proves it. With the type of data and the amount of data being stored in web applications these days, extra security is a must.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
The Difference Between Wi-Fi Security Protocols: WPA2-AES vs WPA2-TKIP
Segmenting for security: Five steps to protect your network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.