If you are seeking information on how to install as well as configure the httpd-guardian script of Apache that lets you use the SecGuardianLog directive of ModSecurity, then we have all the information that you might need. Web server requests are monitored by this script, via the piped log mechanism, in order to detect DoS (Denial-of-Service) attacks. The number of requests sent by that IP address is tracked by it. Subsequently, it calculates request speed at intervals of one minute and five minutes. Once the requests have reached a specified threshold, the httpd-guardian script either issues a warning or blocks the IP address. It is the /var/log/apache2/error_log file in which the error messages from the httpd-guardian script reside.
Post downloading and configuring the httpd-guardian script, the path to the script in the Guardian Log section could be specified. The Guardian Log section is in the ModSecurity Configuration interface of WHM.
WHM >> Home >> Security Center
>> Modsecurity Configuration
It needs to be mentioned here that the httpd-guardian script ships with The Spread toolkit’s version, which is
an open source toolkit, and can be configured. It is important to note that the
script does not require this toolkit in order to function accurately.
Since the ModSecurity Guardian Log is part of WHM,
let us touch upon WHM before elaborating on the installation and configuration
process.
What is WHM?
WHM is the abbreviation for Web Host Manager. It
is a web application that is used to gain administrative control over a server.
It is the server management interface from cPanel. WHM is used along with
cPanel for creating individual accounts, managing hosting features, adding
domains, and for performing maintenance. WHM enables administrative access to
the back end of cPanel. End users are able to control many activities,
including adding or removing email accounts, administering MySQL databases,
etc.
The suite of tools provided by WHM aids in getting
the following activities done:
- Manage and monitor your sites, including password resets.
- Check server information and status.
- Create, delete, and suspend cPanel accounts.
- Check and change the DNS zones of your domain.
- Configure customers’ support requests through cPanel.
- Create default page while creating a new account.
- Change client domain names and user names.
- Customize hosting and control panel with regard to branding initiatives.
- Access and change anything that does not need SQL access.
In the context of web servers, these are provided
by web hosting companies. Space on web servers can be availed from web hosting
service providers to host the files of websites for the purpose of ensuring
that websites are accessible over the Internet. The service of web hosting
makes it possible for websites to remain accessible. In web hosting, not only
server space but also the necessary technologies and services are made
available through various hosting plans, which could be shared, dedicated,
reseller, VPS, cloud, WordPress, etc. Terms such as the “Best
Cloud Hosting Company”, the “Best Website
Hosting Company”, the “Best Windows Hosting
Company” are used for those website hosting service providers that have
gained popularity as the most reliable service providers.
How to Install
and Configure the httpd-guardian
Script?
The below-mentioned steps need to be carried out
in order to install and configure the httpd-guardian
script.
* Download the apache-tools repository from the
sourceforge.net website. You need to run the following command, as the root
user, for that purpose:
cvs -z3
-d:pserver:anonymous@a.cvs.sourceforge.net:/cvsroot/apache-tools co -P
apache-tools
It needs to be mentioned here that if CVS
(Concurrent Versioning System) is not present on your system, then you need to
install it through the yum install cvs command.
* The /root/apache-tools/http-guardian
file needs to be opened with a text editor. Then you can make any
configuration change that you desire. Let us take an example to understand it
better. You have to set the value of the variable for COPY_LOG to the filepath
of the log file for enabling the system to log data which it receives from
Apache. This resembles the below-mentioned example.
# $COPY_LOG = "/var/lib/http-guardian.log";
my $COPY_LOG;
* Log in to the WHM interface as the root user. Navigate to the ModSecurity Configuration interface of WHM.
WHM >> Home >> Security Center
>> Modsecurity Configuration
* Enter the path of the httpd-guardian script in the text box of the Guardian Log’s
setting. Let us understand it with the help of the below-mentioned example.
/root/apache-tools/httpd-guardian
* Restart Apache after you have saved your changes
in the ModSecurity Configuration
interface of WHM.
WHM >> Home >> Security Center
>> Modsecurity Configuration
Next, check the process list for the httpd-guardian script by running the
following command:
ps faux | grep httpd-guardian | grep -v grep
The output resembles the following example:
root 24722 0.0 0.3 28872 3272 ? S 19:31 0:00 \_
/usr/bin/perl -w /root/apache-tools/httpd-guardian
Now you are through with the process.
No comments:
Post a Comment