Installing Linux, Apache, PHP, MariaDB and mod_security.

After the previous steps are suggested that should continue to be safe to use. After you install the RHEL/CentOS 7 7 and this section will discuss the steps to install LAMP (Linux, Apache, PHP, MariaDB) and mod_security.

Install Apache

Start by installing Apache from the command yum install package will be involved or would like to work with apache more to come, as well.
1 [somchai@site2 ~]$ sudo yum install httpd

After installing successfully. Requires apache to start from are turned on at all times.
1 [somchai@site2 ~]$ sudo systemctl enable httpd.service
2 ln -s ‘/usr/lib/systemd/system/httpd.service’ ‘/etc/systemd/system/’

The command start/stop/restart the service
1 [somchai@site2 ~]$ sudo systemctl start httpd.service
2 [somchai@site2 ~]$ sudo systemctl restart httpd.service
3 [somchai@site2 ~]$ sudo systemctl stop httpd.service

Command to verify that the httpd service is active or not.
1 [somchai@site2 ~]$ systemctl is-active httpd.service

Check the Firewall so that other client machines can activate the port 80 from the server.
1 [somchai@site2 ~]$ sudo firewall-cmd –permanent –add-service=http
2 [somchai@site2 ~]$ sudo firewall-cmd –permanent –list-all
3 [somchai@site2 ~]$ sudo firewall-cmd –reload

Process of checking for IP itself.
1 [somchai@site2 ~]$ sudo ip addr list eth0 | awk ‘/inet /{sub(/\/[0-9]+/,””,$2); print $2}’
2 …#or
3 [somchai@site2 ~]$ sudo ip addr list

Test the web page called http://[IP ADDRESS] and/or Domain name that is set up to use as

Default values for httpd

Default config file: /etc/httpd/conf/httpd.conf
Configuration files which load modules : /etc/httpd/conf.modules.d/
Default ports: 80 and 443 (SSL)
Default log files: /var/log/httpd/{access_log,error_log}

Installation, MariaDB

For mariadb is a Database on RedHat and CentOS has been selected as the Default instead of a MySQL database for use as a part of that is coming from MySQL-MariaDB so change MySQL work, so instead of MariaDB rarely need to edit the code of an additional PHP still enabled the function.

Installation, MariaDB
1 [somchai@site2 ~]$ sudo yum install mariadb-server mariadb

Start order service
1 [somchai@site2 ~]$ sudo systemctl start mariadb.service

MariaDB is set to start from are turned on.
1 [somchai@site2 ~]$ sudo systemctl enable mariadb.service

The command start/stop/restart the service
1 [somchai@site2 ~]$ sudo systemctl start mariadb.service
2 [somchai@site2 ~]$ sudo systemctl restart mariadb.service
3 [somchai@site2 ~]$ sudo systemctl stop mariadb.service

Command to verify that the service is running MariaDB or not.
1 [somchai@site2 ~]$ systemctl is-active mariadb.service

Define security increased to MariaDB server
01 [somchai@site2 ~]$ sudo /usr/bin/mysql_secure_installation
2 …
3 Enter current password for root (enter for none): press enter to skip the.
04 Set root password? [Y/n] Y
5 New password: enter the password that you want to assign.
6 Re-enter new password: enter the password that must be set again.
07 Remove anonymous users? [Y/n] Y
08 Disallow root login remotely? [Y/n] Y
09 Remove test database and access to it? [Y/n] Y
10 Reload privilege tables now? [Y/n] Y
11 …
12 All done! If you’ve completed all of the above steps, your MariaDB
13 installation should now be secure.
15 Thanks for using MariaDB!

If the message indicates that the operation successfully.
To test the login command as well.
01 [somchai@site2 ~]$ sudo mysql -u root -p
2 Enter password: enter the password that was defined earlier.
03 Welcome to the MariaDB monitor. Commands end with ; or \g.
04 Your MariaDB connection id is 8
05 Server version: 5.5.40-MariaDB MariaDB Server
07 Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.
09 Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
11 MariaDB [(none)]>

Assigned to work through the firewall
1 [somchai@site2 ~]$ sudo firewall-cmd –permanent –add-service=mysql
2 [somchai@site2 ~]$ sudo firewall-cmd –permanent –list-all
3 [somchai@site2 ~]$ sudo firewall-cmd –reload

Install PHP

Starting from installation of php and the extension that you want to use.
1 [somchai@site2 ~]$ sudo yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

Restart apache to start using php
1 [somchai@site2 ~]$ sudo systemctl restart httpd.service

Create a php file to test
1 [somchai@site2 ~]$ sudo vi /var/www/html/testphp.php
2 ?

Test the web page, call:
Installing mod_security

ModSecurity is a web application firewall (WAF), used to detect and prevent intrusions, as well as increase security in running the wrong category for Web server.

Start the installation.
1 [somchai@site2 ~]$ sudo yum install mod_security.x86_64

Make sure apache is loading the module mod_security is enabled.
1 [somchai@site2 ~]$ sudo apachectl -M | grep –color security
2 security2_module (shared)

In most cases related to the config:


Get started.
1 [somchai@site2 ~]$ sudo systemctl restart httpd.service

The mod_security config

Editing config files default to the default values of the config mod_security.conf is defined as the DetectionOnly means that there will be monitoring data from the rule set, but it will not block any values, so if we want to activate those settings can be edited, or it can be enabled after it has been successfully tested in various sections, as well.

If you want to activate.
1 [somchai@site2 ~]$ sudo vi /etc/httpd/conf.d/mod_security.conf

Fix from
1 SecRuleEngine DetectionOnly > On

For a directive that will have to change the value of the following is SecResponseBodyAccess because when they are enabled in this section will cause a buffer is activated, and also increase the size of the log file to a larger size, so this value is initially off first.

This is to disable the global section, and then select Enable. In certain circumstances that are specific to a certain type of pass directive: SecResponseBodyMimeType.

Fix from
1 SecResponseBodyAccess On > Off

For directive: SecRequestBodyLimit is the maximum size of configuration data POST data that is larger than the value that is specified will receive Error 413: “Request Entity Too Large” values for reduction in the event that web site is not part of the file upload large amounts of data, so we will edit a value below that of approximately 12.5 MB.
1 SecRequestBodyLimit 13107200

Another directive that have similar features, including SecRequestBodyNoFilesLimit, which is the smallest size of configuration data, which we’ll POST the fix below. About 128KB
1 SecRequestBodyInMemoryLimit 131072

To set the path for storing debug log
1 SecDebugLog /var/log/httpd/modsec_debug.log

To configure the log storage levels can be set from 0-9, which is the default value of 0 for the filling 1-3 these log will be written to the log of apache already exists. If you want to check the implementation can be added as appropriate. If the machine is turned on. It is not recommended to be set higher than 3 because this may affect the performance of the system.

Details for storing debug log
0: no logging
1: errors (intercepted requests) only
2: warnings
3: notices
4: details of how transactions are handled
5: as above, but including information about each piece of information handled
9: log everything, including very detailed debugging information

In this section we will define the constants by default.
1 SecDebugLogLevel 0

Install an additional package, which is the base crs mod_security rules from section (Core Rule Set)
1 [somchai@site2 ~]$ sudo yum install mod_security_crs.noarch

When you try to install a completely different files, you’ll rule is based on the path below.
1 /usr/lib/modsecurity.d/base_rules/

And the symlinks to the initial path of modsecurity
1 /etc/httpd/modsecurity.d
2 /etc/httpd/modsecurity.d/activated_rules

After the rule, then we will start the test run.

Testing sql injection rule

Preliminary tests, which we will use only a few. In here we will test for sql injection is only began editing as follows:

somchai@site2 ~]$ sudo vi /etc/httpd/conf.d/mod_security.conf
2 .. edit
3 IncludeOptional modsecurity.d/*.conf
4 IncludeOptional modsecurity.d/activated_rules/*.conf
5 .. change is.
6 #IncludeOptional modsecurity.d/*.conf
7 #IncludeOptional modsecurity.d/activated_rules/*.conf
8 IncludeOptional modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf

Save config file and load order.
1 [somchai@site2 ~]$ sudo systemctl reload httpd.service

Login into mysql
1 [somchai@site2 ~]$ sudo mysql -u root -p

When the login prompt, you’ll be able to pass the MariaDB [(none)] >, run the command below.
1 MariaDB [(none)]> create database member;
2 MariaDB [(none)]> connect member;
3 MariaDB [(none)]> create table accounts(username VARCHAR(100),password VARCHAR(100));
4 MariaDB [(none)]> insert into accounts values(‘sompong’,’February’);
5 MariaDB [(none)]> insert into accounts values(‘somsri’,’March’);
6 MariaDB [(none)]> quit;

Create a test php file to run the test.
01 [somchai@site2 ~]$ sudo vi /var/www/html/login.php
05 $username = $_POST[‘username’];
08 $password = $_POST[‘password’];


$con = mysqli_connect(‘localhost’,’root’,'[YOUR PASSWORD]’,’members’);


$result = mysqli_query($con, “SELECT * FROM ‘accounts’ WHERE username=’$username’ AND password=’$password'”);


if(mysqli_num_rows($result) == 0) echo ‘

You have entered an invalid username or password.



else echo ‘

Signed in

Hello!! ‘.$username.’


13 } else {




18 Username:

19 Password:



24 ?>

Sign in to test by test, enter a value that is valid and not valid to verify and contact database.

Username: somsri
Password: March

After that, try a test password: sample below.

‘ Is the Single quotes.
Select * from mysql select STAR from SPACE is SPACE; mysql SEMICOLON.

And check the operation of the ModSecurity log files

For example,
1 [Thu Feb 12 11:42:04.076964 2015] [:error] [pid 25324] [client] ModSecurity: Warning. Pattern match “(/\\\\*!?|\\\\*/|[‘;]–|–[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:–[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)” at ARGS:password. [file “/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf”] [line “49”] [id “981231”] [rev “2”] [msg “SQL Comment Sequence Detected.”] [data “Matched Data: — found within ARGS:password: true — “] [severity “CRITICAL”] [ver “OWASP_CRS/2.2.6”] [maturity “8”] [accuracy “8”] [tag “OWASP_CRS/WEB_ATTACK/SQL_INJECTION”] [tag “WASCTC/WASC-19”] [tag “OWASP_TOP_10/A1”] [tag “OWASP_AppSensor/CIE1”] [tag “PCI/6.5.2”] [hostname “”] [uri “/login.php”] [unique_id “VOVpnGfJ3dFwzEZxC4Wx8wAAAAM”]

Testing the new Rule to be used.

Starting from the first Rule will block for IP
1 [somchai@site2 ~]$ sudo vi /etc/httpd/conf.d/mod_security.conf
2 … Add config as below.
3 SecRule REMOTE_ADDR “^$” “id:’5001’,log,auditlog,deny,msg:’Test Rule'”

Save config file and load order.
1 [somchai@site2 ~]$ sudo systemctl reload httpd.service

Test run from web IP if does not work, check the log file for more.
[Thu Feb 12 14:44:18.166166 2015] [:error] [pid 26980] [client] ModSecurity: Access denied with code 403 (phase 2). Pattern match “^$” at REMOTE_ADDR. [file “/etc/httpd/conf.d/mod_security.conf”] [line “56”] [id “5001”] [msg “Test Rule”] [hostname “”] [uri “/login.php”] [unique_id “VOWU5Km6ppso-fMuh0vBRQAAAAM”]

And for the Rule to be introduced as an additional block to activate URL when calling up httpd.conf or passwd.
1 [somchai@site2 ~]$ sudo vi /etc/httpd/conf.d/mod_security.conf
2 … Add config as below.
3 SecRule REQUEST_URI “(?:\b(?:passwd|httpd\.conf)\b)” “id:’5002’deny,log,msg:’Remote File Access Attempt'”

Save config file and load order.
1 [somchai@site2 ~]$ sudo systemctl reload httpd.service

Test web run from if it does not work, check the log file for more.

[Thu Feb 12 15:34:32.568072 2015] [:error] [pid 27134] [client] ModSecurity: Access denied with code 403 (phase 2).