FAMP Stack or FreeBSD with Apache, MariaDB and PHP is a group of opensource software to run application based on php to your browser. FAMP similiar with LAMP (Linux Apache MAriaDB/MySQL and PHP) on linux server.
Mod Security is a Open source intrusion detection and prevention engine for web server. Support for Apache Nginx and IIS on windows server. It is one of the apache modules to prevent from hackers and other malicious attack like SQL Injection, XSS, LFI(Local File Inclusion), RFI(Remote File Inclusion) etc.
In this tutorial we will guide about Installation of FAMP Stack with FreeBSD 10.2, and then give you sample configuration of virtualhost on apache webserver. Next we will install and configure mod security to work with the FAMP Stack and activate on the virtualhost that have been created.
Step 1 - Update System
Please log in to your freebsd server with ssh and update your system with command :
freebsd-update fetch
freebsd-update install
Step 2 - Install and Configure Apache
Apache is the one of the best and popular web server, support for Linux windows and Mac OS. Apache developed by an open community of developers under the Apache Software Foundation. Support some language interfaces support Perl, Python, Tcl, and PHP.
We will install apache24 with pkg command :
pkg install apache24
Please go to the apache configuration directory "/usr/local/etc/apache24", and then edit a file "httpd.conf" with nano editor :
cd /usr/local/etc/apache24
nano httpd.conf
Change the value of "ServerAdmin" on line 210 and "ServerName" on line 219 :
ServerAdmin im@localhost
.....
ServerName localhost:80
Next, before run apache webserver, we need to add apache to the start up/boot time with "sysrc" command :
sysrc apache24_enable=yes
Now start Apache webserver :
service apache24 start
And open your browser and visit the server IP 192.168.1.112 :
Step 3 - Install and Configure MariaDB
MariaDB instead of MySQL develop and maintain by MySQL Developer under the GNU GPL. For from MySQL MySQL relational database management system.
We will install mariadb with pkg command :
pkg install mariadb100-server
That command will install mariadb100-client too.
Now copy the mariadb file configuration from "/usr/local/share/mysql/" to "/usr/local/etc/" :
cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf
Next, enable mariadb to start on boot time with sysrc command :
sysrc mysql_enable=yes
and the last, start mariadb :
service mysql-server start
So now you need to configure username and password for mariadb/mysql server. configure with command :
mysql_secure_installation
Enter current password for root (enter for none): PRESS ENTER
OK, successfully used password, moving on...Set root password? [Y/n] Y
New password: ENTER YOUR PASSWORD
Re-enter new password: ENTER YOUR PASSWORD
Password updated successfully!Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
Now try access your mariadb/mysql shell :
mysql -u root -p
ENTER YOUR PASSWORD
Step 4 - Install and Configure MariaDB
In this tutorial we will use version of php 5.6. install it with pkg command include with mod_php56 php56-mysql php56-mysqli php56-curl.
pkg install mod_php56 php56-mysql php56-mysqli php56-curl
Now copy php configuration file "php.ini-production" to "php.ini" in directory "/usr/local/etc/" :
cd /usr/local/etc/
cp php.ini-production php.ini
Edit php.ini files and add your timezone in line 926 :
nano php.ini
date.timezone = Asia/Jakarta
Next, configure php to work with apache, so you need to edit the apache configuration file and then add php configuration there.
To do it you must go to the apache configuration directory and edit "httpd.conf" with nano editor :
cd /usr/local/etc/apache24/
nano httpd.conf
Add the php configuration to under line 288 :
.....
<Files ".ht*">
Require all denied
</Files><FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch><FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
.....
and add index.php on the dir_module directive :
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
Save and Exit
Step 5 - Configure Apache VirtualHost
In this tutorial we will create a virtualhost called "saitama.me.conf" with the domain "saitama.me".
Virtualhost configuration file stored at "/usr/local/etc/apache24/extra/" directory. But in this tutorial we will create new directory for virtualhost, so make you easy to configure your virtualhost if you have many configuration file.
Create new directory "virtualhost" in apache configuration directory :
cd /usr/local/etc/apache24/
mkdir virtualhost
Now create new file "saitama.me.conf" :
Add a virtualhost configuration below :
<VirtualHost *:80>
ServerAdmin im@saitama.me
# Directory for the file stored
DocumentRoot "/usr/local/www/saitama.me"
#Domain
ServerName saitama.me
ServerAlias www.saitama.me
ErrorLog "/var/log/saitama.me-error_log"
CustomLog "/var/log/saitama.me-access_log" common<Directory "/usr/local/www/saitama.me">
Options All
AllowOverride All
# The syntax is case sensitive!
Require all granted
</Directory>
</VirtualHost>
Next include your virtualhost configuration to the apache "httpd.conf" file :
cd /usr/local/etc/apache24/
nano httpd.conf
Add this to the end of the line :
Include etc/apache24/virtualhost/*.conf
Next, Create new directory for the virtualhost that we created on the "/usr/local/www/" :
mkdir -p /usr/local/www/saitama.me
cd /usr/local/www/saitama.me
And create new file "index.php" and give php info script, you can do it with "echo" command :
echo '<?php phpinfo(); ?>' > index.php
Now restart your apache and then open your browser "www.saitama.me" :
service apache24 restart
and you can see the php info :
Step 6 - Install and Configure Mod Security
Mod Security is part of apache modules, so you can install it from the repository. You can install from the source, but we here use pkg command to install from the repository :
pkg install ap24-mod_security-2.9.0
Now load new module "unique_id" that needed by mod security by editing the apache configuration file "httpd.conf" and uncomment the line 120 :
cd /usr/local/etc/apache24/
nano httpd.confLoadModule unique_id_module libexec/apache24/mod_unique_id.so
Save and Exit.
And if you have done, please clone the owasp modsecurity Core Rules Set(CRS) with git command to the crs directory :
cd /usr/local/etc/
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs crs
Now go to the crs directory and copy the example configuration file :
cd crs/
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
Next, load the modsecurity module with owasp crs rules by create new file "000_modsecurity.conf" on "modules.d" directory :
cd /usr/local/etc/apache22/modules.d/
nano 000_modsecurity.conf
Paste configuration below :
# Load ModSecurity
LoadModule security2_module libexec/apache24/mod_security2.so<IfModule security2_module>
# Include ModSecurity configuration
Include /usr/local/etc/modsecurity/modsecurity.conf# Include OWASP Core Rule Set (CRS) configuration and base rules
Include /usr/local/etc/crs/modsecurity_crs_10_setup.conf
Include /usr/local/etc/crs/base_rules/*.conf# Remove Rule by id
SecRuleRemoveById 981173
</IfModule>
Save and Exit.
Step 7 - Adding Mod Security to the VirtualHost
To configure a virtualhost with mod security, you need to edit the virtualhost file :
cd /usr/local/etc/apache24/virtualhost/
nano saitama.me.conf
Inside Directory directive, add script below :
......
<IfModule security2_module>
SecRuleEngine On
</IfModule>......
And now restart apache web server :
service apache24 restart
Note :
If you have an error like this :
[unique_id:alert] [pid 4372] (EAI 8)hostname nor servname provided, or not known: AH01564: unable to find IPv4 address of "YOURHOSTNAME"
please add your hostname to the hosts file :
nano /etc/hosts
Add your hostname
127.0.0.1 YOURHOSTNAME
Step 8 - Testing Mod Security
Edit the file "modsecurity.conf" in the mod security directory "/usr/local/etc/modsecurity/" :
cd /usr/local/etc/modsecurity
nano modsecurity.conf
Change the value of "SecRuleEngine " to the "On" :
SecRuleEngine On
Save and Exit.
Restart Apache :
service apache24 restart
See the apache log file to ensure the mod security is loaded :
tail -f /var/log/httpd-error.log
Another test in virtualhost with SQL Injection attack on wordpress plugins :
Mod Security and Apache running successfully.
Conclusion
FAMP Stack or Apache MariaDB and PHP on FreeBSD instead of LAMP on Linux server. It is easy to install and Configure. You can Install it with pkg command or if you have time, you can compile it from "/usr/ports" directory. Mod Security is web application firewall that prevent you from hacker and the malicious attacks like SQL Injection. You can define your rule and then add it to work with apache for your web application security.
The post How to Install FAMP Stack and Mod Security on FreeBSD 10.2 appeared first on LinOxide.