NOTE: Install WAF-FLE for mod_security on Directadmin CentOS 6
This just only a very short note from my instantiation let see that
WAF-FLE is a OpenSource ModSecurity Console, allows modsecurity admin to store, view and search events sent by sensors using a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful and easy to use filter, with almost all fields clickable to use on filter.
see more info >> http://waf-fle.org/about/
################################################
Prepare for php extensions
################################################
yum install php-pear php-devel httpd-devel pcre-devel gcc make
pecl install geoip
pecl install apc (Optional this may cause your PHP 5.4) in mycase i don’t install
################################################
GeoIP Hack
################################################
mkdir /usr/share/GeoIP/
cd /usr/share/GeoIP/
http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
gzip -d GeoIP.dat.gz
gzip -d GeoLiteCity.dat.gz
gzip -d GeoIPASNum.dat.gz
mv GeoLiteCity.dat GeoIPCity.dat
# To make php GeoIP extension work with ASNum database
cp GeoIPASNum.dat GeoIPISP.dat
################################################
WAF-FLE installation
1. Download last WAF-FLE tarball from http://waf-fle.org/download
2. Extract the WAF-FLE tarball in a directory like “/usr/local/”, outside Apache
web root (what will create a /usr/local/waf-fle directory). You can use other
directory, but in this case you need to change Apache configuration to point to
this new directory;
################################################
cd /tmp
wget http://waf-fle.org/downloads/waf-fle_0.6.0.tar.gz
cd /usr/local
tar -zxvf /tmp/waf-fle_0.6.0.tar.gz
cd waf-fle
cp extra/waf-fle.conf /etc/apache2/conf.d/cp extra/waf-fle.conf /etc/apache2/conf.d/
### Add this line to to the end of httpd.conf file
Include /etc/httpd/conf.d/waf-fle.conf
### In my case httpd.conf is locate here
/etc/httpd/conf/httpd.conf
#### Configuration the WAF-FLE database
cp config.php.example config.php
nano config.php
### Put your data base deatil ( In my case i use admin_waf)
$DB_HOST = “localhost”;
$DB_USER = “admin_waf”;
$DB_PASS = “PASSWORD”;
$DATABASE = “admin_waf”;
* Make sure that database admin_waf is not exist (don’t create it just let waf-fle create it for you)
nano /usr/local/waf-fle/config.php
and set
$APC_ON = false;
###################################
Now go to http://SERVER-IP/waf-fle/setup.php
check if reqirment is meet for waf-fle
Click on
Go! Create the database……
##########################
NOW put you admin user and password of MySQL database
in my case i use admin of Directadmin user to install ( you can find user/pass in cat /usr/local/directadmin/conf/mysql.conf)
if every thing collect waf-fle will show up following messege
##############################
Database created successfully. Now edit config.php and turn $SETUP false.
After that, access waf-fle using the login page:
username: admin
password: admin.
###############################
Now edit config.php and turn $SETUP=false.
#####################
now to to http://SERVER-IP/waf-fle
Login with
username: admin
password: admin
#######################################
Change password
that almost done…
###########################################
To add the sensor
go to MANAGEMENT menu on the top
Click on ADD NEW SENSORS
fill your detail and Save
done for your sensors
##################################################
Now we have to add log feeder from mlogc to waf-fle database
Go to MANAGEMENT manu >> Sensor
click on Event Feeder Wizard
Select mlogc and Schedulled in crontab
Press Next
WAF-FLE will show the config files and tell you where to put the config file to..
Actually there is a very clear guide from WAF-FLE website you can download it from
http://www.waf-fle.org/downloads/waf-fle_0.6.3-deployment_guide.pdf
Thank WAF-FLE Developer team for really fantastic websase