diff --git a/docs/guides/web/apache_hardened_webserver/modsecurity.md b/docs/guides/web/apache_hardened_webserver/modsecurity.md
index d170bf0368..dfe03cd918 100644
--- a/docs/guides/web/apache_hardened_webserver/modsecurity.md
+++ b/docs/guides/web/apache_hardened_webserver/modsecurity.md
@@ -36,7 +36,7 @@ One thing missing with `mod_security` when installed from the generic Rocky Linu
To install the base package, use this command. It will install any missing dependencies. You also need `wget` if you do not have it installed:
-```
+```bash
dnf install mod_security wget
```
@@ -53,57 +53,60 @@ dnf install mod_security wget
3. Under "Assets" on the next page, right-click on the "Source Code (tar.gz)" link and copy the link.
4. On your server, go to the Apache configuration directory:
-
- ```
+
+ ```bash
cd /etc/httpd/conf
```
5. Enter `wget` and paste your link. Example:
- ```
+ ```bash
wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.5.tar.gz
```
-6. Decompress the file:
+6. Decompress the file:
- ```
+ ```bash
tar xzvf v3.3.5.tar.gz
```
+
This creates a directory with the release information in the name. Example: "coreruleset-3.3.5"
7. Create a symbolic link called "crs" linking to the directory of the release. Example:
- ```
+ ```bash
ln -s coreruleset-3.3.5/ /etc/httpd/conf/crs
```
8. Remove the `tar.gz` file. Example:
- ```
+ ```bash
rm -f v3.3.5.tar.gz
```
9. Copy the temporary configuration so that it will load when started:
- ```
+ ```bash
cp crs/crs-setup.conf.example crs/crs-setup.conf
```
+
This file is editable, but you probably will not need to make any changes.
The `mod_security` rules are now in place.
## Configuration
-With the rules in place, the next step is configuring these rules to load and run when `httpd` and `mod_security` run.
+With the rules in place, the next step is configuring these rules to load and run when `httpd` and `mod_security` run.
`mod_security` already has a configuration file located in `/etc/httpd/conf.d/mod_security.conf`. You will need to modify this file to include the OWASP rules. To do this, edit that configuration file:
-```
+```bash
vi /etc/httpd/conf.d/mod_security.conf
```
+
Add the following content just before the end tag (`
yes
admin1@youremaildomain.com
@@ -108,7 +108,7 @@ You need to set the "from" email address. You need this to deal with SPAM filter
The `` sections deal with the server's localhost IP and with the "public" IP address (remember our substitution of a private IP address) of the firewall, from which all connections on the trusted network will show. You can add many `` entries.
-```
+```bash
86400
@@ -122,7 +122,7 @@ The `` section just beneath the `` section is yet another p
Changing the `` for the running of `` to once every 24 hours (86400 seconds) from the default of 22 hours is an optional change shown.
-```
+```bash
apache
/var/log/httpd/*access_log
@@ -137,7 +137,7 @@ The `` section deals with the locations of the logs you want to watch
You need to add in the Apache log locations, and you want to add these in as wild cards because you could have a bunch of logs for many different web customers.
-```
+```bash
firewalld-drop
firewall-drop.sh
@@ -157,7 +157,7 @@ The "firewall-drop" script already exists within the `ossec-hids` path. It tells
Enable and start the service when all the configuration changes are complete. If everything starts correctly, you are ready to move on:
-```
+```bash
systemctl enable ossec-hids
systemctl start ossec-hids
```
diff --git a/docs/guides/web/apache_hardened_webserver/rkhunter.md b/docs/guides/web/apache_hardened_webserver/rkhunter.md
index 34d3142c38..2bf54eb1bc 100644
--- a/docs/guides/web/apache_hardened_webserver/rkhunter.md
+++ b/docs/guides/web/apache_hardened_webserver/rkhunter.md
@@ -15,6 +15,8 @@ tags:
Rootkit hunter (`rkhunter`) is a well known tool for checking vulnerabilities, rootkits, back doors, and possible local exploits on a server. It is possible to use it on _any_ server used for _any_ purpose. When tuned and automated, it can report any suspicious activity to the system administrator. This procedure outlines the installation, tuning, and use of rootkit hunter.
+`rkhunter` is just one possible part of a hardened server setup. Use it alone or with other tools to maximize security.
+
## Prerequisites
* Proficiency with a command-line editor (using `vi` in this example)
@@ -24,14 +26,6 @@ Rootkit hunter (`rkhunter`) is a well known tool for checking vulnerabilities, r
This document was originally written in conjunction with the apache hardened web server routines, but works equally well on a server running any software.
-## Introduction
-
-`rkhunter` (Root Kit Hunter) is a Unix-based tool that scans for rootkits, back doors, and possible local exploits. It is a good part of a hardened server, and will notify the administrator quickly when something suspicious happens on the server's file system, providing it is properly configured.
-
-`rkhunter` is just one possible part of a hardened Apache web server setup. Use it alone or with other tools to maximize security. If you want to use this along with other tools for hardening, refer back to the [Apache Hardened Web Server guide](index.md).
-
-This document also uses all of the assumptions and conventions outlined in that original document. It is a good idea to review it before continuing.
-
## General steps
1. install `rkhunter`
@@ -44,34 +38,33 @@ This document also uses all of the assumptions and conventions outlined in that
`rkhunter` requires the EPEL (Extra Packages for Enterprise Linux) repository. Install that repository if you do not have it installed already:
-```
+```bash
dnf install epel-release
```
Install `rkhunter`:
-```
+```bash
dnf install rkhunter
```
## Configuring `rkhunter`
-The only configuration options that you _need_ to set are those dealing with mailing reports to the Administrator.
+The only configuration options that you _need_ to set are those dealing with mailing reports to the Administrator.
!!! warning
Modification of _any_ configuration file in Linux carries risk. Before altering **any** configuration file in Linux, creating a backup of the _original_ file is recommended.
-
To change the configuration file, run:
-```
+```bash
vi /etc/rkhunter.conf
```
Search for:
-```
+```bash
#MAIL-ON-WARNING=me@mydomain root@mydomain
```
@@ -81,8 +74,7 @@ Change the `root@mydomain` to `root@whatever_the_server_name_is`.
You will probably also want to remove the remark (and edit the line to fit your needs) from the `MAIL-CMD` line:
-
-```
+```bash
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
```
@@ -96,7 +88,7 @@ You will also need to move the script somewhere other than `/etc/cron.daily/`, s
If you want to test `rkhunter` before you start, including all email functionality, run `rkhunter --check` from the command line. If installed and functioning correctly, you should receive an output similar to the following:
-```
+```bash
[root@sol admin]# rkhunter --check
[Rootkit Hunter version 1.4.6]
@@ -252,7 +244,7 @@ Performing file properties checks
Hold off completing the remaining steps if problems exist with the email setup. When confirming email works, but before allowing `rkhunter` to run automatically, run the command manually again with the "--propupd" flag to create the `rkhunter.dat` file. This ensures recognition of your environment and configuration:
-```
+```bash
rkhunter --propupd
```