TEN STEPS TO MOD_ANTIHAK BLISS! (Well actually, there's 11 - but I'm a geeko programmer, not a maths buff) 0. **IMPORTANT** -> If you intend to use MySQL stats, then BEFORE YOU DO ANYTHING change STATS_USER and STATS_PASSWORD to something tricky in antihak_stats.h (in the src/include directory). You leave your system open to tampering (or, at the very least, MySQL) by remote and local users if you do NOT do so. Edit anything else in the source you may feel unsafe with - the ipchains system string for example. Let me know if you find anything particularly dangerous that shouldn't happen. <-- Any instruction after this begginning with "MYSQL_STATS" is for those of you that wish to use the MySQL statistics feature of mod_antihak! --> 1. Run the following from this directory: ./configure [--with-mysql=/path/to/mysql] --with-apache=/path/to/apache \ --prefix=$PWD/build make make install 2. Both mod_antihak.so and reset_stats (if you specified the mysql directory) will be in the bin directory below the build directory. 3. Move mod_antihak.so into /path/to/apache/libexec 4. MYSQL_STATS: Move reset_stats to somewhere in your $PATH and chmod it 700 to root (or somebody else you trust) - this is important: otherwise, anybody will be able to reset your statistics! 5. MYSQL_STATS: Run the following: chown nobody mod_antihak.so chgrp nobody mod_antihak.so chmod 700 mod_antihak.so Replace "nobody" above with the name of the UID Apache runs under if different 6. Edit your sudoers file (usually /etc/sudoers) and add the following: antihak ALL= NOPASSWD: /sbin/ipchains (assuming, of course, that you have not changed the mod_antihak user in mod_antihak.c and ipchains exists in /sbin. If not, change accordingly.) 7. MYSQL_STATS: You'll need to add a user and a database/table to MySQL. Connect to MySQL as root and issue the following commands: mysql> create database antihak_stats; mysql> use antihak_stats; mysql> create table antihak (vuln char(64) NOT NULL, attempts INTEGER NOT NULL); mysql> insert into antihak (vuln,attempts) values ("Nimda/Hack",0); mysql> insert into antihak (vuln,attempts) values ("CodeRed/Hack",0); mysql> insert into antihak (vuln,attempts) values ("sadmind-iis/Hack",0); mysql> use mysql; mysql> insert into user (Host,User,Password) values ("localhost","antihak",PASSWORD("passme")); [NOTE: replace "antihak" and "passme" above with STATS_USER and STATS_PASSWORD] mysql> insert into db (Host,Db,User,Select_Priv,Update_priv) values ("%","antihak_stats","antihak",'Y','Y'); [NOTE: again, replace "antihak" with STATS_USER] mysql> exit 8. Edit your httpd.conf to use the line: LoadModule antihak_module /path/to/apache/libexec/mod_antihak.so 9. Restart apache: /path/to/apache/bin/apachectl restart 10. The End!