Sophie: mod_antihak-0.3.1beta-3mdk i586

mod_antihak-0.3.1beta-3mdk.i586.rpm

TEN STEPS TO MOD_ANTIHAK BLISS!
(Well actually, there's 11 - but I'm a geeko programmer, not a maths buff)

0. **IMPORTANT** -> If you intend to use MySQL stats, then BEFORE YOU DO
ANYTHING change STATS_USER and STATS_PASSWORD to something tricky in
antihak_stats.h (in the src/include directory). You leave your system open
to tampering (or, at the very least, MySQL) by remote and local users if
you do NOT do so.

Edit anything else in the source you may feel unsafe with - the ipchains
system string for example. Let me know if you find anything particularly
dangerous that shouldn't happen.

<-- Any instruction after this begginning with "MYSQL_STATS" is for those
    of you that wish to use the MySQL statistics feature of mod_antihak! -->

1. Run the following from this directory:
./configure [--with-mysql=/path/to/mysql] --with-apache=/path/to/apache \
  --prefix=$PWD/build
make
make install

2. Both mod_antihak.so and reset_stats (if you specified the mysql directory) 
   will be in the bin directory below the build directory.

3. Move mod_antihak.so into /path/to/apache/libexec

4. MYSQL_STATS: Move reset_stats to somewhere in your $PATH and chmod it
700 to root (or somebody else you trust) - this is important: otherwise,
anybody will be able to reset your statistics!

5. MYSQL_STATS: Run the following:
chown nobody mod_antihak.so
chgrp nobody mod_antihak.so
chmod 700 mod_antihak.so

Replace "nobody" above with the name of the UID Apache runs under if
different

6. Edit your sudoers file (usually /etc/sudoers) and add the following:
antihak ALL= NOPASSWD: /sbin/ipchains

(assuming, of course, that you have not changed the mod_antihak user in
mod_antihak.c and ipchains exists in /sbin. If not, change accordingly.)

7. MYSQL_STATS: You'll need to add a user and a
database/table to MySQL. Connect to MySQL as root and issue the following
commands:

mysql> create database antihak_stats;
mysql> use antihak_stats;
mysql> create table antihak (vuln char(64) NOT NULL, attempts INTEGER NOT NULL);
mysql> insert into antihak (vuln,attempts) values ("Nimda/Hack",0);
mysql> insert into antihak (vuln,attempts) values ("CodeRed/Hack",0);
mysql> insert into antihak (vuln,attempts) values ("sadmind-iis/Hack",0);
mysql> use mysql;
mysql> insert into user (Host,User,Password) values ("localhost","antihak",PASSWORD("passme"));
[NOTE: replace "antihak" and "passme" above with STATS_USER and STATS_PASSWORD]
mysql> insert into db (Host,Db,User,Select_Priv,Update_priv) values ("%","antihak_stats","antihak",'Y','Y');
[NOTE: again, replace "antihak" with STATS_USER]
mysql> exit

8. Edit your httpd.conf to use the line:
LoadModule antihak_module /path/to/apache/libexec/mod_antihak.so

9. Restart apache:
/path/to/apache/bin/apachectl restart

10. The End!