Server version: Apache/2.4.34 (Unix)
Server built: Sep 5 2018 03:04:41
What version of mod_security do you try to install there?
Try Mod Security Version 2.6.5 for Apache 2.4.x
2. Take the source files
$ wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
3. Install Dependencies Libraries
# apt-get install apache2-dev
# apt-get install liblua5.1-0-dev
# apt-get install libxml2-dev
# yum install httpd-devel
# yum install libxml2-devel
# yum install lua-static
$ which apxs
/usr/sbin/apxs
4. Extract and Install
$ tar -xvf modsecurity-2.9.1.tar.gz
$ cd modsecurity-2.9.1
$ ./configure --with-apxs=/usr/sbin/apxs
$ make
$ sudo make install
/usr/local/modsecurity/lib/mod_security2.so
/usr/lib/apache2/modules/mod_security2.so
/usr/local/apache2/modules/mod_security2.so
mod_security2.so
is present inside the Apache modules
folder, if not, copy the file inside the folder.httpd.conf
or apache2.conf
)Include /etc/httpd/conf/extra/00_modsecurity.conf
vi /etc/httpd/conf/extra/00_modsecurity.conf
LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so
<IfModule mod_security2.c>
Include /etc/httpd/conf/extra/modsecurity.d/modsecurity.conf
Include /etc/httpd/conf/extra/modsecurity.d/00_asl_0_global.conf
#Include /etc/httpd/conf/extra/modsecurity.d/00_asl_rbl.conf
Include /etc/httpd/conf/extra/modsecurity.d/00_asl_whitelist.conf
Include /etc/httpd/conf/extra/modsecurity.d/00_asl_z_antievasion.conf
Include /etc/httpd/conf/extra/modsecurity.d/00_asl_zz_strict.conf
Include /etc/httpd/conf/extra/modsecurity.d/01_asl_content.conf
Include /etc/httpd/conf/extra/modsecurity.d/05_asl_exclude.conf
Include /etc/httpd/conf/extra/modsecurity.d/05_asl_scanner.conf
Include /etc/httpd/conf/extra/modsecurity.d/09_asl_rules_antievasion.conf
Include /etc/httpd/conf/extra/modsecurity.d/10_asl_antimalware.conf
Include /etc/httpd/conf/extra/modsecurity.d/10_asl_antimalware_output.conf
Include /etc/httpd/conf/extra/modsecurity.d/10_asl_rules.conf
Include /etc/httpd/conf/extra/modsecurity.d/11_asl_data_loss.conf
Include /etc/httpd/conf/extra/modsecurity.d/20_asl_useragents.conf
Include /etc/httpd/conf/extra/modsecurity.d/30_asl_antimalware.conf
#Include /etc/httpd/conf/extra/modsecurity.d/30_asl_antispam.conf
#Include /etc/httpd/conf/extra/modsecurity.d/30_asl_antispam_referrer.conf
Include /etc/httpd/conf/extra/modsecurity.d/40_asl_apache2-rules.conf
Include /etc/httpd/conf/extra/modsecurity.d/50_asl_rootkits.conf
Include /etc/httpd/conf/extra/modsecurity.d/60_asl_recons.conf
Include /etc/httpd/conf/extra/modsecurity.d/61_asl_recons_dlp.conf
Include /etc/httpd/conf/extra/modsecurity.d/98_asl_jitp.conf
Include /etc/httpd/conf/extra/modsecurity.d/99_asl_exclude.conf
Include /etc/httpd/conf/extra/modsecurity.d/99_asl_jitp.conf
Include /etc/httpd/conf/extra/modsecurity.d/99_asl_redactor.conf
#Include /etc/httpd/conf/extra/modsecurity.d/domain-spam-whitelist.conf
Include /etc/httpd/conf/extra/modsecurity.d/trusted-domains.conf
</IfModule>
*********************************************************************************
2. Take the source files
$ wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
3. Install Dependencies Libraries
# apt-get install apache2-dev
# apt-get install liblua5.1-0-dev
# apt-get install libxml2-dev
# yum install httpd-devel
# yum install libxml2-devel
# yum install lua-static
$ which apxs
/usr/sbin/apxs
4. Extract and Install
$ tar -xvf modsecurity-2.9.1.tar.gz
$ cd modsecurity-2.9.1
$ ./configure --with-apxs=/usr/sbin/apxs
$ make
$ sudo make install
/usr/local/modsecurity/lib/mod_security2.so
/usr/lib/apache2/modules/mod_security2.so
/usr/local/apache2/modules/mod_security2.so
mod_security2.so
is present inside the Apache modules
folder, if not, copy the file inside the folder.httpd.conf
or apache2.conf
)libxml2
and lua5.1
before enabling ModSecurity with something like this:#The libraries can be in different locations
#For Ubuntu:
LoadFile /usr/lib/x86_64-linux-gnu/libxml2.so
LoadFile /usr/lib/x86_64-linux-gnu/liblua5.1.so
#For Centos:
LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so
httpd.conf
or apache2.conf
# [IMPORTANT] Put this directive before the Include directives!
LoadModule security2_module modules/mod_security2.so
5. Configuration
modsecurity-2.9.1
) and follow these commands.$ cd modsecurity-2.9.1
$ cp modsecurity.conf-recommended /etc/apache2/conf-available/modsecurity.conf
$ cp unicode.mapping /etc/apache2/conf-enabled/
$ cd /etc/apache2/conf-enabled
$ ln -s /etc/apache2/conf-available/modsecurity.conf .
$ cd modsecurity-2.9.1
$ cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf
$ cp unicode.mapping /etc/httpd/conf.d/
apache2.conf
or httpd.conf
there will be a directive like# For Ubuntu:
IncludeOptional conf-enabled/*.conf
# For Centos:
Include conf.d/*.conf
$ apachectl -t
Syntax OK
6. CRS Configuration
$ cd /usr/local/modsecurity/
$ wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/2.2.9.tar.gz
$ tar -xvf 2.2.9.tar.gz
$ mv owasp-modsecurity-crs-2.2.9 crs
$ cd crs
$ mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
activated_rules
all the rules that you find here:modsecurity_crs_99_whitelist.conf
inside the activated_rules
folder and add the following whitelist directives at the end of the file:# Apache 2.4
IncludeOptional /usr/local/modsecurity/crs/*.conf
IncludeOptional /usr/local/modsecurity/crs/activated_rules/*.conf
# Apache 2.2
Include /usr/local/modsecurity/crs/*.conf
Include /usr/local/modsecurity/crs/activated_rules/*.conf
8. Activate ModSecurity
DetectionOnly
in order to stop bad things happening we need to change the SecRuleEngine
directive and turn it On
!$ cd /etc/httpd/conf.d
$ sudo sed -i "s/SecRuleEngine DetectionOnly/SecRuleEngine On/" modsecurity.conf
9. Read the log!
SecAuditLog logs/modsec_audit.log