Server version: Apache/2.4.34 (Unix)
Server built: Sep 5 2018 03:04:41
What version of mod_security do you try to install there?
Try Mod Security Version 2.6.5 for Apache 2.4.x
2. Take the source files
$ wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
3. Install Dependencies Libraries
# apt-get install apache2-dev # apt-get install liblua5.1-0-dev # apt-get install libxml2-dev
# yum install httpd-devel # yum install libxml2-devel # yum install lua-static
$ which apxs /usr/sbin/apxs
4. Extract and Install
$ tar -xvf modsecurity-2.9.1.tar.gz $ cd modsecurity-2.9.1
$ ./configure --with-apxs=/usr/sbin/apxs
$ make $ sudo make install
/usr/local/modsecurity/lib/mod_security2.so/usr/lib/apache2/modules/mod_security2.so/usr/local/apache2/modules/mod_security2.so
mod_security2.so is present inside the Apache modules folder, if not, copy the file inside the folder.httpd.conf or apache2.conf)Include /etc/httpd/conf/extra/00_modsecurity.conf
vi /etc/httpd/conf/extra/00_modsecurity.conf
LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so
<IfModule mod_security2.c>
Include /etc/httpd/conf/extra/modsecurity.d/modsecurity.conf
Include /etc/httpd/conf/extra/modsecurity.d/00_asl_0_global.conf
#Include /etc/httpd/conf/extra/modsecurity.d/00_asl_rbl.conf
Include /etc/httpd/conf/extra/modsecurity.d/00_asl_whitelist.conf
Include /etc/httpd/conf/extra/modsecurity.d/00_asl_z_antievasion.conf
Include /etc/httpd/conf/extra/modsecurity.d/00_asl_zz_strict.conf
Include /etc/httpd/conf/extra/modsecurity.d/01_asl_content.conf
Include /etc/httpd/conf/extra/modsecurity.d/05_asl_exclude.conf
Include /etc/httpd/conf/extra/modsecurity.d/05_asl_scanner.conf
Include /etc/httpd/conf/extra/modsecurity.d/09_asl_rules_antievasion.conf
Include /etc/httpd/conf/extra/modsecurity.d/10_asl_antimalware.conf
Include /etc/httpd/conf/extra/modsecurity.d/10_asl_antimalware_output.conf
Include /etc/httpd/conf/extra/modsecurity.d/10_asl_rules.conf
Include /etc/httpd/conf/extra/modsecurity.d/11_asl_data_loss.conf
Include /etc/httpd/conf/extra/modsecurity.d/20_asl_useragents.conf
Include /etc/httpd/conf/extra/modsecurity.d/30_asl_antimalware.conf
#Include /etc/httpd/conf/extra/modsecurity.d/30_asl_antispam.conf
#Include /etc/httpd/conf/extra/modsecurity.d/30_asl_antispam_referrer.conf
Include /etc/httpd/conf/extra/modsecurity.d/40_asl_apache2-rules.conf
Include /etc/httpd/conf/extra/modsecurity.d/50_asl_rootkits.conf
Include /etc/httpd/conf/extra/modsecurity.d/60_asl_recons.conf
Include /etc/httpd/conf/extra/modsecurity.d/61_asl_recons_dlp.conf
Include /etc/httpd/conf/extra/modsecurity.d/98_asl_jitp.conf
Include /etc/httpd/conf/extra/modsecurity.d/99_asl_exclude.conf
Include /etc/httpd/conf/extra/modsecurity.d/99_asl_jitp.conf
Include /etc/httpd/conf/extra/modsecurity.d/99_asl_redactor.conf
#Include /etc/httpd/conf/extra/modsecurity.d/domain-spam-whitelist.conf
Include /etc/httpd/conf/extra/modsecurity.d/trusted-domains.conf
</IfModule>
*********************************************************************************
2. Take the source files
$ wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
3. Install Dependencies Libraries
# apt-get install apache2-dev # apt-get install liblua5.1-0-dev # apt-get install libxml2-dev
# yum install httpd-devel # yum install libxml2-devel # yum install lua-static
$ which apxs /usr/sbin/apxs
4. Extract and Install
$ tar -xvf modsecurity-2.9.1.tar.gz $ cd modsecurity-2.9.1
$ ./configure --with-apxs=/usr/sbin/apxs
$ make $ sudo make install
/usr/local/modsecurity/lib/mod_security2.so/usr/lib/apache2/modules/mod_security2.so/usr/local/apache2/modules/mod_security2.so
mod_security2.so is present inside the Apache modules folder, if not, copy the file inside the folder.httpd.conf or apache2.conf)libxml2 and lua5.1 before enabling ModSecurity with something like this:#The libraries can be in different locations #For Ubuntu: LoadFile /usr/lib/x86_64-linux-gnu/libxml2.so LoadFile /usr/lib/x86_64-linux-gnu/liblua5.1.so #For Centos: LoadFile /usr/lib64/libxml2.so LoadFile /usr/lib64/liblua-5.1.so
httpd.conf or apache2.conf# [IMPORTANT] Put this directive before the Include directives! LoadModule security2_module modules/mod_security2.so
5. Configuration
modsecurity-2.9.1) and follow these commands.$ cd modsecurity-2.9.1 $ cp modsecurity.conf-recommended /etc/apache2/conf-available/modsecurity.conf $ cp unicode.mapping /etc/apache2/conf-enabled/ $ cd /etc/apache2/conf-enabled $ ln -s /etc/apache2/conf-available/modsecurity.conf .
$ cd modsecurity-2.9.1 $ cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf $ cp unicode.mapping /etc/httpd/conf.d/
apache2.conf or httpd.conf there will be a directive like# For Ubuntu: IncludeOptional conf-enabled/*.conf # For Centos: Include conf.d/*.conf
$ apachectl -t Syntax OK
6. CRS Configuration
$ cd /usr/local/modsecurity/ $ wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/2.2.9.tar.gz $ tar -xvf 2.2.9.tar.gz
$ mv owasp-modsecurity-crs-2.2.9 crs $ cd crs $ mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
activated_rules all the rules that you find here:modsecurity_crs_99_whitelist.conf inside the activated_rules folder and add the following whitelist directives at the end of the file:# Apache 2.4 IncludeOptional /usr/local/modsecurity/crs/*.conf IncludeOptional /usr/local/modsecurity/crs/activated_rules/*.conf # Apache 2.2 Include /usr/local/modsecurity/crs/*.conf Include /usr/local/modsecurity/crs/activated_rules/*.conf
8. Activate ModSecurity
DetectionOnly in order to stop bad things happening we need to change the SecRuleEngine directive and turn it On!$ cd /etc/httpd/conf.d $ sudo sed -i "s/SecRuleEngine DetectionOnly/SecRuleEngine On/" modsecurity.conf
9. Read the log!
SecAuditLog logs/modsec_audit.log
