How To Install ModSecurity On Linux Mint 20.2
To Install ModSecurity On Linux Mint 20.2
Introduction :
ModSecurity is a plug-in module for Apache that works like a firewall. ModSecurity can also monitor web traffic in real time and help you detect and respond to intrusions. It can be used with Apache, Nginx, and IIF and is compatible with Debian, Ubuntu, and CentOS.
Installation procedure :
Step 1 : Check the OS Version by using the below command
root@linuxhelp:~# lsb_release -a
No LSB modules are available.
Distributor ID: Linuxmint
Description: Linux Mint 20.2
Release: 20.2
Codename: uma
Step 2 : Install the Modsecurity by using the below command
root@linuxhelp:~# apt-get install libapache2-mod-security2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
liblua5.1-0 modsecurity-crs
Suggested packages:
lua geoip-database-contrib ruby python
The following NEW packages will be installed:
libapache2-mod-security2 liblua5.1-0 modsecurity-crs
0 upgraded, 3 newly installed, 0 to remove and 16 not upgraded.
Need to get 527 kB of archives.
After this operation, 4,202 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu focal/universe amd64 liblua5.1-0 amd64 5.1.5-8.1build4 [99.9 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal/universe amd64 libapache2-mod-security2 amd64 2.9.3-1 [224 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal/universe amd64 modsecurity-crs all 3.2.0-1 [203 kB]
Step 3 : check if the mod_security module is running, use the following command we can view a module named security2_module (shared) which indicates that the module was loaded
root@linuxhelp:~# apachectl -M | grep --color security
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
security2_module (shared)
Step 4 : Edit the apache2.conf comfiguration file by using the below command
root@linuxhelp:~# nano /etc/apache2/apache2.conf
ServerName localhost
Step 5 : Restart the apache2 web server by using the below command
root@linuxhelp:~# systemctl restart apache2
Step 6 : Check the Security module is enabled or not by using the below command
root@linuxhelp:~# apachectl -M | grep --color security
security2_module (shared)
Step 7 : Enable the mod_security rules and rename and edit the mod security recommended configuration file by using the below command
root@linuxhelp:~# mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Step 8 : Set the SecRuleEngine option to On and run use the below command
root@linuxhelp:~# nano /etc/modsecurity/modsecurity.conf
SecRuleEngine On
Step 9 : Restart the apache2 web server by using the below command
root@linuxhelp:~# systemctl restart apache2
Step 10 : There are lot of security rules that come with Modesecurity (called the Core Rule Set) that are located in the “/usr/share/modsecurity-crs” directory. Now we need to enable these rules to get it working with Apache
root@linuxhelp:~# nano /etc/apache2/mods-enabled/security2.conf
IncludeOptional “/usr/share/modsecurity-crs/*.con”
IncludeOptional “/usr/share/modsecurity-crs/base_rules/*.conf
Step 11 : Restart the apache2 web server by using the below command
root@linuxhelp:~# systemctl restart apache2
With this the process of installing Modsecurity On Linux Mint 20.2 has comes to an end
HTTP protection - detecting violations of the HTTP protocol and a locally defined usage policy. Common Web Attacks Protection - detecting common web application security attacks. Automation detection - Detecting bots, crawlers, scanners, and another surface malicious activity.