Tutorial News Comments FAQ Related Articles

How To Install ModSecurity On Linux Mint 20.2

{{postValue.id}}

To Install ModSecurity On Linux Mint 20.2

Introduction :

ModSecurity is a plug-in module for Apache that works like a firewall. ModSecurity can also monitor web traffic in real time and help you detect and respond to intrusions. It can be used with Apache, Nginx, and IIF and is compatible with Debian, Ubuntu, and CentOS.

Installation procedure :

Step 1 : Check the OS Version by using the below command

root@linuxhelp:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Linuxmint
Description:	Linux Mint 20.2
Release:	20.2
Codename:	uma

Step 2 : Install the Modsecurity by using the below command

root@linuxhelp:~# apt-get install libapache2-mod-security2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  liblua5.1-0 modsecurity-crs
Suggested packages:
  lua geoip-database-contrib ruby python
The following NEW packages will be installed:
  libapache2-mod-security2 liblua5.1-0 modsecurity-crs
0 upgraded, 3 newly installed, 0 to remove and 16 not upgraded.
Need to get 527 kB of archives.
After this operation, 4,202 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu focal/universe amd64 liblua5.1-0 amd64 5.1.5-8.1build4 [99.9 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal/universe amd64 libapache2-mod-security2 amd64 2.9.3-1 [224 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal/universe amd64 modsecurity-crs all 3.2.0-1 [203 kB]

Step 3 : check if the mod_security module is running, use the following command we can view a module named security2_module (shared) which indicates that the module was loaded

root@linuxhelp:~# apachectl -M | grep --color security
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
 security2_module (shared)

Step 4 : Edit the apache2.conf comfiguration file by using the below command

root@linuxhelp:~# nano /etc/apache2/apache2.conf 
ServerName	localhost

Step 5 : Restart the apache2 web server by using the below command

root@linuxhelp:~# systemctl restart apache2

Step 6 : Check the Security module is enabled or not by using the below command

root@linuxhelp:~# apachectl -M | grep --color security
 security2_module (shared)

Step 7 : Enable the mod_security rules and rename and edit the mod security recommended configuration file by using the below command

root@linuxhelp:~# mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Step 8 : Set the SecRuleEngine option to On and run use the below command

root@linuxhelp:~# nano /etc/modsecurity/modsecurity.conf 
SecRuleEngine On

Step 9 : Restart the apache2 web server by using the below command

root@linuxhelp:~# systemctl restart apache2

Step 10 : There are lot of security rules that come with Modesecurity (called the Core Rule Set) that are located in the “/usr/share/modsecurity-crs” directory. Now we need to enable these rules to get it working with Apache

root@linuxhelp:~# nano /etc/apache2/mods-enabled/security2.conf 
IncludeOptional  “/usr/share/modsecurity-crs/*.con”
IncludeOptional  “/usr/share/modsecurity-crs/base_rules/*.conf

Step 11 : Restart the apache2 web server by using the below command

root@linuxhelp:~# systemctl restart apache2

With this the process of installing Modsecurity On Linux Mint 20.2 has comes to an end

Tags:
Author: 

Comments ( 0 )

No comments available

Frequently asked questions ( 5 )

Q

What is meant by ModSecurity?

A

ModSecurity is an open-source Web Application Firewall (WAF) that can be installed as a module inside the Apache, Nginx, or IIS web servers.

Q

What is the difference between ModSecurity and CRS?

A

ModSecurity is a firewall engine that can inspect traffic on your web server. It can log and block requests. However, an engine does nothing without a certain policy. The CRS delivers a policy where requests to your web applications are inspected for various attacks, and malicious traffic is blocked.

Q

What is a Virtual Patch and why should I care?

A

Fixing identified vulnerabilities in web applications always requires time. Organizations often do not have access to a commercial application's source code and are at the vendor's mercy while waiting for a patch. Even if they have access to the code, implementing a patch in development takes time.

Q

What attacks do the Core Rules protect against?

A

In order to provide generic web applications protection, the Core Rules use the following techniques:
HTTP protection - detecting violations of the HTTP protocol and a locally defined usage policy. Common Web Attacks Protection - detecting common web application security attacks. Automation detection - Detecting bots, crawlers, scanners, and another surface malicious activity.

Q

What's new in ModSecurity and why should I upgrade if I am already using ModSecurity 1. x?

A

In order to use the OWASP ModSecurity Core Rules, you must use the 2. x version of ModSecurity as it takes advantage of specific features not available in previous versions.

Back To Top!