Tutorial Comments FAQ Related Articles

How to Install ModSecurity on Ubuntu 20.4.1

6615

To Install Modsecurity on Ubuntu 20.4.1

Introduction:

Mod security is a free Apache module that is used to secure our web server from various attacks including SQL injection, cross site scripting, session hijacking, brute force, and other exploits. It also permits us to monitor traffic on a real-time basis. Check OS version by using the below command

root@linuxhelp:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.1 LTS
Release:	20.04
Codename:	focal

You can install mod security using the following command:

root@linuxhelp:~# apt-get install libapache2-mod-security2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  apache2-bin libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.1-0 liblua5.2-0 modsecurity-crs
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom lua geoip-database-contrib ruby python
The following NEW packages will be installed:
  apache2-bin libapache2-mod-security2 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.1-0

check if the mod_security module is running, use the following command You should see a module named security2_module (shared) which indicates that the module was loaded.

root@linuxhelp:~# apachectl -M | grep --color security
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

enable the mod_security rules, you need to rename and edit the mod security recommended configuration file and set the SecRuleEngine option to On For this run the following command:

root@linuxhelp:~# mv /etc/modsecurity/modsecurity.conf-recommended/  /etc/modsecurity/modsecurity.conf/
root@linuxhelp:~# vim /etc/modsecurity/modsecurity.conf

Add/edit the following line in the above opened file:

SecRuleEngine On

Now restart Apache for the changes to take effect.

root@linuxhelp:~# systemctl restart apache2

There are lot of security rules that come with Modesecurity (called the Core Rule Set) that are located in the “/usr/share/modsecurity-crs” directory. Now you need to enable these rules to get it working with Apache.

root@linuxhelp:~# vim /etc/apache2/mods-enabled/security2.conf

Add/edit the following line:

IncludeOptional  “/usr/share/modsecurity-crs/*.con”
IncludeOptional  “/usr/share/modsecurity-crs/base_rules/*.conf

Save the file and restart the Apache service.

root@linuxhelp:~# systemctl restart apache2

With this method Installation of modsecurity on Ubuntu 20.4.1 comes to an end.

Tags:
Author: 

Comments ( 0 )

No comments available

Frequently asked questions ( 5 )

Q

What is meant by ModSecurity?

A

ModSecurity is an open-source Web Application Firewall (WAF). It can be installed as a module inside the Apache, Nginx, or IIS web servers.

Q

What is the difference between ModSecurity and CRS?

A

ModSecurity is a firewall engine that can inspect traffic on your web server. It can log and block requests. However, an engine does nothing without a certain policy. The CRS delivers a policy where requests to your web applications are inspected for various attacks, and malicious traffic is blocked.

Q

What is a Virtual Patch and why should I care?

A

Fixing identified vulnerabilities in web applications always requires time. Organizations often do not have access to a commercial application's source code and are at the vendor's mercy while waiting for a patch. Even if they have access to the code, implementing a patch in development takes time.

Q

What attacks do the Core Rules protect against?

A

In order to provide generic web applications protection, the Core Rules use the following techniques:
HTTP protection - detecting violations of the HTTP protocol and a locally defined usage policy. Common Web Attacks Protection - detecting common web application security attacks. Automation detection - Detecting bots, crawlers, scanners, and other surface malicious activity.

Q

What's new in ModSecurity and why should I upgrade if I am already using ModSecurity 1.x?

A

In order to use the OWASP ModSecurity Core Rules, you must use the 2.x version of ModSecurity as it takes advantage of specific features not available in previous versions.

Related Tutorials in How to Install ModSecurity on Ubuntu 20.4.1

Related Tutorials in How to Install ModSecurity on Ubuntu 20.4.1

How to install Meld tool in Ubuntu
How to install Meld tool in Ubuntu
Feb 25, 2017
How to install Dconf-Editor on Ubuntu 18.04
How to install Dconf-Editor on Ubuntu 18.04
Jul 14, 2018
How to install and update OpenSSL on Ubuntu 16.04
How to install and update OpenSSL on Ubuntu 16.04
Mar 9, 2017
How to install GLib 2.0 on Ubuntu 17.04
How to install GLib 2.0 on Ubuntu 17.04
May 22, 2017
How to Install Android Emulator on Ubuntu 20.4.1
How to Install Android Emulator on Ubuntu 20.4.1
Jul 13, 2021
How To Install AnyDesk on Ubuntu 16.04
How To Install AnyDesk on Ubuntu 16.04
Apr 4, 2018
How to install Genymotion 2.12.1 on Ubuntu 18.04
How to install Genymotion 2.12.1 on Ubuntu 18.04
Jul 9, 2018
How to install Timeshift 18.4 on Ubuntu 18.04
How to install Timeshift 18.4 on Ubuntu 18.04
Jul 6, 2018

Related Forums in How to Install ModSecurity on Ubuntu 20.4.1

Related Forums in How to Install ModSecurity on Ubuntu 20.4.1

Ubuntu
matthew class=
Failed to enable unit: Refusing to operate on linked unit file sshd.service
Apr 15, 2019
Ubuntu
mason class=
Passwd: You may not view or modify password information for root On Ubuntu 19.04
May 27, 2019
Ubuntu
isaac class=
/etc/apt/sources.list Permission denied
May 18, 2017
Ubuntu
yousuf class=
lsb_release command not working : Debian
Jan 18, 2018
ifconfig command
jackbrookes class=
what is the location of the ifconfig program on your machine?
Jan 4, 2018
Ubuntu
mason class=
"E: Package 'php-mcrypt' has no installation candidate" error on Ubuntu 20.4.1
Mar 15, 2021
NFS
luke class=
clnt_create: RPC: Program not registered
Apr 25, 2017
Apache
isaac class=
How to disable apache welcome page on Ubuntu
Dec 15, 2018

Related News in How to Install ModSecurity on Ubuntu 20.4.1

Related News in How to Install ModSecurity on Ubuntu 20.4.1

How To Install Mixxx on Ubuntu 16.04
How To Install Mixxx on Ubuntu 16.04
Oct 11, 2017
Ubuntu 17.04 released with greater expectations
Ubuntu 17.04 released with greater expectations
Apr 15, 2017
Ubuntu Core now available on i.MX6 based TS-4900 thanks to Technologic Systems Inc.
Ubuntu Core now available on i.MX6 based TS-4900 thanks to Technologic Systems Inc.
Mar 1, 2017
Ubuntu 17.10 Artful Aardvark Beta 1 is now here. Download Now
Ubuntu 17.10 Artful Aardvark Beta 1 is now here. Download Now
Sep 2, 2017
Ubuntu Unity is no more: One Linux dream has been axed
Ubuntu Unity is no more: One Linux dream has been axed
Apr 7, 2017
What’s next for Ubuntu Linux Desktop?
What’s next for Ubuntu Linux Desktop?
Apr 11, 2017
Say Hi to Ubuntu's new mascot
Say Hi to Ubuntu's new mascot
Mar 22, 2019
KDE Connect App was removed from Google Play Store and brought back in 24 hours
KDE Connect App was removed from Google Play Store and brought back in 24 hours
Mar 22, 2019
Back To Top!