ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. I like to think about it as an enabler: there are no hard rules telling you what to do; instead, it is up to you to choose your own path through the available features. That’s why the title of this section asks what ModSecurity can do, not what it does.
- Real-time application security monitoring and access control
- Full HTTP traffic logging
- Continuous passive security assessment
- Web application hardening
ModSecurity is an Apache module, you can add it to any compatible version of Apache. The embedded option is a great choice for those who already have their architecture laid out and don’t want to change it. Embedded deployment is also the only option if you need to protect hundreds of web servers. In such situations, it is impractical to build a separate proxy-based security layer. It not only does not introduce new points of failure, but it scales seamlessly as the underlying web infrastructure scales. The main challenge with embedded deployment is that server resources are shared between the web server and ModSecurity.
Installation
Install the apache2 module
$ sudo apt-get install libapache2-mod-security2
you can verify the installation with this command
$ sudo apachectl -M | grep security
security2_module (shared)
next, lets make the recommended rules active
$ mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Now the ModSecurity is in detection-only mode, lets turn it on. in /etc/modsecurity/modsecurity.conf , the Engine is in detection mode (SecRuleEngine DetectionOnly) . we have to turn it on. so replace that line by this SecRuleEngine on .
restart apache2 webserver to take effects
$ sudo systemctl restart apache2
By default, mod_security comes with core rule set (security rules) located at /usr/share/modsecurity-crs directory. But it is recommended to download the mod_security CRS from GitHub repository.
First, remove the default CRS with the following command:
$ sudo rm -rf /usr/share/modsecurity-crs
Next, download the latest version of mod_security CRS with the following command:
$ sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
Next, rename the example setup file with the following command:
$ cd /usr/share/modsecurity-crs $ sudo mv crs-setup.conf.example crs-setup.conf
You can do this by configuring /etc/apache2/mods-enabled/security2.conf file, Change the file as shown below:
<IfModule security2_module>SecDataDir /var/cache/modsecurityIncludeOptional /etc/modsecurity/*.confIncludeOptional "/usr/share/modsecurity-crs/*.confIncludeOptional "/usr/share/modsecurity-crs/rules/*.conf</IfModule>
Save and close the file to finish the installation, then restart apache service.
$ sudo systemctl restart apache2
this is how we install ModSecurity In apache2 + ubuntu !
