ModSecurity Configuration - ricky-ninh/tech-journal-SEC-440-01SL GitHub Wiki

ModSecurity is an open source firewall. It provides protection from web applications attacks and allows for HTTP traffic monitoring, logging and access control.

Remember when installing anything, always use least privilege and use a sudo user.

Note: You should install ModSecurity on the server that's hosting Apache as you will need Apache for this

  1. Update the packages by running the command sudo dnf update

app server modsecurity sudo dnf update repo

  1. Run the command sudo dnf config-manager --set-enabled powertools to install the required build tools

app server modsecurity sudo dnf config manager

  1. Install additional repositories with these commands:

sudo dnf install epel-release -y

sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y

sudo dnf config-manager --set-enabled remi

image

image

image

image

image

  1. Run the command sudo dnf install gcc-c++ flex bison yajl curl-devel curl zlib-devel pcre-devel autoconf automake git curl make libxml2-devel pkgconfig libtool httpd-devel redhat-rpm-config git wget openssl openssl-devel vim GeoIP-devel doxygen yajl-devel libmaxminddb libmaxminddb-devel GeoIP-devel lmdb lmdb-devel ssdeep-devel lua-devel perl-File-Path -y to install the required dependencies

image

  1. Run the command sudo mkdir ~/modsec to create a temporary directory to store the source tarballs

image

  1. Run the command cd ~/modsec to go into the modsec directory.

Run the command wget -P ~/modsec https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.5/modsecurity-v3.0.5.tar.gz to download the ModSecurity source code

image

image

  1. Run the command sudo tar xzf modsecurity-v3.0.5.tar.gz to extract the ModSecurity source code

image

  1. Run the command cd modsecurity-v3.0.5.tar.gz to go to the modsecurity source directory.

Run the command sudo ./build.sh to configure modsecurity to adapt it to your linux system and see if there's any required dependency that is missing

image

image

You can ignore the fatal: messages

  1. Run the command sudo ./configure --with-maxmind=no to fix any dependency issue just in case there is any

image

  1. Run the commands sudo make and sudo make install to compile and install ModSecurity on Rocky Linux 8

image

image

  1. Go back to the root directory with the command cd ~ and clone the git repository for the ModSecurity Apache connector with the command sudo git clone https://github.com/SpiderLabs/ModSecurity-apache

image

  1. Run the command cd ModSecurity-apache to go into the ModSecurity-apache directory. Once you're there, run the commands sudo ./autogen.sh , sudo ./configure --with-libmodsecurity=/usr/local/modsecurity/, sudo make, and sudo make install to compile and install the ModSecurity-apache repository

image

image

image

image