ModSecurity Configuration - ricky-ninh/tech-journal-SEC-440-01SL GitHub Wiki
ModSecurity is an open source firewall. It provides protection from web applications attacks and allows for HTTP traffic monitoring, logging and access control.
Remember when installing anything, always use least privilege and use a sudo user.
Note: You should install ModSecurity on the server that's hosting Apache as you will need Apache for this
- Update the packages by running the command
sudo dnf update
- Run the command
sudo dnf config-manager --set-enabled powertools
to install the required build tools
- Install additional repositories with these commands:
sudo dnf install epel-release -y
sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
sudo dnf config-manager --set-enabled remi
- Run the command
sudo dnf install gcc-c++ flex bison yajl curl-devel curl zlib-devel pcre-devel autoconf automake git curl make libxml2-devel pkgconfig libtool httpd-devel redhat-rpm-config git wget openssl openssl-devel vim GeoIP-devel doxygen yajl-devel libmaxminddb libmaxminddb-devel GeoIP-devel lmdb lmdb-devel ssdeep-devel lua-devel perl-File-Path -y
to install the required dependencies
- Run the command
sudo mkdir ~/modsec
to create a temporary directory to store the source tarballs
- Run the command
cd ~/modsec
to go into the modsec directory.
Run the command wget -P ~/modsec https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.5/modsecurity-v3.0.5.tar.gz
to download the ModSecurity source code
- Run the command
sudo tar xzf modsecurity-v3.0.5.tar.gz
to extract the ModSecurity source code
- Run the command
cd modsecurity-v3.0.5.tar.gz
to go to the modsecurity source directory.
Run the command sudo ./build.sh
to configure modsecurity to adapt it to your linux system and see if there's any required dependency that is missing
You can ignore the fatal: messages
- Run the command
sudo ./configure --with-maxmind=no
to fix any dependency issue just in case there is any
- Run the commands
sudo make
andsudo make install
to compile and install ModSecurity on Rocky Linux 8
- Go back to the root directory with the command
cd ~
and clone the git repository for the ModSecurity Apache connector with the commandsudo git clone https://github.com/SpiderLabs/ModSecurity-apache
- Run the command
cd ModSecurity-apache
to go into the ModSecurity-apache directory. Once you're there, run the commandssudo ./autogen.sh
,sudo ./configure --with-libmodsecurity=/usr/local/modsecurity/
,sudo make
, andsudo make install
to compile and install the ModSecurity-apache repository