-
Notifications
You must be signed in to change notification settings - Fork 51
Installation from Source (Ubuntu 20.04)
Warning: ModSecurity-apache is NOT stable. Development for ModSec apache connector is outdated.
Also, refer to current bug after installation:
AH00526: Syntax error on line 106 of /etc/apache2/conf-available/crs-setup.conf: Invalid command 'SecDefaultAction', perhaps misspelled or defined by a module not included in the server configuration
This is the error we get if we use apache2’s Include directive on crs-setup and the /rules directory.
TBD: How to Include crs-setup and rules directory without throwing an error.
WAF: ModSecurity 3.0.4
OS: Ubuntu Server 20.04 (4GB+ RAM for compiling)
Server: Apache 2.4
Module: ModSecurity-apache module
Rule set: OWASP ModSecurity Core Rule Set
=> Fresh server using non-root user => Using directory /opt/ModSecurity for application => Using directory /opt/ModSecurity/ModSecurity-apache for module => Using directory /opt/ModSecurity/coreruleset for OWASP Rule set => Using nano in bash: press "Ctrl + S" to save files, "Ctrl + X" to close => Alternatively, press "Ctrl + X", type "Y" & press enter to save & close
sudo apt-get update
Ensure DNS setup is correct before continuing Install apache2 server and apache2-dev libraries
sudo apt install -y apache2 apache2-dev sudo systemctl start apache2
Required packages to compile ModSecurity3 on Ubuntu Server 20.04 (Focal)
sudo apt install -y dh-autoreconf automake pkg-config doxygen valgrind bison flex libyajl-dev libgeoip-dev libmaxminddb-dev liblmdb-dev libfuzzy-dev lua5.3 libcurl4-openssl-dev libfuzzy-dev liblua5.3-dev libcurl4-openssl-dev libxml2-dev libpcre2-dev libpcre3-dev
Change --branch "v3/master" to current release if necessary
sudo git clone --single-branch --branch v3/master https://github.com/SpiderLabs/ModSecurity /opt/ModSecurity/ cd /opt/ModSecurity sudo git submodule init && sudo git submodule update sudo ./build.sh
Then run ./configure or view section "Other Options" below.
sudo ./configure --with-curl=/usr --with-lmdb=/usr
If this is how you want to configure, then scroll to section Make & Make Install ModSecurity.
To enable the "Other Options", read the Other Options section and add each applicable option to your sudo ./configure… command.
+ afl fuzzer (beyond the scope of this guide)
+ Building parser
--enable-parser-generation
+ pm operations
--enable-mutex-on-pm
Enabling both, the ./configure will be:
sudo ./configure --with-curl=/usr --with-lmdb=/usr --enable-parser-generation --enable-mutex-on-pm
SecDebugLog appears to be enabled by default (SecDebugLog….enabled), but this is the argument for ./configure:
sudo ./configure --with-curl=/usr --with-lmdb=/usr --enable-debug-logs
Ensure "Configuration Output" has found LibCURL, YAJL, LMDB, LibXML2, SSDEEP, LUA, and your included other options (as an example, all options are included except afl fuzzer)
ModSecurity - v3.0.4-87-g8da787a3 for Linux
Mandatory dependencies
+ libInjection ....v3.9.2-30-gbf234eb
+ SecLang tests ....d03f4c1
Optional dependencies
+ GeoIP/MaxMind ....found
* (MaxMind) v1.4.2
-lmaxminddb, -DWITH_MAXMIND -I/usr/include/x86_64-linux-gnu
* (GeoIP) v1.6.12
-lGeoIP, -I/usr/include/
+ LibCURL ....found v7.68.0
-lcurl, -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL
+ YAJL ....found v2.1.0
-lyajl, -DWITH_YAJL -I/usr/include/yajl
+ LMDB ....found
-llmdb, -DWITH_LMDB -I/usr/include
+ LibXML2 ....found v2.9.10
-lxml2, -I/usr/include/libxml2 -DWITH_LIBXML2
+ SSDEEP ....found
-lfuzzy -L/usr/lib/x86_64-linux-gnu/, -DWITH_SSDEEP -I/usr/include
+ LUA ....found v503
-llua5.3 -L/usr/lib/x86_64-linux-gnu/, -DWITH_LUA -DWITH_LUA_5_3 -I/usr/include/lua5.3
Other Options
+ Test Utilities ....enabled
+ SecDebugLog ....enabled
+ afl fuzzer ....disabled
+ library examples ....enabled
+ Building parser ....enabled
+ Treating pm operations as critical section ....enabled
Copy modsecurity.conf to apache2 mods-available
sudo cp /opt/ModSecurity/modsecurity.conf-recommended /etc/apache2/mods-available/modsecurity.conf
sudo nano /etc/apache2/apache2.conf
Paste the following:
# Load .so, Include .conf, and enable ModSec LoadModule security3_module /usr/lib/apache2/modules/mod_security3.so
Ensure "security3_module (shared)" module presence
sudo apache2ctl -M | grep sec
Output should be: security3_module (shared)
Restart apache2 to ensure stability
sudo systemctl restart apache2.service
Change --branch if necessary
sudo git clone --single-branch --branch master https://github.com/SpiderLabs/ModSecurity-apache /opt/ModSecurity/ModSecurity-apache cd /opt/ModSecurity/ModSecurity-apache sudo ./autogen.sh sudo ./configure --with-libmodsecurity sudo make sudo make install
Change --branch if necessary
sudo git clone --single-branch --branch v3.3/master https://github.com/coreruleset/coreruleset /opt/ModSecurity/coreruleset/ sudo git submodule init && sudo git submodule update
Depending on your system design, you may rename .example configs & remove examples.
cd /opt/ModSecurity/coreruleset/rules sudo cp RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf && sudo rm RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example && sudo cp REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf && sudo rm REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example
Copy OWASP CRS rules to apache2
sudo cp -r /opt/ModSecurity/coreruleset/rules /etc/apache2/
Until the bug is fixed, this will be required to prevent the unicode.mapping error
sudo nano /etc/apache2/mods-available/modsecurity.conf
Comment out the line:
SecUnicodeMapFile unicode.mapping 20127
sudo nano /etc/apache2/apache2.conf
# Load mod_security3.so LoadModule security3_module /usr/lib/apache2/modules/mod_security3.so # Enable ModSecurity & link config modsecurity on modsecurity_rules_file /etc/apache2/mods-available/modsecurity.conf # Include coreruleset & rules #Include /etc/apache2/conf-available/crs-setup.conf #Include /etc/apache2/rules/*.conf
We leave the last two Includes commented and then
sudo nano apache2ctl restart
Server should restart with no errors.