by Paramjit

Goto terminal and follow the given below process.

1. sudo apt-get -y install libapache-mod-security.

2. Using any editor, make a file “/etc/apache2/conf.d/modsecurity2.conf” and put the following contents in the file.

<ifmodule mod_security2.c>
Include conf.d/modsecurity/*.conf
</ifmodule>

3. By default, mod_security logs to /etc/apache2/logs, the following commands will put the log in /var/log/apache2/mod_security and create a symbolic link back to /etc/apache2/logs

sudo mkdir /var/log/apache2/mod_security
sudo ln -s /var/log/apache2/mod_security/ /etc/apache2/logs

4. Download and install rules
sudo mkdir /etc/apache2/conf.d/modsecurity
cd /etc/apache2/conf.d/modsecurity
sudo wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
sudo tar xzvf modsecurity-core-rules_2.5-1.6.1.tar.gz
sudo rm CHANGELOG LICENSE README modsecurity-core-rules_2.5-1.6.1.tar.gz

5. Enable mod_security:
sudo a2enmod mod-security

6. Now restart Apache
/etc/init.d/apache2 restart

7. If you want to disable mod_security you need to add following command into /etc/apache2/conf.d/modsecurity2.conf
<ifmodule mod_security2.c>
SecRuleEngine Off
</ifmodule>

7. if you want to disable mode_security for a specific site then add following command into /etc/apache2/sites-enabled/www.domainName.com
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

8. How to test modsecurity working or not
Nikto Site:http://www.cirt.net/nikto2
Download nikto:
wget http://www.cirt.net/nikto/nikto-current.tar.gz

Install:
tar zxvf nikto-current.tar.gz
@b05s05ur:/home/paramjit/nikto-2.1.4# perl nikto.pl -h www.domainName.com

Install and configure apache mod_secure

Leave a Reply

Your email address will not be published. Required fields are marked *