Ubuntu 18.04 Apache ModSecurity Setup

Ubuntu 18.04 Apache ModSecurity Setup

Which application is used as firewall open-source? It is nothing but ModSecurity alias Modsec. Leaving all this aside, you must know the importance of a firewall. It acts as the filtering part by ignoring unauthorized access to your server. Modsec gives more offers to HyperText Transfer Protocol (HTTP). You can use it freely with other features such as filtering, logging and monitoring the request on the server of Apache.

This would help you to work against more vulnerabilities such as the Rule Set of ModSecurity OWASP.

Step 1: Check whether Ubuntu has Apache installation. If not, kindly update it by executing the below command:

Code:
$ sudo apt-get update
Start installing the Apache by executing the below command:

Code:
$ sudo apt-get install Apache2
Just keep pressing on the key “Y” and then tap on the button “Enter”.

If you have installed the Apache already, you will get the message as:

Code:
apache2 is already the newest version
Now, you can install ModSecurity by running the command:

Code:
$ sudo apt-get install libapache2-mod-security2
Now do Apache restart by executing the below command:

Code:
$ sudo service apache2 restart
Just run the below command to check the module is enabled or not:

Code:
$ sudo apachectl -M | grep security
Here is the output:

Code:
security2_module (shared)
ModSecurity Configuration:

The engine of ModSecurity runs with a set of rules. These kinds of rules will decide on web server communication. Based on the configuration, you will get more features such as executing script, redirection and passing too. The configuration file has default one in /etc/modsecurity/modsecurity.conf-recommended. Just copy it to /etc/ModSecurity/ModSecurity.conf for enabling it and configuring ModSecurity.

Code:
$ sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Use nano editor, for the editing the copied one:

Code:
$ sudo nano /etc/modsecurity/modsecurity.conf
Just do value change from DetectionOnly to SecRuleEngine

Code:
$ SecRuleEngine = on
Tap on CTRL + X and Press “Y” later Enter.

Restarting Apache will help you to change the values:

Code:
$ sudo systemctl restart apache2
The default value is situated at the directory /usr/share/modsecurity-crs.

Renaming the directory of default rules:


Code:
$ sudo mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bk
Use Git-Hub for downloading the new set of rules:

Code:
$ sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
Use the command mentioned below to copy the configuration of sample one:

Code:
$ sudo cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
You need to kick start the command by editing the file /etc/apache2/mods-enabled/security2.conf by using the editor nano:

Code:
$ sudo nano /etc/apache2/mods-enabled/security2.conf
Just add the below lines at the end of the statement:

Code:
$ IncludeOptional /usr/share/modsecurity-crs/*.conf
$ IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf
Just press “CTRL + X and then keep pressing on the file “Y”. Tap on the button “Enter”!

Do Apache restart again by executing the command? Yes!

Code:
$ sudo systemctl restart apache2
ModSecurity Test:

Check the trigger of rules in ModSecurity by executing the suspicious activity in the browser.

http://127.0.0.1/index.html?exec=/bin/bash

By now, you will get an error forbidden message. You are protected with the Apache webserver.
Author
kumkumsharma
Views
2,653
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from kumkumsharma

Top