Comments on: How to mod_security Ubuntu 9.04

By: Chris

Chris — Fri, 06 Aug 2010 16:19:32 +0000

I’m using Ubuntu 10.04.1 server and most of the instructions by bodhi worked with a few alterations:

I solved the problem with apache complaining about the input and cdata errors, by moving the modsecurity directory one level down (to /etc/apache2/modsecurity), renaming modsecurity2.conf to just modsecurity2, and then altering the lines in modsecurity2 to reflect the new location.

Also if you’re doing this with the most up-to-date version of the rules, you have to Include modsecurity/*.conf and modsecurity/base_rules/*.conf (etc.)

Hope this is helpful.

By: TanRen

TanRen — Fri, 16 Apr 2010 23:26:08 +0000

nevermind. i figured out my problem (aside from apache being the last thing i do on a friday).
:P

By: TanRen

TanRen — Fri, 16 Apr 2010 23:08:10 +0000

excellent work.

my only issue so far is that apache complains of syntax errors on line 132 and 170 of _40_generic_attacks.data (include not closed and !cdata not closed ). these paticular lines are actually comments, so i am guessing that its the directive before said lines.
i don’t speak apache well (or at all really, i am a code monkey learning to be a ninja :p) so looking at the file i don’t see quite what the error is referring to. are these errors that will keep the mod from working, or does it just break the directive? hmmmmm.

any help or pointers would be much appreciated.

using ubuntu 9.10 2.6.31-20-server 64bit.

namo buddhya my friend

By: Configuring Mod Security (Web Application Firewall) | Tech Rocket Science

Configuring Mod Security (Web Application Firewall) | Tech Rocket Science — Sat, 13 Mar 2010 11:59:51 +0000

[...] Install and configure mod_secure: [...]

By: bodhi.zazen

bodhi.zazen — Thu, 11 Mar 2010 21:41:45 +0000

Mike: Glad it worked out for you =)

By: Mike

Mike — Thu, 11 Mar 2010 15:13:32 +0000

“Thanks, m8!
I’m no expert in server administration or Linux, however your tutorial worked for me. I was trying to install this for weeks now and you make it simple for me. You got my respect :)
BTW, I have Ubuntu 8.04, you might want to change the post to let others know it works with this version, too.
Thanks again!

Comment by Gadgets — May 16, 2009 @ 3:31 am”

I hope you are Australian… anyway I am running 8.04.1 and I cannot install mod_sec with the instructions given and I cannot install apxs to compile mod_sec either…

Help would be appreciated.

Mike

By: David

David — Tue, 09 Mar 2010 16:53:28 +0000

(crap editor removed lines)
Add brackets below as appropriate.

IfModule security2_module
SecServerSignature “Microsoft-IIS/5.0″
/IfModule

By: David

David — Tue, 09 Mar 2010 16:50:58 +0000

(Disclaimer my system is Ubuntu 9.10 but should apply to other flavors as well)
If you followed the above instructions and it appears to not be working you should verify that the module name is correct and is enabled.

First check the module is enabled by looking in the /etc/apache2/mods-enabled directory. There should be s symbolic link named mod-security.load.

Look at the contents of that file ‘more mod-security.load’
The 2nd of that file was:
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so

So in one of your apache config files that is loaded you would need to specify it as:

SecServerSignature “Microsoft-IIS/5.0″

(spaced added after >’s in case they are interpreted by this editor)

You can verify that the module is working then with the above config by checking if ‘curl -i YOURDOMAIN.COM’ returns Microsoft-IIS/5.0 for the server instead of Apache.

By: bodhi.zazen

bodhi.zazen — Mon, 15 Feb 2010 04:19:34 +0000

Yes, it takes some time to sort out mod_security.

http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/modsecurity2-apache-reference.html#N107B3

By: Andre

Andre — Sun, 14 Feb 2010 21:27:28 +0000

One more thing, the servertokens are still there.
Which config or rule takes care of this?

Those rules are little bit complex for a “mod_security” noob.
But it’s a must have for a public webserver.

thanks