mkdir /root/work/modsecurity
cd /root/work/modsecurity
apt-get install libapache2-modsecurity
(configure mod_security)
vim /etc/apache2/mods-available/mod-security.conf
(add the following)
# Default Debian dir for modsecurity's persistent data
SecDataDir /var/cache/modsecurity
# Include all the *.conf files in /etc/modsecurity.
# Keeping your local configuration in that directory
# will allow for an easy upgrade of THIS file and
# make your life easier
Include "/etc/modsecurity/*.conf"
STOP HERE UNLESS YOU KNOW WHICH RULES TO ENABLE WITHOUT BREAKING VIRTUALMIN!!!
(enables rules)
#cd /root/work/modsecurity/owasp/base_rules/
#for f in * ; do ln -s /root/work/modsecurity/owasp/base_rules/$f /etc/modsecurity/$f;done
#cd /root/work/modsecurity/owasp/optional_rules/
#for f in * ; do ln -s /root/work/modsecurity/owasp/optional_rules/$f /etc/modsecurity/$f; done
#cd /root/work/modsecurity/owasp/slr_rules/
#for f in * ; do ln -s /root/work/modsecurity/owasp/slr_rules/$f /etc/modsecurity/$f; done
(some housekeeping)
cd /etc/modsecurity
rm -f modsecurity_crs_50_outbound.conf
I did get it to install without breaking virtualmin, but many of my clients have php code that doesn’t like the mod_security rules. I had to remove them to get everyone working.
Very disappointing that mod_security logs are so hard to read…