Ubuntu 12.04 precise LTS: Install modsecurity for Apache 2 Web Server

Install modsecurity:

sudo apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev libapache-mod-security

If your Ubuntu is 64bit, you need to fix a bug:

sudo ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2

Configure modsecurity:

sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf; sudo vi /etc/modsecurity/modsecurity.conf

Enable the rule engine:

SecRuleEngine On

Increase the Request body size limit to 10 MB (optional, only if your site accepts uploads ):

SecRequestBodyLimit 10000000SecRequestBodyInMemoryLimit 10000000

Check the modsecurity version:

dpkg -s libapache-mod-security | grep Version

The installed modsecurity version is:

Version: 2.6.3-1ubuntu0.2

Install
OWASP modsecurity core rule set:

1. Download the Rule Set (version 2.2.5 because the latest version requires modsecurity 2.7.0 + ):

   wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5 -O /tmp/owasp.tar.gz

2. Extract the package:

   cd /tmp; tar -zxvf owasp.tar.gz; rm owasp.tar.gz

3. Copy the directory to/etc/modsecurity, and set the permissions:

   sudo mv SpiderLabs-owasp-modsecurity-crs-5c28b52/ /etc/modsecurity/owasp-crssudo chmod -R 644 /etc/modsecurity/owasp-crs

4. Link the rules to/etc/modsecruity/OWASP-CRS/activated_rules directory:

   sudo mv /etc/modsecurity/owasp-crs/modsecurity_crs_10_setup.conf.example /etc/modsecurity/owasp-crs/modsecurity_crs_10_setup.confcd /etc/modsecurity/owasp-crs/activated_rules/sudo ln -s ../modsecurity_crs_10_setup.conffor f in $(ls ../base_rules/); do sudo ln -s ../base_rules/$f; donefor f in $(ls ../optional_rules/); do sudo ln -s ../optional_rules/$f; done

5. Modify/etc/apache2/mod-available/mod-security.conf to include the rules:

   sudo vi /etc/apache2/mods-available/mod-security.conf

   Add the following line:

   Include "/etc/modsecurity/owasp-crs/activated_rules/*.conf"

6. Enable headers module:

   sudo a2enmod headers

   This to fix the following error:

   Syntax error on line 29 of /etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_49_header_tagging.conf:Invalid command 'RequestHeader', perhaps misspelled or defined by a module not included in the server configurationAction 'configtest' failed.The Apache error log may have more information.   ...fail!

   When restarting apache2.

Enable modsecurity module and restart apache2:

sudo a2enmod mod-security; sudo /etc/init.d/apache2 restart