Webmin ModSecurity Setup - Virtualmin ModSecurity - Debian OWASP ModSecurity Rules

We can install ModSecurity to protect various code injection attacks.

Here I'm configuring ModSecurity with OWASP rule set for Debian 11 system.

1) Download and install Apache ModSecurity

apt update -y

apt install libapache2-mod-security2

systemctl restart apache2

2) Check installed software version, if it's at least 2.9:

apt-cache show libapache2-mod-security2 | grep -E '(Version|Package)'

3) Now, configure ModSecurity:

cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

4) Edit the ModSecurity configuration file:

nano /etc/modsecurity/modsecurity.conf

Near the top of the file, you’ll see SecRuleEngine DetectionOnly, Change the DetectionOnly to On, as SecRuleEngine On :

5) Save changes, and restart Apache:

systemctl restart apache2

That's it ! The ModSecurity is installed and configured with default Rule Set (Old version).

OWASP Core Rule Set (CRS)

If you want to update the latest Rule Set, you have to manually download and replace Core Rule Set time to time !

You can learn from https://coreruleset.org/installation/ to download latest Rule set, but read their important notice to match the CRS version with your Server's ModSecurity version.

Obtain your desired version of ruleset from https://github.com/coreruleset/coreruleset/releases

6) Download OWASP RuleSet:

cd /tmp

wget http://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.2.zip

unzip v3.3.2.zip

7) Create and placing the CRS configuration file:

mv coreruleset-3.3.2/crs-setup.conf.example /etc/modsecurity/crs-setup.conf

Important: A crs-setup.conf file may already exist in /etc/modsecurity/crs/crs-setup.conf, if it's exist rename the file as crs-setup.conf.old

8) Move the latest Rules downloaded to take effect:

mv coreruleset-3.3.2/rules/ /etc/modsecurity/

Remember that the default version (Old version rule set) of Rules is already exist in /usr/share/modsecurity-crs/rules/, but that will no hamper because we are going to set the new path in next step.

9) Edit the Apache's mod security configuration:

nano /etc/apache2/mods-enabled/security2.conf

Find the line IncludeOptional /etc/modsecurity/*.conf, and add a new line Include /etc/modsecurity/rules/*.conf underneath this line. Additionally, comment out the IncludeOptional /usr/share/modsecurity-crs/*.load line.

10) Restart Apache

systemctl restart apache2

Well Done. And lookup the protection log:

Enjoy !

Search This Blog

EUBilal Blog

Pages

Webmin ModSecurity Setup - Virtualmin ModSecurity - Debian OWASP ModSecurity Rules

We can install ModSecurity to protect various code injection attacks.

1) Download and install Apache ModSecurity

2) Check installed software version, if it's at least 2.9:

3) Now, configure ModSecurity:

4) Edit the ModSecurity configuration file:

5) Save changes, and restart Apache:

OWASP Core Rule Set (CRS)

6) Download OWASP RuleSet:

7) Create and placing the CRS configuration file:

8) Move the latest Rules downloaded to take effect:

9) Edit the Apache's mod security configuration:

10) Restart Apache

Wholesale Servers LLC

Post a Comment

Post a Comment

Webmin ModSecurity Setup - Virtualmin ModSecurity - Debian OWASP ModSecurity Rules

We can install ModSecurity to protect various code injection attacks.

1) Download and install Apache ModSecurity

2) Check installed software version, if it's at least 2.9:

3) Now, configure ModSecurity:

4) Edit the ModSecurity configuration file:

5) Save changes, and restart Apache:

OWASP Core Rule Set (CRS)

6) Download OWASP RuleSet:

7) Create and placing the CRS configuration file:

8) Move the latest Rules downloaded to take effect:

9) Edit the Apache's mod security configuration:

10) Restart Apache

Wholesale Servers LLC

You may like these posts

Post a Comment

Post a Comment