apt-get update
apt-get dist-upgrade # not mandatory but recommended
apt-get install apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libyajl-dev make curl
mkdir /tmp/modsecstaging && cd /tmp/modsecstaging
curl -LO https://www.modsecurity.org/tarball/2.9.0/modsecurity-2.9.0.tar.gz
tar xvf modsecurity-2.9.0.tar.gz
cd modsecurity-2.9.0
./configure --prefix=/usr/local
make
sudo make install
mkdir /etc/modsecurity
cp /tmp/modsecstaging/modsecurity-2.9.0/{modsecurity.conf-recommended,unicode.mapping} /etc/modsecurity
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
mkdir /var/cache/modsecurity
chown www-data /var/cache/modsecurity
edit /etc/modsecurity/modsecurity.conf and change SecAuditLog to /var/log/apache2/modsec_audit.log
create /etc/apache2/mods-available/security2.load with contents:
# Depends: unique_id
LoadFile /usr/lib/x86_64-linux-gnu/libxml2.so.2
LoadModule security2_module /usr/local/lib/mod_security2.so
create /etc/apache2/mods-available/security2.conf with contents:
<IfModule security2_module>
SecDataDir /var/cache/modsecurity
Include /etc/modsecurity/modsecurity.conf
Include "/usr/local/share/owasp-modsecurity-crs-master/modsecurity_crs_10_setup.conf"
Include "/usr/local/share/owasp-modsecurity-crs-master/activated_rules/*.conf"
</IfModule>
configure core rules:
cd /tmp
curl -LO https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/master.tar.gz
tar xvf master.tar.gz -C /usr/local/share
cd /usr/local/share/owasp-modsecurity-crs-master
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
activate the rules you want by symlinking in the activated_rules dir:
cd activated_rules
ln -s ../base_rules/* .
activate the module and restart apache:
a2enmod security2
service apache2 restart
apachectl -M | grep security2 # should show the module
if you enabled the base rules, try to access:
http://<YOUR_HOST>/?param='; drop database test; --
you should see entries in /var/log/apache2/error.log and /var/log/apache2/modsec_audit.log.