fduran/gist:1947100

## gistfile1.txt
# www.fduran.com
# installing mod_security http://www.modsecurity.org (Debian-based distro)

# apachectl -M
apache2: Could not reliably determine the server's fully qualified domain name, using boxmetric.com for ServerName
Loaded Modules:
 core_module (static)
 log_config_module (static)
 logio_module (static)
 mpm_prefork_module (static)

install apxs:
# apt-get install apache2-prefork-dev

check:
# apxs2

# apt-get install libxml2 libxml2-dev

check if already installed: libpcre3 libapr1 libaprutil1

download from http://www.modsecurity.org/download/ :

# cd /usr/local/src/
# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.3.tar.gz
# tar zxvf modsecurity-apache_2.6.3.tar.gz
# cd modsecurity-apache_2.6.3
# ./configure
# make

For some reason "make" tryes to make also mlogc which is optional, if making mlogc fails but before that there are no errors then it should be fine (mod_security2.so exists).

# ln -s /usr/local/src/modsecurity-apache_2.6.3/apache2/.libs/mod_security2.so /usr/lib/apache2/modules/mod_security2.so

# echo "LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so" > /etc/apache2/mods-available/security2.load
# a2enmod security2
# /etc/init.d/apache2 restart

check module is loaded:
# apachectl -M |grep security
Syntax OK
 security2_module (shared)

test for example with default configuration from http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#A_Recommended_Base_Configuration
copy into /etc/apache2/conf.d/mod_security , restart apache to check
	# www.fduran.com
	# installing mod_security http://www.modsecurity.org (Debian-based distro)

	# apachectl -M
	apache2: Could not reliably determine the server's fully qualified domain name, using boxmetric.com for ServerName
	Loaded Modules:
	core_module (static)
	log_config_module (static)
	logio_module (static)
	mpm_prefork_module (static)

	install apxs:
	# apt-get install apache2-prefork-dev

	check:
	# apxs2

	# apt-get install libxml2 libxml2-dev

	check if already installed: libpcre3 libapr1 libaprutil1

	download from http://www.modsecurity.org/download/ :

	# cd /usr/local/src/
	# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.3.tar.gz
	# tar zxvf modsecurity-apache_2.6.3.tar.gz
	# cd modsecurity-apache_2.6.3
	# ./configure
	# make

	For some reason "make" tryes to make also mlogc which is optional, if making mlogc fails but before that there are no errors then it should be fine (mod_security2.so exists).

	# ln -s /usr/local/src/modsecurity-apache_2.6.3/apache2/.libs/mod_security2.so /usr/lib/apache2/modules/mod_security2.so

	# echo "LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so" > /etc/apache2/mods-available/security2.load
	# a2enmod security2
	# /etc/init.d/apache2 restart

	check module is loaded:
	# apachectl -M \|grep security
	Syntax OK
	security2_module (shared)

	test for example with default configuration from http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#A_Recommended_Base_Configuration
	copy into /etc/apache2/conf.d/mod_security , restart apache to check