mod_security question

Discussion in 'Linux VPS/Dedicated - cPanel' started by Nalco, Oct 22, 2007.

  1. Nalco

    Nalco New Member

    I just installed mod_security through the Cpanel/plugins interface. The install was successful as far as I can tell.

    I've noticed through searching around that the mod_security files seem to be in different locations on my server than they are when manually installing. Mine are in:

    /usr/local/cpanel/modules-install/modsecurity-Linux-i686/

    as opposed to

    /usr/local/apache/conf/.

    Also, there doesnt seem to be anything added to the httpd.conf.

    As far I can tell, rules are supposed to be added to
    modsec.user.conf. While I dont have that file, I do have modsec.user.conf.default, so I assuming that I add the rules to that file.

    Any of this making sense?

    Any help with this is greatly appreciated.

    Also, any good rule set suggestions for v1.9 would be interesting to see.

    Thanks!


     
  2. Dan

    Dan Moderator

    Hello Nalco,

    It does not look to me like modsecurity actually got installed for you. The files you are seeing there are the source files and not the installed files which should end up where you are expecting them.

    Are you running Apache 2? I just noticed on my VPS that the files now have the number 2 at the end of the file name so modsec.user.conf becomes modsec2.user.conf. If you don't find it under those file names you may want to shoot a ticked off to support.
     
  3. Nalco

    Nalco New Member

    The Apache version is "Server Version: Apache/2.0.61"

    The server was just built yesterday, and I am trying to lock it down.

    I did another looksy, and the files are only in the "modsecurity-Linux-i686/", and none have the 2 added.

    Its showing in the "cpanel/plugins" panel as installed and gives me the option to uninstall it. Weird.

    I might try to uninstall, and maybe install manually. I'm trying to figure things out before submitting tickets, but if I just cant get it i will.

    Thanks for your reply!
     
  4. Nalco

    Nalco New Member

    Well, I uninstalled, and then tried reinstalling. This time I paid more attention an noticed that all that is happening, is that the install files are being fetched from cpanel.net.

    Code:
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/.cpanelsync.lock[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving......Done"]....@70.87.220.252......connected......receiving......Done[/EMAIL]
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686.tar.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/.cpanelsync.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/modsec.conf.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./modsec.conf ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/modsec.user.conf.default.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./modsec.user.conf.default ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/modsec.sql.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./modsec.sql ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/install.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./install ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/modsecurity.apache.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./modsecurity.apache ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/uninstall.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./uninstall ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/uninstall.sql.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./uninstall.sql ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/version.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./version ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/progversion.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./progversion ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/addon_modsec.cgi.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./addon_modsec.cgi ok (md5 matches)
    Fetching [URL]http://httpupdate.cpanel.net/cpanelsync/addons/modules/modsecurity-Linux-i686/modsecparse.pl.bz2[/URL] (0)[EMAIL="....@70.87.220.252......connected......receiving...100%......Done"]....@70.87.220.252......connected......receiving...100%......Done[/EMAIL]
    Got file ./modsecparse.pl ok (md5 matches)
    This module is now managed via easyapache.
    To keep this message from appearing: Remove its entry from /var/cpanel/addonmodules
    
    Done
    
    Process Complete
    This message "This module is now managed via easyapache." makes me think that I am supposed to do something else, though neither I nor google knows exactly what.

    Any ideas?
     
  5. Dan

    Dan Moderator

    For Apache2 modsecurity is managed using Easyapache and I thought it was installed by default but perhaps not.

    To install modsecurity go to Apache update under software and it is an option in there. You'll be recompiling Apache and PHP though just to let you know. Also if you have a current ruleset for modsecurity 1.x it will no longer work with modsecurity 2 as they have changed the format of the rules.

    I've discovered that my rules haven't been used since the upgrade so if you come across a good ruleset it would be nice if you'd let me know :)
     
  6. khiltd

    khiltd New Member

    Go to Software > Apache Update, when you get to the build config options tick on "Unique ID" and "Mod Security" and then rebuild. I have no idea what the "plugin" interface you mentioned is for at all.
     
  7. Nalco

    Nalco New Member

    AHA!

    Thank you very much! I followed everyones advice, and rebuilt Apache based on my current profile. I used the "continue configuration" option, and found "Mod Security".

    Mod security is now installed thanks to you guys.

    @ Dan:

    I found a set of rules for Apache 2 here

    I haven't added them in yet though, as I am learning that next.

    Thanks again for all your help!!
     

Share This Page