Ubuntu 12.04 Precise LTS: Install ModSecurity for Apache 2 web server

1. Install ModSecurity:

    sudo apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev libapache-mod-security

   If your Ubuntu is 64bit, you need to fix a bug:

   sudo ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2

2. Configure ModSecurity:

   sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf; sudo vi /etc/modsecurity/modsecurity.conf
       

   Enable the rule engine:

   SecRuleEngine On

   Increase the request body size limit to 10Mb(Optional, only if your site accepts uploads):

   SecRequestBodyLimit 10000000
   SecRequestBodyInMemoryLimit 10000000

3. Check the ModSecurity version:

   dpkg -s libapache-mod-security | grep Version

   The installed ModSecurity version is:

   Version: 2.6.3-1ubuntu0.2

4. Install OWASP ModSecurity Core Rule Set:
   1. Download the rule set(version 2.2.5 because the latest version requires ModSecurity 2.7.0+):

      wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5 -O /tmp/owasp.tar.gz

   2. Extract the package:

      cd /tmp; tar -zxvf owasp.tar.gz; rm owasp.tar.gz

   3. Copy the directory to /etc/modsecurity, and set the permissions:

      sudo mv SpiderLabs-owasp-modsecurity-crs-5c28b52/ /etc/modsecurity/owasp-crs
      sudo chmod -R 644 /etc/modsecurity/owasp-crs

   4. Link the rules to /etc/modsecruity/owasp-crs/activated_rules directory:

      sudo mv /etc/modsecurity/owasp-crs/modsecurity_crs_10_setup.conf.example /etc/modsecurity/owasp-crs/modsecurity_crs_10_setup.conf
      cd /etc/modsecurity/owasp-crs/activated_rules/
      sudo ln -s ../modsecurity_crs_10_setup.conf
      for f in $(ls ../base_rules/); do sudo ln -s ../base_rules/$f; done
      for f in $(ls ../optional_rules/); do sudo ln -s ../optional_rules/$f; done

   5. Modify /etc/apache2/mods-available/mod-security.conf to include the rules:

      sudo vi /etc/apache2/mods-available/mod-security.conf

      Add the following line:

      Include "/etc/modsecurity/owasp-crs/activated_rules/*.conf"

   6. Enable headers module:

      sudo a2enmod headers

      This to fix the following error:

      Syntax error on line 29 of /etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_49_header_tagging.conf:
      Invalid command 'RequestHeader', perhaps misspelled or defined by a module not included in the server configuration
      Action 'configtest' failed.
      The Apache error log may have more information.
         ...fail!

      when restarting apache2.
5. Enable ModSecurity module and restart apache2:

   sudo a2enmod mod-security; sudo /etc/init.d/apache2 restart

See also

• http://ubuntuforums.org/showthread.php?t=1661930
• Failed to start apache after installed OWASP rule set, Error:"Syntax error on line 52 of /opt/modsecurity/etc/activated_rules/modsecurity_crs_20_protocol_violations.conf:Error parsing actions: Unknown action: ver"