How to install mod security on Centos 7.x with apache?

Mod_Security is an open-source web application firewall. It monitors the incoming web request to your web server in real-time. It protects your web application against various attacks such as session hijacking, SQL injection, cross-site scripting, etc. on web applications using the added rulesets. It supports by the web-browsers such as Apache, Nginx, and IIS.

Please refer to the following steps to install mod security on CentOS 7.x

  1. At first, run the below command to update the software repository.

    sudo yum update -y
  2. Install mod security using the below command.

    sudo yum install mod_security -y
  3. You can check the mod security version with the below command.

    sudo yum info mod_security

Configure ModSecurity

After the installation, configure the mod security to detect and log suspicious activity.

  1. We will copy the default ModSecurity config file to a new file.

    sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
  2. Open the ModSecurity.conf file in your favorite editor.

    vi /etc/modsecurity/modsecurity.conf
  3. At the top of the file, locate SecRuleEngine DetectionOnly. Change the DetectionOnly to On.

    DetectionOnly On
  4. Save your changes to the ModSecurity.conf file.

  5. Restart the apache service on your server.

    systemctl restart apache2

How to Download OWASP Core Rule Set

We can download the latest ModSecurity core ruleset (CRS) from the Open Web Application Security Project (OWASP) at CoreRuleSet.org to ensure that we have the latest ModSecurity rules.

  1. Run the below command to install Git.

    sudo yum install git
  2. Download the CRS copy from git using the below command.

    git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
  3. Open it with the cd command.

    cd owasp-modsecurity-crs
  4. Move the CRS file to mod security and move the rules as well.

    sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf
    sudo mv rules/ /etc/modsecurity
  5. Open the security2.conf file and verify that it is set to load mod_security rules.

    sudo nano /etc/apache2/mods-enabled/security2.conf
    
  6. Below two lines should remain uncommented.

    IncludeOptional /etc/modsecurity/*.conf
    Include /etc/modsecurity/rules/*.conf
  7. Restart the apache service with the below command.

    sudo systemctl restart httpd.service

Related Articles

How to Install LEMP Stack (Nginx, MariaDB, PHP7.2) on Ubuntu 18.04 LTS?

Nginx, MariaDB and PHP7.2 are called (LEMP). Following are the steps to install LEMP on Ubuntu...

How to find all files/folders with 777 permission in Linux?

First of all, let us understand the meaning of 777 file permission in Linux. Suppose, any of the...

How to List All Files Ordered by Size in Linux?

In Linux, we can list all the files using the ls command. Here, we will share some commands which...

How to modify the maximum number of POP3 connections in WHM/cPanel?

In case, you are getting the error Error – Maximum number of connections from user+IP exceeded...

How do I enable apache file and directory indexing in Linux or UNIX?

There are 2 ways to enable apache file and directory indexing. Using Apache config file : You...

  • 0 Users Found This Useful

Was this answer helpful?