Christian WellsIn today’s digital landscape, ensuring the security of your web server is crucial. With the increasing prevalence of cyber threats, it is essential to implement robust security measures to protect your website and its data. One powerful tool that can help fortify your server against attacks is ModSecurity. In this article, we will guide you through the process of setting up ModSecurity with Apache on Ubuntu 22.04, step by step.
Table of Contents
- Introduction
- Prerequisites
- Installing Apache Web Server
- Installing ModSecurity
- Configuring ModSecurity
- Installing the OWASP Core Rule Set
- Verifying ModSecurity
- Configuring Logrotate
- Conclusion
1. Introduction
ModSecurity is a free and open-source firewall tool that works in conjunction with web servers like Apache, Nginx, and IIS. It acts as a signature-based firewall, capable of blocking various types of attacks, including cross-site scripting (XSS), brute force attacks, and known code injection attacks. By providing customizable rule sets, ModSecurity allows you to tailor your server’s security according to your specific needs. Additionally, it offers real-time web traffic monitoring, enabling you to detect and respond to intrusions promptly.
In this tutorial, we will focus on setting up ModSecurity with Apache on Ubuntu 22.04. Apache is a widely used web server with excellent support for ModSecurity. By combining these two powerful tools, you can significantly enhance the security of your web server.
2. Prerequisites
Before we begin the installation process, let’s ensure that we have met the necessary prerequisites:
- A server running Ubuntu 22.04.
- A root password configured on your server.
3. Installing Apache Web Server
Our first step is to install the latest version of the Apache web server package on our Ubuntu 22.04 server. To do this, follow these steps:
3.1 Install Dependencies
Start by installing all the required dependencies by running the following command:
apt install gnupg2 software-properties-common curl wget git unzip -y
3.2 Add Apache Repository
Next, add the Apache repository to your server by executing the following command:
add-apt-repository ppa:ondrej/apache2 -y
This command will add the Apache repository to your server’s list of available software sources.
3.3 Update Repository and Install Apache
To ensure that you are installing the latest version of Apache, update the repository cache and install the Apache package:
apt update -y apt install apache2 -y
Upon successful installation, you can proceed to the next step.
4. Installing ModSecurity
Now that we have Apache installed, we can proceed with installing the ModSecurity Apache module. Follow these steps:
4.1 Install ModSecurity Package
To install the ModSecurity package, run the following command:
apt install libapache2-mod-security2 -y
This command will install the ModSecurity Apache module on your server.
4.2 Enable ModSecurity Module
After the installation is complete, enable the ModSecurity module with the following command:
a2enmod security2
This command will enable the ModSecurity module, allowing Apache to utilize its security features.
4.3 Restart Apache
To apply the changes, restart the Apache service by running the following command:
systemctl restart apache2
You can verify the status of Apache using the command:
systemctl status apache2
If Apache is running properly, you will see an output similar to the following:
apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-10-18 10:49:42 UTC; 4s ago Docs: https://httpd.apache.org/docs/2.4/ Main PID: 74449 (apache2) Tasks: 55 (limit: 2242) Memory: 29.7M CPU: 229ms CGroup: /system.slice/apache2.service ├─74449 /usr/sbin/apache2 -k start ├─74450 /usr/sbin/apache2 -k start └─74451 /usr/sbin/apache2 -k start
At this point, Apache is successfully installed with ModSecurity enabled.
5. Configuring ModSecurity
Now that ModSecurity is installed, we need to configure it to suit our server’s security requirements. Follow these steps to configure ModSecurity:
5.1 Edit ModSecurity Configuration
To begin, open the ModSecurity configuration file using your preferred text editor:
nano /etc/apache2/mods-enabled/security2.conf
5.2 Uncomment the Required Line
Within the configuration file, find the line that starts with IncludeOptional /etc/modsecurity/*.conf and uncomment it by removing the # symbol at the beginning of the line. This line ensures that ModSecurity loads all the configuration files within the /etc/modsecurity/ directory.
Save and close the file.
5.3 Rename the ModSecurity Configuration File
Next, we need to rename the ModSecurity configuration file by executing the following command:
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
This command renames the recommended configuration file to modsecurity.conf, which ModSecurity will use during runtime.
5.4 Edit the ModSecurity Configuration File
Open the modsecurity.conf file for editing:
nano /etc/modsecurity/modsecurity.conf
5.5 Modify Rule Engine and Audit Log Settings
Within the configuration file, locate the lines that start with SecRuleEngine and SecAuditLogParts. Modify them as follows:
SecRuleEngine On
SecAuditLogParts ABCEFHJKZ
These settings enable the rule engine and specify which parts of the audit log to include.
Save and close the file.
5.6 Restart Apache
To apply the changes, restart the Apache service once again:
systemctl restart apache2
The ModSecurity configuration is now complete.
6. Installing the OWASP Core Rule Set
To enhance the security of your web application, it is recommended to install the OWASP core rule set. This rule set provides additional protection against common web vulnerabilities. Follow these steps to install the OWASP core rule set:
6.1 Download the Rule Set
Start by downloading the latest version of the OWASP core rule set using the following command:
wget https://github.com/coreruleset/coreruleset/archive/v3.3.0.tar.gz
This command will download the rule set archive file.
6.2 Extract the Rule Set
Once the download is complete, extract the contents of the archive using the following command:
tar xvf v3.3.0.tar.gz
This command will extract the rule set files to a directory named coreruleset-3.3.0/.
6.3 Move the Rule Set
Create a directory to store the rule set files and move the extracted files to that directory:
mkdir /etc/apache2/modsecurity-crs mv coreruleset-3.3.0/ /etc/apache2/modsecurity-crs
6.4 Rename the Configuration File
Navigate to the OWASP rules directory and rename the configuration file:
cd /etc/apache2/modsecurity-crs/coreruleset-3.3.0/ mv crs-setup.conf.example crs-setup.conf
6.5 Update ModSecurity Configuration
Open the ModSecurity configuration file for editing:
nano /etc/apache2/mods-enabled/security2.conf
6.6 Add Rule Set Paths
Within the configuration file, add the following lines to include the OWASP rule sets:
IncludeOptional /etc/apache2/modsecurity-crs/coreruleset-3.3.0/crs-setup.conf IncludeOptional /etc/apache2/modsecurity-crs/coreruleset-3.3.0/rules/*.conf
These lines ensure that Apache loads the OWASP rule sets during runtime.
Save and close the file.
6.7 Verify Apache Configuration
To verify the Apache configuration for any syntax errors, run the following command:
apache2ctl -t
If there are no syntax errors, you will see the message Syntax OK.
6.8 Restart Apache
Finally, restart the Apache service to apply the new configuration:
systemctl restart apache2
The OWASP core rule set is now installed and configured with ModSecurity.
7. Verifying ModSecurity
At this point, you have successfully set up ModSecurity with Apache on your Ubuntu 22.04 server. To ensure that ModSecurity is working correctly, we can perform a few tests. Follow these steps:
7.1 Test 1: Executing Shell Commands
To test ModSecurity’s protection against command injection attacks, we can try executing a shell command using thecurl command-line tool. Run the following command:
curl http://localhost/index.html?exec=/bin/bash
If ModSecurity is functioning correctly, you should receive a 403 Forbidden error, indicating that you don’t have permission to access the resource.
7.2 Test 2: Path Traversal
To test ModSecurity’s protection against path traversal attacks, run the following command:
curl localhost?doc=/bin/ls
Again, if ModSecurity is working as expected, you will receive a 403 Forbidden error.
7.3 Checking the ModSecurity Log
To gain more insight into ModSecurity’s actions, you can check the ModSecurity log. Use the following command to view the log entries:
tail /var/log/apache2/modsec_audit.log
This command will display the latest log entries related to ModSecurity’s activities.
8. Configuring Logrotate
If you are running a high-traffic website, the ModSecurity audit log can quickly become large and occupy significant disk space. To address this, you can configure log rotation for the ModSecurity audit log. Follow these steps:
8.1 Edit Logrotate Configuration
Open the ModSecurity logrotate configuration file in your preferred text editor:
nano /etc/logrotate.d/modsec
8.2 Configure Log Rotation
Within the file, add the following lines to configure log rotation:
hin the file, add the following lines to configure log rotation:
/var/log/apache2/modsec_audit.log { rotate 31 daily missingok compress delaycompress notifempty }
These settings will rotate the log file daily, compress it, and keep up to 31 rotated log files.
Save and close the file.
9. Conclusion
In this article, we have covered the step-by-step process of setting up ModSecurity with Apache on Ubuntu 22.04. By following these instructions, you have successfully enhanced the security of your web server. ModSecurity, with its customizable rule sets, provides an additional layer of protection against various types of attacks. By installing the OWASP core rule set, you further fortify your server against common web vulnerabilities.
Remember to regularly update ModSecurity and the OWASP core rule set to stay protected against emerging threats. With ModSecurity and Apache working together, you can ensure the security and integrity of your web applications.
If you have any questions or need further assistance, feel free to reach out to Shape.host. Shape.host offers reliable and secure Linux SSD VPS hosting solutions tailored to your specific needs. Protect your online assets with Shape.host’s robust cloud hosting services.
