How do I install ModSecurity 2.7.0?
 

Hi,

I can't find any documentation to install 2.7.0. I already have an earlier version (2.6.3) installed (why did aptitude send me 2.6.3 while 2.7.0 stable is already out?)

Inside the 2.7.0 folder, i get those files:

CHANGES Makefile.in README_WINDOWS.TXT apache2 build doc mlogc stamp-h1 tools
LICENSE NOTICE aclocal.m4 authors.txt configure
ext modsecurity.conf-recommended standalone unicode.mapping
Makefile.am README.TXT alp2 autogen.sh configure.ac iis nginx tests

How do I go about installing 2.7.0?

Thanks a lot in advance

Regards

<<Reply Removed>> I misread your post. Sorry, ignore me.

I guess that 2.7.0 could be used in Debian Sid in some months.
So far Fedora 19 has mod_security-2.7.0-2.fc19. Release: June 2013.

cd modsecurity-apache_2.7.0/
patch -p0 < mod_security-fix-build-with-libxml29.patch
./configure --prefix=/usr/ --enable-pcre-match-limit=1000000 \
--enable-pcre-match-limit-recursion=1000000

make
make install

patch, mod_security.conf http://dl.fedoraproject.org/pub/fedo...2.fc19.src.rpm

.

Hi
Thanks for your response.

I downloaded the missing patch (mod_security-fix-build-with-libxml29.patch) and successfully patched it.

Then I enter ./configure --prefix=/usr/ --enable-pcre-match-limit=1000000 --enable-pcre-match-limit-recursion=1000000

Then, after many lines starting with "checking", it gives me the following alert:

configure: looking for Apache module support via DSO through APXS
configure: error: couldn't find APXS


What did I do wrong?

Thanks a lot

What distro are you using, Debia, Ubuntu, Aptosid? IF you are using Debian you could try this (Though if you are using Debian stable I wouldn't recommend this at all.) If it is available in any of the Debian branches repo's you can try this, 2.7.0 might not be there yet. I am using Debian and this process I have only tried on Debian. All that I mention below you can do AT YOUR OWN RISK. Also DO NOT do an dist-upgrade while these newly added repos are active, even if it says updates are available. If you do then your whole system will be updated to the newest versions of the programs. This could break everything badly. Just look for your software, mod_security, then take those repos out of the sources.list if you can find it and install it.

READ WARNING BELOW BEFORE YOU DO ANYTHING!

Backup your data.

If you dont' have unstable in your sources.list(AKA SID) then,

from terminal
su
your_password

cd /etc/apt
(use what ever text editor you want in the terminal. For this example I will use nano)
nano sources.list

add deb http://ftp.debian.org/debian/ unstable main contrib non-free
deb-src http://ftp.debian.org/debian/ unstable main contrib non-free


aptitude update
aptitude search <<package_name_here>>
aptitude install <<package_name_here>>

If you already have the above repo's in your sources.list then try this,

add deb http://ftp.debian.org/debian/ experimental main to /etc/apt/sources.list

then in the terminal tpe

aptitude update
aptitude install -t experimental <<package_name_here>>

Pay attention to any warnings about conflicts. Hit no until you find a solution you like. If you don't find a solution or if you are unsure then hit q for quit.



WARNING: NOW BEFORE YOU TRY THIS. this is experimental, which means it has NOT been tested. You might end up breaking your whole system. If you are unsure on how to do this and can't afford to mess things up than DON'T DO IT. If You are using certain Debian based distro's this MIGHT work as well. IF YOU BREAK ANYTHING I DID WARN YOU.

Hi Rodebian,

Thanks for your message and warning.
I am using Ubuntu 12.04 LTS 64 bits.

I installed the latest OWASP modsecurity set of rules and it requires 2.7.0 otherwise, apache throws an error when it starts.

Does your solution work as well with Ubuntu?

Also, since I'm a beginner in Lunix, should I wait that aptitude puts up an automated update of modsecurity, to make it easier?

Thanks a lot

Ubuntu 12.04 was released April 2012 and Modsecurity 2.7 was released October 2012, so you will net get an automated update to Modsecurity 2.7 until next April's 13.04 release.

Ok in that case two things. You are a beginner so I wouldn't try the above just yet. Also since you are using Ubuntu I would NOT AT ALL try what I said above. Ubuntu has its own way even though it is based on Debian. However if you ever try Debian in the future you could do something like I mentioned above, once you are more familiar and comfortable with Linux and your distro.

I would just wait then. Ubuntu is pretty good with updating its software. It is better being safe then sorry. In the mean time you could read up on aptitude, Ubuntu, Linux, mod security, etc., while you wait for the updated version to be added to Ubuntu repo's.

Actually, I may have found a solution at http://wiki.tkoeppen.com/display/doc...che2+in+Ubuntu

It tells me to do install apache apxs, then libxml2-dev and finally libcurl4-gnutls-dev

Would this be worth trying, without adding some unnecessary files to my server?

Thanks

^--- No, I would be extremely mistrustful of this 2008 how-to from a non-Ubuntu.com source.

Can you take a step back and explain your project/goal to us? I consider myself a somewhat intermediate user but I do not understand what you are trying to do here; help me to see the bigger picture. Is there a feature you need that the stable and tested software provided by Ubuntu fails to provide?

Hi,
I am in fact just trying to get the latest version of OWASP set of rules to work with my apache, but it throws an error when I start apache:

* Starting web server apache2
Syntax error on line 52 of /etc/modsecurity/base_rules/modsecurity_crs_20_protocol_violations.conf:
Error parsing actions: Unknown action: ver
Action 'start' failed.

The reason for that is that it needs modsecurity 2.7.0 to work, but the one I have is a slightly older version.

I am not trying to do anything sophisticated, all I want is to have the latest version of OWASP set of rules, for maximum security.
Also, since 2.7.0 Stable was just released, I thought it would be good to install it.

I'm sorry, I don't know what the OWASP set of rules are. I did not realize they were necessary for maximum security in Ubuntu. There are some Ubuntu security tips here, if you get stuck: http://ubuntuforums.org/showthread.php?t=510812

Generally speaking, Ubuntu's security policy is to fix bugs in existing/provided software, rather than to provide new versions that might change functionality. More details here (written for Red Hat but applies equally to Ubuntu): https://access.redhat.com/security/updates/backporting/

In other words they will not provide Modsecurity 2.7 as a mid-life update for a previously-released version, because this would require admins to test their code against the new module, as opposed to security-patching 2.6.3, which is a safe upgrade.

Good luck!

You can find your answer at : http://www.root25.com/2012/11/how-to...-tutorial.html
This website will show you
1. How to install mod security on Ubuntu (Step by Step with pictures)
2. How to setup OWAPS rules set on it.
3. How to access and check the log.
4. There is another article in the same site about how to implement "Reverse Proxy + Mod Security"
5. There is another article in the same site about how to visualize the log output into charts...

Ubuntu 12.04 uses mod-security 2.6.3

The excellent tutorial at:

http://www.root25.com/2012/11/how-to...-tutorial.html

doesn't work any more because the mod-security core rules are newer. You either ned to compile the newer version of modsecurity or get the older core rules. Use this tutorial to use the older rules:

http://notepad2.blogspot.com/2012/11...s-install.html