[SOLVED] What is the difference between "/etc/httpd/conf.d/" and "/etc/httpd/conf.modules.d/" directories?

n00b_noob · 03-02-2021, 12:51 PM

Hello,
I'm using CentOS 8 x86_64 and I installed ModSecurity on it.
According to the https://github.com/coreruleset/corer....4/dev/INSTALL, I must add below lines to the "httpd.conf/apache2.conf" file, but that file is for Debian:

Code:

 <IfModule security2_module>
          Include modsecurity.d/owasp-modsecurity-crs/crs-setup.conf
          Include modsecurity.d/owasp-modsecurity-crs/rules/*.conf
    </IfModule>

I found two files about the ModSecurity:

/etc/httpd/conf.modules.d/10-mod_security.conf
/etc/httpd/conf.d/mod_security.conf

But which file is OK to add above lines?

Thank you.

berndbausch · 03-02-2021, 04:22 PM

Why don't you look inside? They are simple text files. If I remember well, one is for configuring Apache to use mod_security. The other is for configuring mod_security itself. Which is which? I suggest you figure it out.

n00b_noob · 03-03-2021, 12:50 AM

Quote:

Originally Posted by berndbausch

Why don't you look inside? They are simple text files. If I remember well, one is for configuring Apache to use mod_security. The other is for configuring mod_security itself. Which is which? I suggest you figure it out.

Thank you.
I did, but I'm not familiar with it and don't know which one is for configuring Apache to use mod_security and which one is for configuring mod_security itself.
The content of the first file is :

Code:

$ cat /etc/httpd/conf.modules.d/10-mod_security.conf 
LoadModule security2_module modules/mod_security2.so
<IfModule !mod_unique_id.c>
    LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>

And the content of the second file is :
https://paste.ubuntu.com/p/Rtz6jRrwzT/

I added below lines to "/etc/httpd/conf.d/mod_security.conf" file and restarted my Apache:

Code:

IncludeOptional modsecurity.d/owasp-modsecurity-crs/*.conf
IncludeOptional modsecurity.d/owasp-modsecurity-crs/rules/*.conf

But I got below error:

Code:

httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           └─php-fpm.conf
   Active: failed (Result: exit-code) since Wed 2021-03-03 10:23:52 +0330; 13s ago
     Docs: man:httpd.service(8)
  Process: 4023589 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
  Process: 4167747 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 4167747 (code=exited, status=1/FAILURE)
   Status: "Reading configuration..."

Mar 03 10:23:51 extra systemd[1]: Starting The Apache HTTP Server...
Mar 03 10:23:52 extra httpd[4167747]: [Wed Mar 03 10:23:52.263542 2021] [so:warn] [pid 4167747:tid 134683729852736>
Mar 03 10:23:52 extra httpd[4167747]: AH00526: Syntax error on line 829 of /etc/httpd/modsecurity.d/owasp-modsecur>
Mar 03 10:23:52 extra httpd[4167747]: ModSecurity: Found another rule with the same id
Mar 03 10:23:52 extra systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Mar 03 10:23:52 extra systemd[1]: httpd.service: Failed with result 'exit-code'.
Mar 03 10:23:52 extra systemd[1]: Failed to start The Apache HTTP Server.

And line 829 of that file is:

Code:

SecAction \
 "id:900990,\
  phase:1,\
  nolog,\
  pass,\
  t:none,\
  setvar:tx.crs_setup_version=330"   ==> Line 829

I never modified that file!!!

scasey · 03-03-2021, 01:03 AM

This is the definitive documentation for the Apache web server.
Search, read and learn....

berndbausch · 03-03-2021, 02:34 AM

Quote:

Originally Posted by n00b_noob

Code:

$ cat /etc/httpd/conf.modules.d/10-mod_security.conf 
LoadModule security2_module modules/mod_security2.so
<IfModule !mod_unique_id.c>
    LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>

LoadModule is an Apache directive. This is to configure Apache.

Quote:

Originally Posted by n00b_noob

According to the https://github.com/coreruleset/corer....4/dev/INSTALL, I must add below lines to the "httpd.conf/apache2.conf" file, but that file is for Debian

I think the central config file in Centos is /etc/httpd/conf/httpd.conf.

I can't comment on the rest. Perhaps scasey's link helps.

n00b_noob · 03-03-2021, 05:57 AM

Quote:

Originally Posted by berndbausch

LoadModule is an Apache directive. This is to configure Apache.

I think the central config file in Centos is /etc/httpd/conf/httpd.conf.

I can't comment on the rest. Perhaps scasey's link helps.

If you look at https://paste.ubuntu.com/p/Rtz6jRrwzT/, it has a "# ModSecurity Core Rules Set and Local configuration" section that start with "IncludeOptional". because of it, I added that lines to this section!!

n00b_noob · 03-06-2021, 05:03 AM

My problem solved.
I removed the rules that I installed manually and problem solved. Kind of conflict.
When you install "mod_security_crs" package, then it installed the OWASP ModSecurity Core Rule Set.

berndbausch · 03-06-2021, 06:18 AM

Quote:

Originally Posted by n00b_noob

My problem solved.

If I may comment on your question: You didn't mention any problem until now. If you want the community to help you solve the problem, state it.