ModSecurity is a free, open-source Web Application Firewall supported by different web servers like Apache, IIS, and Nginx. It is deployed as an external security layer to protect web servers.
In this tutorial, you will learn how to install ModSecurity firewall with pre-installed Nginx. We have used Ubuntu 20.04 server to demonstrate the process.
Pre-requisites
Nginx installed on Ubuntu server
Installation Guide
If you don’t have Nginx installed on your server, follow this guide to fulfill the Modsecurity installation requirement:
https://linuxways.net/ubuntu/how-to-install-nginx-on-ubuntu-20-04-lts-using-source-code/
Now that you have installed Nginx, let’s get started with installing ModSecurity.
Step 1:
Install libmodsecurity3
First of all, install git on your machine so that you can clone the ModSecurity git repository. We can do it by running this command:
sudo apt install git -y
Now that git is installed, clone the repository by running this command:
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity /usr/local/src/ModSecurity/
Step 2: Go to the Modsecurity directory
Now that you have cloned the modsecurity git repository, go the modsecurity directory following the path below:
cd /usr/local/src/ModSecurity/
Step 3: Install libmodsecurity3 dependencies
Now that we are inside the Modsecurity directory, we will install libmodsecurity3 dependencies in this step. Run this command:
sudo apt install gcc make build-essential autoconf automake libtool libcurl4-openssl-dev liblua5.3-dev libfuzzy-dev ssdeep gettext pkg-config libpcre3 libpcre3-dev libxml2 libxml2-dev libcurl4 libgeoip-dev libyajl-dev doxygen -y
Step 4: Install Git modules
Now, install git submodules with the help of this command:
git submodule init
Next, we will update the submodules:
git submodule update
Step 5: Build the modsecurity environment
It is time to build the modsecurity environment. To do that, run the following command:
./build.sh
Now configure using this command:
./configure
After this, you will get this error:
It is okay to ignore this and move on.
Step 6: Compile the modsecurity source code
Now we will compile the environment for libmodsecurity3 with this command:
make
If you want to increase the speed of compiling, you can specify -j
make -j 4
Next, we will run the install command:
sudo make install
The installation is done in the /usr/local/modsecurity/.
Step 7: Install modsecurity-nginx connector
In this step, we will install Modsecurity-nginx connector. It is the connection and communication point between Nginx and ModSecurity.
First of all, we need to clone the connector repository. Do that by running this command:
sudo git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
/usr/local/src/ModSecurity-nginx/
Step 8: Install modsecurity-nginx dependencies
First, go to Nginx source directory like this:
cd /usr/local/src/nginx/nginx-1.21.1
Make sure to replace the Nginx version in the command with your current Nginx version otherwise you will get an error.
To install the necessary dependencies, run this command:
sudo apt build-dep nginx && sudo apt install uuid-dev -y
Next, we will compile the Modsecurity-nginx connector module with the –with-compat flag by running this command:
sudo ./configure --with-compat --add-dynamic-module=/usr/local/src/ModSecurity-nginx
Now run this command to create the dynamic modules:
sudo make modules
Now, copy the dynamic module you just created in the objs/ngx_http_modsecurity_module.so to /usr/share/nginx/modules with the help of this command:
sudo cp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/
Step 9: Enable Modsecurity in Nginx configuration file
To enable Modsecurity in Nginx, you need to first specify the load-module and path to your modsecurity module in the configuration.
Open Nginx configuration file with the nano editor like this:
sudo nano /etc/nginx/nginx.conf
In the file, add this line on the top:
load_module modules/ngx_http_modsecurity_module.so;
Under the HTTP {} section, add the following code lines:
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/modsec-config.conf;
Step 10: Configure directory and files for modsecurity
Create a directory with the name modsec. The path of the directory is mentioned in the command:
sudo mkdir /etc/nginx/modsec/
You will need this directory in the future to store configuration files and rules.
Now, copy the sample Modsecurity configuration file from cloned git directory with this command:
sudo cp /usr/local/src/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
Now open the modsecurity configuration file:
sudo nano /etc/nginx/modsec/modsecurity.conf
Locate the SecRuleEngine directive in the file on line 7 and change it to DetectionOnly like this:
secruleEngine DetectionOnly
To enable Modsecurity, find change the following directive to On like this:
secRuleEngine on
Now locate the following directive on line 224:
secAuditLogParts ABIJDEFHZ
Change it to:
secAuditLogParts ABCDEFHJKZ
Now create modsec-config.conf file. Here you will add modsecurity.conf and other rules for modsecurity:
sudo nano /etc/nginx/modsec/modsec-config.conf
Inside the file you just created, add this line:
Include /etc/nginx/modsec/modsecurity.conf
Save the file and exit.
Step 11: Copy unicode.mapping file
Finally, copy the Modsecurity’s unicode.mapping file like this:
sudo cp /usr/local/src/ModSecurity/unicode.mapping /etc/nginx/modsec/
Step 12: Check Nginx configuration
Before restarting Nginx, check if the configuration is fine by running this command:
sudo nginx -t
If you get the following output, you are good to go:
Step 13: Reload Nginx
Now restart Nginx with this command:
sudo systemctl restart nginx
In this guide, we saw how we can install Modsecurity on an ubuntu server that already has pre-installed Nginx on it. We also saw how to configure ModSecurity and Nginx to connect them with the help of a few easy-to-follow commands.
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications including CCNA RS, SCP, and ACE. As an IT engineer and technical author, he writes for various websites.
Discover more from Ubuntu-Server.com
Subscribe to get the latest posts sent to your email.
