Contents

How to Install mod_security and mod_evasive on Ubuntu 16.04

04 Aug 2018 4 84  0
Install mod_security and mod_evasive on Ubuntu 16.04
Install mod_security and mod_evasive on Ubuntu 16.04

 

 

Want to learn how to   Install mod_security and mod_evasive on Ubuntu 16.04! Apache is a very popular web server, and with that popularity comes a need to ensure its security.

In this tutorial, we will show you how to harden and secure the Apache web server by installing and configuring the mod_security and mod_evasive Apache modules.

I have talked about the ModSecurity and  ubuntu earlier, the details of which you can read in these articles:

  1. How to run a Cron Job
  2. How to Install Virtual Environment on Ubuntu 16.04

Mod_security

Mod_security is a free web application firewall (WAF) Apache module that helps to protect your website from various attacks, such as PHP and SQL injection attacks, cross-site scripting, path traversal attacks, etc. Also, it allows for real-time analysis and HTTP traffic monitoring with little or no changes to existing Apache configurations.

Install mod_security and mod_evasive on Ubuntu 16.04

Mod_evasive is an Apache module that helps to prevent server brute force attacks and HTTP DoS (DDoS) attacks.

 

Login via SSH and update the system

To begin, log in to your Ubuntu 16.04 VPS via SSH as root user:

ssh [email protected]_Address -p Port_number

Make sure that all OS packages are up to date by running the following command-line commands:

apt-get update
apt-get upgrade

You can also enable automatic updates on your VPS.

Prerequisites

The mod_security and mod_evasive Apache modules have several requirements that we have to install on the server in order to run them. We need to have the Apache server installed and running with the mod_headers module enabled.

Install Apache, enable it to start on boot, and start the Apache service:

sudo apt-get install apache2 -y
sudo systemctl enable apache2.service
sudo systemctl start apache2.service

Then, enable the mod_headers module using the following command:

sudo a2enmod headers

Installation of the mod_security module is quite simple. Run the following command:

apt-get install libapache2-modsecurity

After installing, run the following command to enable the mod_security Apache module:

sudo a2enmod security2

We can check if the mod_security module is active and enabled using the following command:

apachectl -M | grep security

If you see the following output:

security2_module (shared)

this means that the mod_security module is enabled. There are no security rules configured by default, so we need to enable the mod_security rules. In order to do so, copy the recommended mod_security configuration file, then edit it and set the ‘SecRuleEngine’ option to On:

sudo cp /etc/modsecurity/modsecurity.conf{-recommended,}
sudo vi /etc/modsecurity/modsecurity.conf
SecRuleEngine On

Also, locate the line ‘SecResponseBodyAccess On’ and change it to:

SecResponseBodyAccess Off

It will disable response body inspection and save server resources.

The mod_security rules are available in the following directories:

/usr/share/modsecurity-crs/base_rules

/usr/share/modsecurity-crs/optional_rules

/usr/share/modsecurity-crs/experimental_rules

To enable all of the CRS base rules, create symbolic links using the following command:

sudo ln -s /usr/share/modsecurity-crs/base_rules/*.conf /usr/share/modsecurity-crs/activated_rules/

To enable the CRS optional and experimental rules files that you may want to use, create symbolic links under the ‘activated_rules’ directory location accordingly.

Alternatively, configure and enable the Open Web Application Security Project (OWASP) core rule set:

sudo apt-get install git
sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
sudo mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bak
sudo mv owasp-modsecurity-crs /usr/share/modsecurity-crs
sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

In both cases, we need to edit the /etc/apache2/mods-enabled/security2.conf file:

/etc/apache2/mods-enabled/security2.conf

Add these lines at the end:

IncludeOptional "/usr/share/modsecurity-crs/*.conf
IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf

For the changes to take effect, restart Apache with the command:

systemctl restart apache2

Check the /var/log/apache2/modsec_audit.log log file to find the rules that are being triggered by mod_security on your Apache web server. The error log is the same log file that is used by Apache to write error messages, normally stored at /var/log/apache2/error.log.
If you need more information and want to learn how to configure and use mod_security, read the official documentation.

Install the mod_evasive module using the following command:

apt-get install libapache2-mod-evasive

After installing, run this command:

sudo a2enmod evasive

Edit the mod-evasive.conf file and configure the mod_evasive module:

sudo vi /etc/apache2/mods-available/mod-evasive.conf
DOSHashTableSize 3097
DOSPageCount 10
DOSSiteCount 30
DOSPageInterval 1
DOSSiteInterval 3
DOSBlockingPeriod 3600
DOSLogDir /var/log/apache2/mod_evasive.log

Save and close that file.

For more details on the various configuration parameters, check the README file included with mod_evasive module.

Use the following command to check if the mod_evasive module is active and enabled:

evasive20_module (shared)

Create a log file for mod_evasive:

touch /var/log/apache2/mod_evasive.log

Run the following command to restart Apache:

systemctl restart apache2

That’s it. The mod_security and mod_evasive modules have been successfully installed on your Ubuntu VPS.

Conclusion

In order to harden and secure your Apache web server, it is a good idea to install and configure mod_security and mod_evasive modules on a Linux VPS with Ubuntu 16.04 OS installed.

 

0 Comments
Add a comment

Leave a Reply