Contents
Need an expert to help you with
" How to Install mod_security and mod_evasive on Ubuntu 16.04" ?

Get Help

How to Install mod_security and mod_evasive on Ubuntu 16.04

Install mod_security and mod_evasive on Ubuntu 16.04
Install mod_security and mod_evasive on Ubuntu 16.04
    Want to learn how to   Install mod_security and mod_evasive on Ubuntu 16.04! Apache is a very popular web server, and with that popularity comes a need to ensure its security. In this tutorial, we will show you how to harden and secure the Apache web server by installing and configuring the mod_security and mod_evasive Apache modules. I have talked about the ModSecurity and  ubuntu earlier, the details of which you can read in these articles:
  1. How to run a Cron Job
  2. How to Install Virtual Environment on Ubuntu 16.04

Mod_security

Mod_security is a free web application firewall (WAF) Apache module that helps to protect your website from various attacks, such as PHP and SQL injection attacks, cross-site scripting, path traversal attacks, etc. Also, it allows for real-time analysis and HTTP traffic monitoring with little or no changes to existing Apache configurations.

Install mod_security and mod_evasive on Ubuntu 16.04

Mod_evasive is an Apache module that helps to prevent server brute force attacks and HTTP DoS (DDoS) attacks.  

Login via SSH and update the system

To begin, log in to your Ubuntu 16.04 VPS via SSH as root user:
ssh [email protected]_Address -p Port_number
Make sure that all OS packages are up to date by running the following command-line commands:
apt-get update
apt-get upgrade
You can also enable automatic updates on your VPS.

Prerequisites

The mod_security and mod_evasive Apache modules have several requirements that we have to install on the server in order to run them. We need to have the Apache server installed and running with the mod_headers module enabled. Install Apache, enable it to start on boot, and start the Apache service:
sudo apt-get install apache2 -y
sudo systemctl enable apache2.service
sudo systemctl start apache2.service
Then, enable the mod_headers module using the following command:
sudo a2enmod headers
Installation of the mod_security module is quite simple. Run the following command:
apt-get install libapache2-modsecurity
After installing, run the following command to enable the mod_security Apache module:
sudo a2enmod security2
We can check if the mod_security module is active and enabled using the following command:
apachectl -M | grep security
If you see the following output:
security2_module (shared)
this means that the mod_security module is enabled. There are no security rules configured by default, so we need to enable the mod_security rules. In order to do so, copy the recommended mod_security configuration file, then edit it and set the ‘SecRuleEngine’ option to On:
sudo cp /etc/modsecurity/modsecurity.conf{-recommended,}
sudo vi /etc/modsecurity/modsecurity.conf
SecRuleEngine On
Also, locate the line ‘SecResponseBodyAccess On’ and change it to:
SecResponseBodyAccess Off
It will disable response body inspection and save server resources. The mod_security rules are available in the following directories:
/usr/share/modsecurity-crs/base_rules

/usr/share/modsecurity-crs/optional_rules

/usr/share/modsecurity-crs/experimental_rules
To enable all of the CRS base rules, create symbolic links using the following command:
sudo ln -s /usr/share/modsecurity-crs/base_rules/*.conf /usr/share/modsecurity-crs/activated_rules/
To enable the CRS optional and experimental rules files that you may want to use, create symbolic links under the ‘activated_rules’ directory location accordingly. Alternatively, configure and enable the Open Web Application Security Project (OWASP) core rule set:
sudo apt-get install git
sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
sudo mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bak
sudo mv owasp-modsecurity-crs /usr/share/modsecurity-crs
sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
In both cases, we need to edit the /etc/apache2/mods-enabled/security2.conf file:
/etc/apache2/mods-enabled/security2.conf
Add these lines at the end:
IncludeOptional "/usr/share/modsecurity-crs/*.conf
IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf
For the changes to take effect, restart Apache with the command:
systemctl restart apache2
Check the /var/log/apache2/modsec_audit.log log file to find the rules that are being triggered by mod_security on your Apache web server. The error log is the same log file that is used by Apache to write error messages, normally stored at /var/log/apache2/error.log. If you need more information and want to learn how to configure and use mod_security, read the official documentation. Install the mod_evasive module using the following command:
apt-get install libapache2-mod-evasive
After installing, run this command:
sudo a2enmod evasive
Edit the mod-evasive.conf file and configure the mod_evasive module:
sudo vi /etc/apache2/mods-available/mod-evasive.conf
DOSHashTableSize 3097
DOSPageCount 10
DOSSiteCount 30
DOSPageInterval 1
DOSSiteInterval 3
DOSBlockingPeriod 3600
DOSLogDir /var/log/apache2/mod_evasive.log
Save and close that file. For more details on the various configuration parameters, check the README file included with mod_evasive module. Use the following command to check if the mod_evasive module is active and enabled: evasive20_module (shared) Create a log file for mod_evasive:
touch /var/log/apache2/mod_evasive.log
Run the following command to restart Apache:
systemctl restart apache2
That’s it. The mod_security and mod_evasive modules have been successfully installed on your Ubuntu VPS.

Conclusion

In order to harden and secure your Apache web server, it is a good idea to install and configure mod_security and mod_evasive modules on a Linux VPS with Ubuntu 16.04 OS installed.  
0 Comments
Add a comment
Login for Comment