Steps to Enable mod_security (mod_security2) in Hardy

Ubuntu Linux Hardy does not have a precompliled apt-get package for mod-security. So here is how to do this manually.

Stop Apache

/etc/init.d/apache2 stop

Enable UNIQUE_ID module

a2enmod unique_id

If you don't have a2enmod use these two steps:

cd /etc/apache2/mods-enabled
ln -s ../mods-available/unique_id.load unique_id.load

Need to install quite a few stuff!

apt-get install libapr1
apt-get install libaprutil1
apt-get install liblua5.1-0
apt-get install apache2-threaded-dev
apt-get install libxml2
apt-get install libxml2-dev

Download and compile mod security

Go to modsecurity Open Source Web Application Firewall

  • Download modsecurity-apache_2.5.12 and extract to any directory and
  • cd into that directory
  • cd apache2
  • ./configure
  • make
  • make test
  • make install

[Note the location where file was created. It is usually at /usr/lib/apache2/modules/]

[Typical output]

root@ub1:~/temp_files/ms/modsecurity-apache_2.5.12/apache2# make install
build/apxs-wrapper -i
/usr/share/apache2/build/ SH_LIBTOOL='/usr/share/apr-1.0/build/libtool' /usr/lib/apache2/modules
/usr/share/apr-1.0/build/libtool --mode=install cp /usr/lib/apache2/modules/
cp .libs/ /usr/lib/apache2/modules/
cp .libs/mod_security2.lai /usr/lib/apache2/modules/
PATH="$PATH:/sbin" ldconfig -n /usr/lib/apache2/modules
Libraries have been installed in:

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and manual pages.
chmod 644 /usr/lib/apache2/modules/
  • cd /etc/apache2/mods-available
  • Create file mod_security2.load as
LoadModule security2_module /usr/lib/apache2/modules/

Enable mod_security

a2enmod mod_security2

Enable ModSecurity Core Rule Set Project

This is a free predefined rule set for mod_security. Here are the steps:

  • mkdir /etc/apache2/mod-security2
  • cd /etc/apache2/mod-security2
  • Extract downloaded zip file (into the current folder)
  • Create file /etc/apache2/conf.d/mod_security2.conf as:
<IfModule security2_module>
     Include /etc/apache2/mod-security2/modsecurity_crs_10_config.conf
     Include /etc/apache2/mod-security2/base_rules/*.conf

All done, start Apache!

/etc/init.d/apache2 start

To Disable

a2dismod mod_security2
/etc/init.d/apache2 force-reload

QR Code
QR Code tech:apache:enabling_mod_security (generated for current page)