ModSecurity is web application firewall to secure the http server . OWASP is the modsecurity rule set that protect trojan, web defacement etc.
Following is steps to install on Linux System (or example here is running on DirectAdmin)
# Install Prerequisite
# Run this if you are in directadmin, make sure libxml2 and limxslt is installed
cd /usr/local/directadmin/custombuild
./build update
./build versions
./build libxml2
./build libxslt
./build php n
# Install Related Library
yum -y install expat-devel
# For 64bit system
ln -s /usr/lib64/libxml2.so.2 /usr/lib/libxml2.so.2
# Prepare apache environment
perl -pi -e ’s/ServerTokens Major/ServerTokens Full/’ /etc/httpd/conf/extra/httpd-default.conf
perl -pi -e ’s/ServerSignature Off/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf
perl -pi -e ’s/ServerSignature EMail/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf
#Download ModSecurity for Apache
cd /root/
https://www.modsecurity.org/tarball/2.7.7/modsecurity-apache_2.7.7.tar.gz
#Unzip and Untar
tar -zxvf modsecurity-apache_2.7.7.tar.gz
#Compile ModSecurity
cd /root/modsecurity-apache_*.*.*
./configure
make
make test
make install
#Create Config Directory
mkdir /etc/modsecurity
#At source folder of modsecurity
cp modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
cp unicode.mapping /etc/modsecurity/
#Change ModSecurity Value
# vi /etc/modsecurity/modsecurity.conf
# SecRuleEngine On
# SecRequestBodyLimit 16384000
# SecRequestBodyInMemoryLimit 16384000
perl -pi -e ‘s/SecRuleEngine DetectionOnly/SecRuleEngine On/’ /etc/modsecurity/modsecurity.conf
perl -pi -e ‘s/SecRequestBodyLimit 13107200/SecRequestBodyLimit 16384000/’ /etc/modsecurity/modsecurity.conf
perl -pi -e ‘s/SecRequestBodyInMemoryLimit 131072/SecRequestBodyInMemoryLimit 16384000/’ /etc/modsecurity/modsecurity.conf
# create files /etc/httpd/conf/extra/httpd-modsecurity.conf
vi /etc/httpd/conf/extra/httpd-modsecurity.conf
#insert following
LoadModule security2_module /usr/lib/apache/mod_security2.so
Include /etc/modsecurity/modsecurity.conf
Include “/etc/modsecurity/activated_rules/*.conf”
# at /etc/httpd/conf/httpd.conf
vi /etc/httpd/conf/httpd.conf
Include conf/extra/httpd-modsecurity.conf
# Download ModSecurity Rules
cd /root/
wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master –no-check-certificate
# or replace master with ver num , like v2.2.5 if want older version
tar -zxvf SpiderLabs-owasp-modsecurity-crs.tar.gz
cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/
mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
cd /etc/modsecurity/base_rules
for f in * ; do ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done
cd /etc/modsecurity/optional_rules
for f in * ; do ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done
# Include thi if not done at above
# vi /etc/apache2/mods-available/mod-security.conf
# Include “/etc/modsecurity/activated_rules/*.conf”
service httpd restart
#make sure is running by see the log and no error
tail -f /var/log/modsec_audit.log
#Done