{"id":15026,"date":"2022-02-11T09:50:29","date_gmt":"2022-02-11T09:50:29","guid":{"rendered":"https:\/\/linuxways.net\/?p=15026"},"modified":"2022-02-11T09:50:29","modified_gmt":"2022-02-11T09:50:29","slug":"how-to-deploy-modsecurity-with-nginx-on-ubuntu-20-04-lts","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/ubuntu\/how-to-deploy-modsecurity-with-nginx-on-ubuntu-20-04-lts\/","title":{"rendered":"How to Deploy Modsecurity with Nginx on Ubuntu 20.04 LTS"},"content":{"rendered":"

ModSecurity<\/a> is a free, open-source Web Application Firewall supported by different web servers like Apache, IIS, and Nginx. It is deployed as an external security layer to protect web servers.<\/p>\n

In this tutorial, you will learn how to install ModSecurity firewall with pre-installed Nginx. We have used Ubuntu 20.04 server to demonstrate the process.<\/p>\n

Pre-requisites<\/h2>\n

Ubuntu 20.04 LTS server<\/a><\/p>\n

Nginx installed on Ubuntu server<\/p>\n

Installation Guide<\/h2>\n

If you don\u2019t have Nginx installed on your server, follow this guide to fulfill the Modsecurity installation requirement:<\/p>\n

https:\/\/linuxways.net\/ubuntu\/how-to-install-nginx-on-ubuntu-20-04-lts-using-source-code\/<\/a><\/p>\n

Now that you have installed Nginx, let\u2019s get started with installing ModSecurity.<\/p>\n

Step\u00a01: Install libmodsecurity3<\/h3>\n

First of all, install git on your machine so that you can clone the ModSecurity git repository. We can do it by running this command:<\/p>\n

sudo apt install git -y<\/pre>\n
<\/p>\n
Now that git is installed, clone the repository by running this command:<\/p>\n
git clone --depth 1 -b v3\/master --single-branch https:\/\/github.com\/SpiderLabs\/ModSecurity \/usr\/local\/src\/ModSecurity\/<\/pre>\n
<\/p>\n
Step 2: Go to the Modsecurity directory<\/h3>\n
Now that you have cloned the modsecurity git repository, go the modsecurity directory following the path below:<\/p>\n
cd \/usr\/local\/src\/ModSecurity\/<\/pre>\n
<\/p>\n
Step 3: Install libmodsecurity3 dependencies<\/h3>\n
Now that we are inside the Modsecurity directory, we will install libmodsecurity3 dependencies in this step. Run this command:<\/p>\n
sudo apt install gcc make build-essential autoconf automake libtool libcurl4-openssl-dev liblua5.3-dev libfuzzy-dev ssdeep gettext pkg-config libpcre3 libpcre3-dev libxml2 libxml2-dev libcurl4 libgeoip-dev libyajl-dev doxygen -y<\/pre>\n
<\/p>\n
Step 4: Install Git modules<\/h3>\n
Now, install git submodules with the help of this command:<\/p>\n
git submodule init<\/pre>\n
<\/p>\n
Next, we will update the submodules:<\/p>\n
git submodule update<\/pre>\n
<\/p>\n
Step 5: Build the modsecurity environment<\/h3>\n
It is time to build the modsecurity environment. To do that, run the following command:<\/p>\n
.\/build.sh<\/pre>\n
<\/p>\n
Now configure using this command:<\/p>\n
.\/configure<\/pre>\n
<\/p>\n
After this, you will get this error:<\/p>\n
<\/p>\n
It is okay to ignore this and move on.<\/p>\n
Step 6: Compile the modsecurity source code<\/h3>\n
Now we will compile the environment for libmodsecurity3 with this command:<\/p>\n
make<\/pre>\n
<\/p>\n
If you want to increase the speed of compiling, you can specify -j <number of cpu>. I have 4 CPUs and I am going to use all 4 to compile as shown below:<\/p>\n
make -j 4<\/pre>\n
<\/p>\n
Next, we will run the install command:<\/p>\n
sudo make install<\/pre>\n
<\/p>\n
The installation is done in the\u00a0\/usr\/local\/modsecurity\/<\/strong>.<\/p>\n
Step 7: Install modsecurity-nginx connector<\/pre>\n
In this step, we will install Modsecurity-nginx connector. It is the connection and communication point between Nginx and ModSecurity.<\/p>\n
First of all, we need to clone the connector repository. Do that by running this command:<\/p>\n
sudo git clone --depth 1 https:\/\/github.com\/SpiderLabs\/ModSecurity-nginx.git<\/pre>\n
\/usr\/local\/src\/ModSecurity-nginx\/<\/pre>\n
<\/p>\n
Step 8: Install modsecurity-nginx dependencies<\/h3>\n
First, go to Nginx source directory like this:<\/p>\n
cd \/usr\/local\/src\/nginx\/nginx-1.21.1<\/pre>\n
<\/p>\n
Make sure to replace the Nginx version in the command with your current Nginx version otherwise you will get an error.<\/p>\n
To install the necessary dependencies, run this command:<\/p>\n
sudo apt build-dep nginx && sudo apt install uuid-dev -y<\/pre>\n
<\/p>\n
Next, we will compile the Modsecurity-nginx connector module with the –with-compat flag by running this command:<\/p>\n
sudo .\/configure --with-compat --add-dynamic-module=\/usr\/local\/src\/ModSecurity-nginx<\/pre>\n
<\/p>\n
Now run this command to create the dynamic modules:<\/p>\n
sudo make modules<\/pre>\n
<\/p>\n
Now, copy the dynamic module you just created in the objs\/ngx_http_modsecurity_module.so to \/usr\/share\/nginx\/modules with the help of this command:<\/em><\/p>\n
sudo cp objs\/ngx_http_modsecurity_module.so \/usr\/share\/nginx\/modules\/<\/pre>\n
<\/p>\n
Step 9: Enable Modsecurity in Nginx configuration file<\/h3>\n
To enable Modsecurity in Nginx, you need to first specify the load-module and path to your modsecurity module in the configuration.<\/p>\n
Open Nginx configuration file with the nano editor like this:<\/p>\n
sudo nano \/etc\/nginx\/nginx.conf<\/pre>\n
<\/p>\n
In the file, add this line on the top:<\/p>\n
load_module modules\/ngx_http_modsecurity_module.so;<\/pre>\n
<\/p>\n
Under the HTTP {} section, add the following code lines:<\/p>\n
modsecurity on;<\/pre>\n
modsecurity_rules_file \/etc\/nginx\/modsec\/modsec-config.conf;<\/pre>\n
<\/p>\n
Step 10: Configure directory and files for modsecurity<\/h3>\n
Create a directory with the name modsec. The path of the directory is mentioned in the command:<\/p>\n
sudo mkdir \/etc\/nginx\/modsec\/<\/pre>\n
<\/p>\n
You will need this directory in the future to store configuration files and rules.<\/p>\n
Now, copy the sample Modsecurity configuration file from cloned git directory with this command:<\/p>\n
sudo cp \/usr\/local\/src\/ModSecurity\/modsecurity.conf-recommended \/etc\/nginx\/modsec\/modsecurity.conf<\/pre>\n
<\/p>\n
Now open the modsecurity configuration file:<\/p>\n
sudo nano \/etc\/nginx\/modsec\/modsecurity.conf<\/pre>\n
<\/p>\n
Locate the SecRuleEngine directive in the file on line 7 and change it to DetectionOnly like this:<\/p>\n
secruleEngine DetectionOnly<\/p>\n
<\/p>\n
To enable Modsecurity, find change the following directive to On like this:<\/p>\n
secRuleEngine on<\/pre>\n
<\/p>\n
Now locate the following directive on line 224:<\/p>\n
secAuditLogParts ABIJDEFHZ<\/pre>\n
<\/p>\n
Change it to:<\/p>\n
secAuditLogParts ABCDEFHJKZ<\/pre>\n
<\/p>\n
Now create modsec-config.conf file. Here you will add modsecurity.conf and other rules for modsecurity:<\/p>\n
sudo nano \/etc\/nginx\/modsec\/modsec-config.conf<\/pre>\n
<\/p>\n
Inside the file you just created, add this line:<\/p>\n
Include \/etc\/nginx\/modsec\/modsecurity.conf<\/pre>\n
<\/p>\n
Save the file and exit.<\/p>\n
Step 11: Copy unicode.mapping file<\/h3>\n
Finally, copy the Modsecurity\u2019s unicode.mapping file like this:<\/p>\n
sudo cp \/usr\/local\/src\/ModSecurity\/unicode.mapping \/etc\/nginx\/modsec\/<\/pre>\n
<\/p>\n
Step 12: Check Nginx configuration<\/h3>\n
Before restarting Nginx, check if the configuration is fine by running this command:<\/p>\n
sudo nginx -t<\/pre>\n
<\/p>\n
If you get the following output, you are good to go:<\/p>\n
<\/p>\n
Step 13: Reload Nginx<\/h3>\n
Now restart Nginx with this command:<\/p>\n
sudo systemctl restart nginx<\/pre>\n
<\/p>\n
In this guide, we saw how we can install Modsecurity on an ubuntu server that already has pre-installed Nginx on it. We also saw how to configure ModSecurity and Nginx to connect them with the help of a few easy-to-follow commands.<\/p>","protected":false},"excerpt":{"rendered":"
ModSecurity is a free, open-source Web Application Firewall supported by different web servers like Apache, IIS, and Nginx. It is deployed as an external security layer to protect…<\/p>","protected":false},"author":1,"featured_media":15115,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[902,149,100],"class_list":["post-15026","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-modsecurity","tag-nginx","tag-ubuntu-20-04"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/15026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=15026"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/15026\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/15115"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=15026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=15026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=15026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}