how can I update mod_security?

ddaas

Member
Feb 28, 2006
8
0
151
Germany
Hi,
I'm using cpanel on FC4.
I tried to add the mod_security rules from www.gotroot.com. Anyway, some rules are not supported (invalid regular expression and other kind of errors). This could be from perl, apache , or mod_security module.
I found out that I am using Installed Version: 1.8.7-1.00RC2 and 1.9 is already out there.
My question is: how can I upgrade to 1.9? I could compile it by hand but I don't want to create incompatibilities with cpanel. That’s why I want to use whm to updated mod_security. The check box "install and keep updated" is checked.

Thanks
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
ddaas said:
My question is: how can I upgrade to 1.9? I could compile it by hand but I don't want to create incompatibilities with cpanel. That’s why I want to use whm to updated mod_security. The check box "install and keep updated" is checked.
Mod Security and related rules found in the WHM are good enough. you don't need to install another copy of Mod Security by hand, if you've enabled it in the WHM.
 

ddaas

Member
Feb 28, 2006
8
0
151
Germany
I don't think they are enough because there are zero-day vulnerabilities, new sql injections in different applications and so on with could be stopped using mod_security.
For example good rules are at www.gotroot.com
 

ramprage

Well-Known Member
Jul 21, 2002
651
0
166
Canada
The version off the mod_security site is fully compatible with Cpanel if you compile it manually. You can add whatever rules you want afterwards to it. Very easy to install.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
I'd agree, building it by hand is as simple as following the instructions in the tarball and I'd also agree that the minimal WHM configuration is quite poor and you should do some investigation on these boards for a much better and relevant set of filters.
 

dave9000

Well-Known Member
Apr 7, 2003
888
1
168
arkansas
cPanel Access Level
Root Administrator
one thing you have to pay attention to is when you start adding a big ruleset like the ones at gotroot.com is that you do not break legit programs and scripts that your customers are running.

We usually pick and choose rule sets based on the scripts,applications we have running. The default cpanel ruleset is a bit weak but the complete ruleset at gotroot.com is a bit too complex for most servers needs.