The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security?!

Discussion in 'Security' started by reporter, Nov 2, 2009.

  1. reporter

    reporter Active Member

    Joined:
    Jul 23, 2009
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    I Install ModSec From Cpanel Plugins But Its Version Is Very Old(1.9.1-2.6)
    :confused:
    How I Can Remove It Complate & Install New Version? 2.5.10
    :(
     
  2. stoo2000

    stoo2000 Active Member

    Joined:
    Jul 26, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Leicestershire, UK
    cPanel Access Level:
    Root Administrator
    Update to Apache 2.2x :)
     
  3. reporter

    reporter Active Member

    Joined:
    Jul 23, 2009
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    apache version is the latest!
    2.2.14:)
     
  4. stoo2000

    stoo2000 Active Member

    Joined:
    Jul 26, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Leicestershire, UK
    cPanel Access Level:
    Root Administrator
    There's some information here EasyApache mod_security Module

    As far as I'm aware 1.x version only work with Apache 1.3.x, and 2.x is used for apache 2.2.x
     
  5. stoo2000

    stoo2000 Active Member

    Joined:
    Jul 26, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Leicestershire, UK
    cPanel Access Level:
    Root Administrator
    Another note from EasyApache when you enable it.

    Mod Security [More Info ↑]
    v1.9.5 for Apache 1.3, v2.5.9 for Apache 2.x This option will make the following changes to your profile prior to the build:
     
  6. reporter

    reporter Active Member

    Joined:
    Jul 23, 2009
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    i did enable mod security in apache (easyapache)
     
  7. reporter

    reporter Active Member

    Joined:
    Jul 23, 2009
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    its ok but rules i think have problem!
    i try if i can't ok it come back...
    TnX:D
     
  8. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    The mod_security plug-in via WHM is deprecated and should not be used for new installations; it may only be kept for legacy users that have not yet migrated to mod_security installed by EasyApache.

    This information is indicated on the cPanel Plugins page in WHM:
    Code:
    Version: 1.9.1-2.6
    Description: mod_security Support !!BETA!! (This is deprecated. Use easyapache3 to install mod_security as it is now supported without having to use the addon interface in easyapache3)
    If the mod_security plug-in is installed as seen above, please uninstall it, then run EasyApache to compile a fresh mod_security install using the latest supported Apache version.

    Here is the menu path to check while making sure the mod_security plug-in is uninstalled/removed as a first step:
    WHM: Main >> cPanel >> Manage Plugins

    On the above page, simply click "Uninstall modsecurity" to proceed.

    Once the uninstall is completed, proceed to run EasyApache3 (EA3), as described below:

    Here is the command to run EasyApache via root SSH access:
    Code:
    # /scripts/easyapache
    Here is the menu path to run EasyApache via your root WHM control panel:
    WHM: Main >> Software >> EasyApache (Apache Update)

    For additional reference I recommend thoroughly reviewing our EasyApache documentation as noted below:
    Apache & cPanel/WHM
     
  9. egsi

    egsi Member

    Joined:
    Aug 12, 2009
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Does cPanel provide / auto update the default rules that come with mod_security when installed via EasyApache?

    I'm using the default rules however would like to use the GotRoot rules and was wondering if it is worth it. Or are the cPanel provided default rules sufficient (and updated)?

    Unfortunately the GotRoot wiki on how to install the GotRoot rules are bit lacking!:eek:
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    When you compile Apache and select to install modsecurity the suggested ruleset from cPanel is installed. If you look close they are tweaked a bit for cPanel, IIRC. They are not auto updated.

    You can add any additional rules you like and use an include in the modsec2.conf
    In that file right now you should see this line which calls those rules cPanel adds:
    Include "/usr/local/apache/conf/modsec2.user.conf"

    If you added a line similar to this just below:
    Include "/usr/local/apache/conf/myrules/*crs*.conf"
    And place your rules in that myrules directory with that naming convention (save and restart Apache) they will be used.
    An example added ruleset name: modsecurity_crs_42_comment_spam.conf

    This a very generalized comment to explain a bit. You should investigate further before adding your own rules.
    ModSecurity: Open Source Web Application Firewall - Documentation Some docs there for you as well.
     
    #10 Infopro, Nov 3, 2009
    Last edited: Nov 3, 2009
  11. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    To expand upon this example; I recommend using the mod_security user configuration file (e.g., "modsec2.user.conf") to setup additional Include entries; using this file will help ensure the changes are not easily overwritten if recompiling Apache for an upgrade. For Apache version 2.x, the path is exactly as Infopro detailed:
    Code:
    /usr/local/apache/conf/modsec2.user.conf
    In WHM, the following menu path can be used to access the configuration editor for the above file:
    WHM: Main >> Plugins >> Mod Security >> Edit Config

    On the Edit Config page, in addition to a large text area for editing the configuration file contents there are two options available for setting this file to the default rules we offer or resetting it to no configuration (empty):
    Reset configuration textarea to:
    (1) Default Configuration
    (2) No Configuration
    If one of the above two reset features are used, ensure to save the new contents once completed; there is a "Save Configuration" button at the bottom of the page.

    As mentioned in Infopro's message, to setup additional configuration files you'd need to setup a subdirectory within the Apache "conf" directory, then setup an Include entry in the mod_security user configuration file (e.g., "modsec2.user.conf") to load the new custom files, such as what may be obtained from sites that compile sets of rules for public distribution. While the mod_security user configuration file can be edited via WHM, if additional files in a sub-directory are needed to be included they would need to be setup manually via root SSH access.

    For additional clarification, I recommend thoroughly reviewing the following documentation (that was posted earlier in the thread too):
    EasyApache mod_security Module
     
  12. egsi

    egsi Member

    Joined:
    Aug 12, 2009
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the replies guys. Looks pretty straight forward and will try it out!
     
  13. basic

    basic Active Member

    Joined:
    Nov 10, 2004
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Hello All:

    We use "Mod Security" for several years now, but have not updated our rules for some time ... that is quite some science!!

    I would VERY MUCH appreciate if someone could post here his/her ruleset for a server with a **shared** hosting setup (typical ruleset that would work for a typical hosting company server -- not too strict, in other words). Anything that has proven to work out. That would be great. Thanks.

    John
     
  14. egsi

    egsi Member

    Joined:
    Aug 12, 2009
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    It really does depend on what applications your clients are running. I would suggest running it in debug / error logging mode and then take it from there. Of course during this time you will have no Web Application Firewall.

    Other option is to just include the rules one at a time (say trial it over a week) instead of using all the new rules at once. To do so just follow the steps above.
     
  15. basic

    basic Active Member

    Joined:
    Nov 10, 2004
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    yes, yes, yes ... however, but ... as I mentioned, a ruleset for a typical hosting server for shared hosting, where you have 300+ domains on it. There is no way to "customize" that the way you suggest. What we are looking for is a something other hosts are using, have been using for some time on their shared servers.

    Thanks.
     
    #15 basic, Nov 18, 2009
    Last edited: Nov 18, 2009
  16. egsi

    egsi Member

    Joined:
    Aug 12, 2009
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Can't help you there then sorry. For what you are after you'll have to find someone who has spend the time going through the various rules to hand them over to you.
     
Loading...

Share This Page