Hi all,

I use Ubuntu 14.04 x64 and I have followed the following procedure found on this link ( http://blog.mattbrock.co.uk/hardening-t ... ver-14-04/ ) to install mod_security on my server:


sudo apt-get install libapache2-mod-security2
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo nano /etc/modsecurity/modsecurity.conf

Make the following options so:
SecRuleEngine On
SecRequestBodyLimit 50000000
SecRequestBodyInMemoryLimit 50000000

cd /tmp
sudo wget https://github.com/SpiderLabs/owasp-mod ... master.zip
sudo apt-get install zip
sudo unzip master.zip
sudo cp -r owasp-modsecurity-crs-master/* /etc/modsecurity/

sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf

sudo ls /etc/modsecurity/base_rules | xargs -I {} sudo ln -s /etc/modsecurity/base_rules/{} /etc/modsecurity/activated_rules/{}

sudo ls /etc/modsecurity/optional_rules | xargs -I {} sudo ln -s /etc/modsecurity/optional_rules/{} /etc/modsecurity/activated_rules/{}

sudo nano /etc/apache2/mods-available/security2.conf
add the following line near the end, just before </IfModule>:
Include "/etc/modsecurity/activated_rules/*.conf"

sudo service apache2 restart
sudo rm -rfv /tmp/*

sudo apt-get install libapache2-mod-evasive
sudo mkdir /var/log/mod_evasive
sudo chown www-data:www-data /var/log/mod_evasive
sudo nano /etc/apache2/mods-available/evasive.conf

Make it so:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

DOSEmailNotify my_emailaddress@gmail.com
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSLogDir "/var/log/mod_evasive"
</IfModule>

sudo ln -s /etc/apache2/mods-available/evasive.conf /etc/apache2/mods-enabled/evasive.conf
sudo service apache2 restart
sudo apt-get install rkhunter chkrootkit

sudo nano etc/chkrootkit.conf
RUN_DAILY="true"
RUN_DAILY_OPTS=""

sudo nano /etc/default/rkhunter
CRON_DAILY_RUN="true"
CRON_DB_UPDATE="true"

sudo mv /etc/cron.weekly/rkhunter /etc/cron.weekly/rkhunter_update
sudo mv /etc/cron.daily/rkhunter /etc/cron.weekly/rkhunter_run
sudo mv /etc/cron.daily/chkrootkit /etc/cron.weekly/

sudo apt-get install logwatch
sudo mv /etc/cron.daily/00logwatch /etc/cron.weekly/
sudo nano /etc/cron.weekly/00logwatch
/usr/sbin/logwatch --output mail --range 'between -7 days and -1 days'

sudo apt-get install acct
sudo touch /var/log/wtmp

sudo a2enmod modsecurity
sudo /etc/init.d/apache2 force-reload



However when I execute: sudo a2enmod modsecurity

lupocatttivo@octane:~$ sudo a2enmod modsecurity
ERROR: Module modsecurity does not exist!


I even tried this:
lupocatttivo@octane:~$ sudo apt-get install libapache2-mod-security2
Reading package lists... Done
Building dependency tree
Reading state information... Done
libapache2-mod-security2 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


Any help will be appreciated.

Thanks in advance.

sudo a2enmod modsecurity

a2enmod creates a symbolic link in /mods-enabled that points to the file in /mods-available. If modsecurity is not in /mods-available then a2enmod won't work. You can:
- create a symbolic link yourself in /mods-enabled that points to where the modsecurity.conf file is.
- move the modsecurity.conf file in to /mods-available and use a2enmod.


MSJ

thanks