To install the latest version of ModSecurity on OpenStack controllers with Ubuntu 14.04, follow the steps:
Install required packages:
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install --yes libyajl-dev libxml2 libxml2-dev
liblua5.1 apache2-prefork-dev git
Enable unique_id for Apache that adds a magic token to each request to
guarantee it is unique. The environment variable UNIQUE_ID is set to the
identifier for each request.
sudo a2enmod unique_id
sudo service apache2 restart
Download ModSecurity and compile it with JSON support required for the OpenStack Identity service and other JSON-based APIs.
cd ~
wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
tar xvzf modsecurity-2.9.1.tar.gz
cd modsecurity-2.9.1/
./configure --with-yajl="/usr/lib/x86_64-linux-gnu /usr/include/yajl"
sudo make
sudo make install
Create module configuration files
sudo touch /etc/apache2/mods-available/security2.conf
echo -e "<IfModule security2_module>\n\tSecDataDir
/var/cache/modsecurity\n\tIncludeOptional /etc/modsecurity/
.conf\n</IfModule>" >
/etc/apache2/mods-available/security2.conf
sudo touch /etc/apache2/mods-available/security2.load
echo -e "LoadFile libxml2.so.2\nLoadModule security2_module
/usr/lib/apache2/modules/mod_security2.so" >
/etc/apache2/mods-available/security2.load
mkdir -p /etc/modsecurity
sudo cp modsecurity.conf-recommended unicode.mapping /etc/modsecurity/
sudo mv /etc/modsecurity/modsecurity.conf{-recommended,}
Enable modsecurity module:
sudo a2enmod security2
sudo service apache2 restart
Turn on the ModSecurity engine with base rules for all sites on the given host.
Note
Verify that sites are not blocked by the rules due to the false positives. Test this before deploying to production.
sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/'
/etc/modsecurity/modsecurity.conf