Build ModSecurity from source
at 2016-07-03 17:47:00.
before we start, you need to have your apache source and arp module downloaded.
git clone git://github.com/SpiderLabs/ModSecurity.git
./autogen.sh
./configure --with-apxs=/usr/local/apache2/bin/apxs --with-apr=/root/httpd-2.4.18/srclib/apr/ --with-apu=/root/httpd-2.4.18/srclib/apr-util/ --with-lua=/usr/lib/x86_64-linux-gnu/pkgconfig/
make
make install
and now we will install the owasp recommended settings.
wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
mv master master.tar.gz
rm master.tar.gz
cp -R SpiderLabs-owasp-modsecurity-crs-60c8bc9/ /usr/local/apache2/conf/crs/
cd /usr/local/apache2/conf/crs/
mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
ln -s /usr/local/apache2/conf/crs/modsecurity_crs_10_setup.conf activated_rules/
for f in `ls base_rules/` ; do ln -s /usr/local/apache2/conf/crs/base_rules/$f activated_rules/$f ; done
for f in `ls optional_rules/` ; do ln -s /usr/local/apache2/conf/crs/optional_rules/$f activated_rules/$f ; done
mkdir /etc/modsec
cd
cp modsecurity.conf-recommended /etc/modsec/modsecurity.conf
cp unicode.mapping /etc/modsec/
nano /etc/modsec/whitelist.conf
add the following to your httpd.conf file
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
Include /etc/modsec/modsecurity.conf
Include conf/crs/activated_rules/*.conf
Include /etc/modsec/whitelist.conf
SecRule ARGS "mod_security_test" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access'"
</IfModule>