The server in question is a cPanel server. ModSecurity is installed (via
EasyApache) and it is using default cPanel rules for mod_security; which are
found via WHM>Plugins>Mod Security Edit Config tool and correlate to the
file modsec2.user.conf
I installed the core ruleset (all subfolders/files such as base_rules,
activated_rules, etc) distributed by OWASP to
/usr/local/apache/conf/modsec_crs/
I copied the modsecurity_crs_10_setup.conf.example to
modsecurity_crs_10_setup.conf.
However I'm now a bit confused by what appears to be the lack of clear
instructions.
It says to create the symlinks then to add the following to
/etc/httpd/conf/httpd.conf or in my case usr/local/apache/conf/httpd.conf (I
think):
Code (changed from conf/crs to conf/modsec_crs):
<IfModule security2_module>
Include conf/modsec_crs/modsecurity_crs_10_setup.conf
Include conf/modsec_crs/activated_rules/*.conf
</IfModule>
Finish by restarting Apache.
However, what about the original default cPanel rules that are found in the
modsec2.user.conf file? Should all the entries in there be deleted. If I
don't do anything about that file will the rules in it conflict with these
OWASP rules? Should the contents of the modsecurity_crs_10_setup.conf be
instead copied into the modsec2.user.conf file?
The reason for asking is that I was reading the following and it seemed
quite a bit different than the OWASP install instructions (mind you it
references the Atomicorp rules) but they use the modsec2.user.conf:
http://www.webhostingtalk.com/showpost.php?p=8368162
<http://www.webhostingtalk.com/showpost.php?p=8368162&postcount=8>
&postcount=8. I've also seen reference to using a similar method for the
GotRoot rules: http://puntapirata.com/How-to-Install-ModSec-Rules.php
After restarting Apache how can we check if the rules are in effect? There
isn't a SecRuleEngine in the crs_10 config but it is ON in the mod_sec
config file. Will there be any indication in WHM that the rules are in
effect?
Additionally since I had to create the modsec_rules folder do I need to set
any permissions on that folder?
Any help would be appreciated.
Thanks.
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
