How to Install ModSecurity with OWASP on VestaCP

shanjie · Post by **shanjie** » Sun Jan 31, 2016 3:27 am

Any guidelines on this?

Post by **tjebbeke** » Sun Jan 31, 2016 9:47 am

You can search on Google ...
You can look at this: http://www.servermom.org/how-to-install ... erver/844/

shanjie · Post by **shanjie** » Mon Feb 01, 2016 1:33 pm

If you follow exact the steps. You will end up having error on your existing website that ruining on vesta.

Mod_security is the fundamental and efficient way to prevent the current cms to get hacked and it's would be nice if its included in the current installation. Just like centos webpanel.

Post by **skurudo** » Mon Feb 01, 2016 1:49 pm

shanjie wrote:If you follow exact the steps. You will end up having error on your existing website that ruining on vesta.

I think it can be installed a different way:

Code: Select all

yum install mod_security

then

Code: Select all

nano /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

and add

Code: Select all

SecRuleEngine On

and service restart

Code: Select all

service httpd restart

shanjie wrote:Mod_security is the fundamental and efficient way to prevent the current cms to get hacked

Well, vulnerabilities must be addressed to сms, rest are crutches and rake.. ;-(

shanjie wrote:and it's would be nice if its included in the current installation. Just like centos webpanel.

If you think so, please add this idea to http://bugs.vestacp.com/

jonn · Post by **jonn** » Mon Feb 01, 2016 11:33 pm

I too will be trying my hand at installing mod security today, one my servers is being hit hard by a session fixation attack with nothing hosted on it yet, so I have a good testing ground. I am wondering though with a nginx + apache combo if installing it will it be effective seeing nginx is the front end it really should be compiled with nginx modsecurity options enabed standalone. But this is my first time attempting this, so trail and error here I think.

Vesta Control Panel - Forum