How to install latest mod-security on debian lenny (probably applicable to other debian based distributions), there are .debs available but they are out of date so you need to install it manually.

In my opinion no apache server should be without mod-security, it helps filter out a lot of potential security holes in software to help protect your webserver, this has saved me a number of times when running beta/old 
code like vhcs/ispcp or code like phpbb/wordpress/other popular web software.

More info on modsecurity here: http://www.modsecurity.org/

1. Install required packages:

<cli>

apt-get install libxml2-dev liblua5.1-0 lua5.1 apache2-dev
</cli>
2. Fetch the latest mod-security (2.5.4 from May 6)




<cli>
cd /tmp
wget http://www.modsecurity.org/download/modsecurity-apache_2.5.4.tar.gz
</cli>

3. Extract mod-security




<cli>
tar zxvf modsecurity-apache_2.5.4.tar.gz
</cli>
4. Enter mod-security directory



<cli>
cd modsecurity-apache_2.5.4/apache2/
</cli>
5. Build mod-security





<cli>
./configure && make && make install
If all is well mod-security should now be in /usr/lib/apache2/modules/ and called mod_security2.so
</cli>

6. Create the mod-security load file for apache to load it




<cli>
vi /etc/apache2/mods-available/mod-security2.load

and add the following lines:




LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua5.1.so.0
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so

and save it (ESC :wq)
</cli>
7. Enable the module to load with apache (unique_id is required for mod-security, it should come standard with apache)




<cli>
a2enmod mod-security2
a2enmod unique_id
</cli>
8. Tell apache where to load the mod-security config



<cli>
vi /etc/apache2/conf.d/mod-security2.conf

and add the following line:

</cli>


<cli>
Include /etc/modsecurity2/*.conf

and save it (ESC :wq)
</cli>
9. Create the mod-security directories and logs




<cli>
mkdir /etc/modsecurity2
mkdir /etc/modsecurity2/logs
touch /etc/modsecurity2/logs/modsec_audit.log
touch /etc/modsecurity2/logs/modsec_debug.log
</cli>

10. Copy the core rules into the mod-security dirs (more info on the core rules can be found on 
<cli>

http://www.modsecurity.org/projects/rules/index.html)
</cli>


<cli>
cp /tmp/modsecurity-apache_2.5.4/rules/*.conf /etc/modsecurity2
</cli>
11. Update the rules so the log locations are correct




<cli>
vi /etc/modsecurity2/modsecurity_crs_10_config.conf

Find SecDebugLog logs/modsec_debug.log

Replace with SecDebugLog /etc/modsecurity2/logs/modsec_debug.log

Find SecAuditLog logs/modsec_audit.log

Replace with SecAuditLog /etc/modsecurity2/logs/modsec_audit.log

and save it (ESC :wq)
</cli>
12. Check apache config is ok


<cli>
apache2ctl configtest

(should return Syntax OK)
</cli>
13. Restart apache




<cli>
/etc/init.d/apache2 restart
</cli>
14. Check mod-security2 is running


<cli>

cat /var/log/apache2/error.log | grep ModSecurity

[Thu Mar 27 14:56:58 2008] [notice] ModSecurity for Apache/2.5.4 (http://www.modsecurity.org/) configured.
</cli>
Done!

More info on mod-security http://www.modsecurity.org/

These instructions were taken from http://www.debianitalia.org/modules/wfse...icleid=161 and updated/fixed as needed. 

Copyright by hxbro
 --- //[[athen155@yahoo.de|ZooL.]] 2008/04/19 15:23//