Need some mod_security installation help!

I’m not a server novice, but when it comes right down to it, I’m still a Windows Server admin in a Linux world.

The syntax of mod_sec isn’t the hard part for me – installing it is.

I’m confused by how OWASP, Atomic, and Comodo all seem to have different folders and filenames. It’s never made sense. (It seems to me that mod_sec is an old-fashioned way of doing things. Like 1980s or older! It’s not a database, or even a single config file, but rather countless single-purpose flat files in a maze of directories.)

Installers seem to mostly automate this — but you are subjected to it when editing the rules.

Is it simply a matter of different structure instructions in the httpd.conf? Is that all it is?

cPanel appears to make a fairly dummy-friendly GUI plugin, which I’ve installed. I added the default/base rules, and right away ran into issues with it conflicting with common WordPress jQuery. I’ve read that the rules are outdated, but find that hard to believe if it was from a 11.44.x install. (Then again, it is cPanel. Sigh. That panel is a mess.)

If I add rules in the cPanel GUI plugin, will it automatically create the proper rules/flat files? I just need to test this on my dev VPS.

Also, how to remove the rules installed by cPanel, to install the Comodo rules?
Do I ‘rm -rf’ the folders for the older mod_sec rules (location unknown right now), and redo it with the new ones. (I don’t remember if mod_sec itself left folders for rules, or just installed the service. I installed mod_sec long ago, via EasyApache, but just never used it.)

What always got me was the downloads were always just a mass of files (see attached image), with no real instructions on what went where. The documentation at the time (last time I tried last year) was horrible. I think the Comodo docs and posts may finally help with this. When WAF first came out, it wasn’t very user friendly, so I’ve waited.

[attachment deleted by admin]

Hi

Yes, you’re right. The configuration of mod_security is rather ancient. It because of way good ole Apache get it’s configs. Plain text files only. It old-fashioned, it strange, but it’s works! :slight_smile:
There is no common way to write mod_security rules, and trying to order their files somehow rule-writers use all possible kind of folders and filesets. It’s not the different structure instructions in the httpd.conf

Default cPanel installation created /usr/local/apache/conf/modsec2.conf as mod_security config. Take a look in it. At the bottom you’ll find two Include directives.
Include “/usr/local/apache/conf/modsec2.user.conf” - contain all rules added through GUI plugin
Include “/usr/local/apache/conf/modsec2.cpanel.conf” - empty now
(Some additional info about mod_security for cPanel: Apache Module: ModSecurity - EasyApache - cPanel Documentation)

Frankly you don’t need to remove rules installed by cPanel, to install COMODO rules. COMODO installer over-write /usr/local/apache/conf/modsec2.conf so it will point to COMODO rules.
But if you like clean system there is steps:

  • Uninstall GUI Plugin:
/usr/local/cpanel/bin/unregister_appconfig /var/cpanel/apps/modsec.conf
  • Delete Rules:
rm /usr/local/apache/conf/modsec2.user.conf
rm /usr/local/apache/conf/modsec2.cpanel.conf
  • Do not forget to comment Include lines at the bottom of /usr/local/apache/conf/modsec2.conf with #
    Otherwise Apache will not start because of errors in config file. It’s always good to check Apache syntax before restart.
/usr/local/apache/bin/apachectl -t

To install COMODO WAF download latest installer:

# wget https://waf.comodo.com/cpanel/cwaf_client_install.sh

And run it from root shell:

# bash cwaf_client_install.sh

Follow installation instructions. Plugin will be installed to /var/cpanel/cwaf folder. /var/cpanel/cwaf/scripts will contain some useful scripts.

  • uninstall_cwaf.sh - COMODO WAF uninstaller.
  • updater.pl - command-line utility to update rules (called from cPanel plugin)
  • update-client.pl - command-line utility to update CWAF plugin (called from cPanel plugin)

After successful installation there will be “Comodo WAF” entry in WHM’s “Plugins”.
To download and install latest COMODO rules just press “Rules 1.XX is available” button at plugin’s “Main” tab.
Rules will be downloaded and installed automatically.