UbuntuUbuntu Based

How To Install ModSecurity with Nginx on Ubuntu 22.04 LTS

Install ModSecurity with Nginx on Ubuntu 22.04

In this tutorial, we will show you how to install ModSecurity with Nginx on Ubuntu 22.04 LTS. For those of you who didn’t know, ModSecurity is a free and open-source Web Application Firewall (WAF) that protects your website from several types of attacks, including cross-site scripting (XSS), SQL injection, session hijacking, and many more. It also allows for HTTP traffic monitoring, logging, and real-time analysis. ModSecurity was created as a module for the Apache HTTP Server. However, since its early days, the WAF has grown and now covers an array of HyperText Transfer Protocol request and response filtering capabilities for various platforms such as Microsoft IIS, Nginx, and Apache.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of ModSecurity 3 with Nginx on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install ModSecurity with Nginx on Ubuntu 22.04 LTS Jammy Jellyfish

Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.

sudo apt update
sudo apt upgrade
sudo apt install wget apt-transport-https gnupg2 software-properties-common
sudo apt install g++ flex bison curl apache2-dev doxygen libyajl-dev ssdeep liblua5.2-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev git liblmdb-dev libpkgconf3 lmdb-doc pkgconf zlib1g-dev libssl-dev

Step 2. Installing ModSecurity on Ubuntu 22.04.

By default, ModSecurity is available on Ubuntu 22.04 base repository. Now run the following command below to download the latest version of ModSecurity with the following command:

wget https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecurity-v3.0.8.tar.gz

Next, extract the downloaded file:

tar -xvzf modsecurity-v3.0.8.tar.gz

After that, we change to the extracted directory and configure it with the following command below:

cd modsecurity-v3.0.8
./build.sh
./configure
make
make install

Step 3. Installing Nginx with ModSecurity Support.

Now we download the ModSecurity-Nginx connector from GitHub using the following command:

cd ~
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git

Next, download the Nginx from the official source using the following command:

wget https://nginx.org/download/nginx-1.20.2.tar.gz

Then, extract the Nginx source with the following command:

tar xzf nginx-1.20.2.tar.gz

Also, create a user for Nginx with the following command:

useradd -r -M -s /sbin/nologin -d /usr/local/nginx nginx

After that, change the directory to the Nginx source and configure it:

cd nginx-1.20.2
./configure --user=nginx --group=nginx --with-pcre-jit --with-debug --with-compat --with-http_ssl_module --with-http_realip_module --add-dynamic-module=/root/ModSecurity-nginx --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log

Once is done, install it with the following command:

make
make modules
make install

Finally, create a symbolic link of Nginx with the following command:

ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

Verify the Nginx version using the following command:

nginx -V

Output:

nginx version: nginx/1.20.2
built by gcc 11.2.3 (Ubuntu 11.2.2-19ubuntu1) 
built with OpenSSL 3.0.2 20 May 2022
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --with-pcre-jit --with-debug --with-compat --with-http_ssl_module --with-http_realip_module --add-dynamic-module=/root/ModSecurity-nginx --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log

For additional resources on installing and managing Nginx, read the post below:

Step 4. Configure Nginx with ModSecurity.

First, copy the sample configuration files with the following command:

cp ~/modsecurity-v3.0.8/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf
cp ~/modsecurity-v3.0.8/unicode.mapping /usr/local/nginx/conf/

In addition, backup the Nginx configuration file:

cp /usr/local/nginx/conf/nginx.conf{,.bak}

Next, edit the Nginx configuration file:

nano /usr/local/nginx/conf/nginx.conf

Add the following lines:

load_module modules/ngx_http_modsecurity_module.so;
user  nginx;
worker_processes  1;
pid        /run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  nginx.your-domain.com;
        modsecurity  on;
        modsecurity_rules_file  /usr/local/nginx/conf/modsecurity.conf;
        access_log  /var/log/nginx/access_your-domain.log;
        error_log  /var/log/nginx/error_your-domain.log;
        location / {
            root   html;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

Save and close the file, then enable the ModSecurity with the following command:

sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /usr/local/nginx/conf/modsecurity.conf

Step 4. Installing OWASP ModSecurity Rules.

Now we download the latest ModSecurity Core Rule Set (CRS) from the Open Web Application Security Project (OWASP):

cd
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/local/nginx/conf/owasp-crs

Next, rename crs-setup.conf.example to crs-setup.conf file:

cp /usr/local/nginx/conf/owasp-crs/crs-setup.conf{.example,}

Then, define the rules with the following command:

echo -e "Include owasp-crs/crs-setup.conf
Include owasp-crs/rules/*.conf" >> /usr/local/nginx/conf/modsecurity.conf

Step 5. Create Systemd Service File for Nginx.

Now create a systemd service file to manage the Nginx service:

nano /etc/systemd/system/nginx.service

Add the following lines:

[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed

[Install]
WantedBy=multi-user.target

Save and close the file, then reload the systemd daemon to apply the changes:

sudo systemctl daemon-reload
sudo systemctl start nginx
sudo systemctl enable nginx

Step 6. Verify ModSecurity on Nginx

Once successfully installed and setup, It’s time to test it. Run the following command to test the Modsecurity against command injection:

curl localhost?doc=/bin/ls

If everything is fine, you will get the “403 Forbidden” massage.

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.20.2</center>
</body>
</html>

Congratulations! You have successfully installed ModSecurity. Thanks for using this tutorial for installing ModSecurity with Nginx on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official ModSecurity website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button