Installing ModSecurity 2.9.1 on CentOS 7.2 with Apache

Below I'm sharing some notes on modsecurity installation on my CentOS 7.2 server with apache.

Where to get ModSecurity

I got it from ModSecurity github page and to be precise from here.

wget https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.1/modsecurity-2.9.1.tar.gz

and upack:

tar -zxvf modsecurity-2.9.1.tar.gz -C .

Wiki on github is suggesting to run autogen.sh first.

I had to install this packages first:

yum install autoconf automake libtool

It also installed gcc as a dependency and I was able to run autogen.sh.

I had to install this packages to run: ./configure

yum install libcurl libcurl-devel httpd-devel pcre pcre-devel libxml2-devel libxml2

apr packages where installed as dependecies.

And I was able to run:

./configure

Then:

make

and

make install

After that I got my modsecurity module in the right place:

# ls -al /usr/lib64/httpd/modules/mod_security2.so
-r-xr-xr-x. 1 root root 2421149 03-17 22:30 /usr/lib64/httpd/modules/mod_security2.so

To get it enabled (it runs as a apache module) I've created a file in:

/etc/httpd/conf.modules.d/00-modsec.conf

and added this line:

LoadModule security2_module modules/mod_security2.so

in it and restarted httpd service.

This is an example output in httpd error_log just after restarting httpd service:

[Thu Mar 17 22:42:59.400335 2016] [:notice] [pid 54933] ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/) configured.
[Thu Mar 17 22:42:59.400343 2016] [:notice] [pid 54933] ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8"
[Thu Mar 17 22:42:59.400348 2016] [:notice] [pid 54933] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Thu Mar 17 22:42:59.400352 2016] [:notice] [pid 54933] ModSecurity: LIBXML compiled version="2.9.1"
[Thu Mar 17 22:42:59.400354 2016] [:notice] [pid 54933] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.

The last entry is saying that the engine is disabled. I'll work on getting it on later :)