Install Nginx with Modsecurity 3 + OWASP CRS on Ubuntu 22.04

henri_sekeladi

Henri Sekeladi

Posted on May 28, 2024

Install Nginx with Modsecurity 3 + OWASP CRS on Ubuntu 22.04

Update Package & Install Libraries

First, update the package and install some libraries that we need on ubuntu server 22.04.

sudo apt update && sudo apt upgrade

Install libraries that needed for our installation process from source of modsecurity 3.

sudo apt install gcc make build-essential autoconf automake libtool libcurl4-openssl-dev liblua5.3-dev libfuzzy-dev ssdeep gettext pkg-config libgeoip-dev libyajl-dev doxygen libpcre++-dev libpcre2-16-0 libpcre2-dev libpcre2-posix3 zlib1g zlib1g-dev -y

Install Modsecurity

Next, we will install modsecurity from source.

cd /opt && sudo git clone https://github.com/owasp-modsecurity/ModSecurity.git
cd ModSecurity

sudo git submodule init
sudo git submodule update

sudo ./build.sh
sudo ./configure

sudo make
sudo make install
Enter fullscreen mode Exit fullscreen mode

If we success with this installation, we make big move. go on.

Download Modsecurity-nginx Connector

Next, we download modsecurity nginx connector, we will use this later on.

cd /opt && sudo git clone https://github.com/owasp-modsecurity/ModSecurity-nginx.git

Install Nginx with latest from Ondrej PPA

Ok, we will install nginx from ondrej ppa, we got the latest version of nginx.

First, we need to add repository from ondrej and update our package.

sudo add-apt-repository ppa:ondrej/nginx -y
sudo apt update
sudo apt install nginx -y
Enter fullscreen mode Exit fullscreen mode

We can enable with systemctl to start nginx when our server up

sudo systemctl enable nginx
sudo systemctl status nginx
Enter fullscreen mode Exit fullscreen mode

We also need to check our nginx version, to match our nginx build manual later on.

sudo nginx -v
nginx version: nginx/1.25.4
Enter fullscreen mode Exit fullscreen mode

Download nginx source code

We should download source code that match version on nginx we recently installed.

cd /opt && sudo wget https://nginx.org/download/nginx-1.25.4.tar.gz
sudo tar -xzvf nginx-1.25.4.tar.gz
cd nginx-1.25.4
Enter fullscreen mode Exit fullscreen mode

after we download, extract and change directory to nginx source. we build nginx with module on modsecurity that we successfully installed above.

sudo ./configure --with-compat --add-dynamic-module=/opt/ModSecurity-nginx

sudo make
sudo make modules
Enter fullscreen mode Exit fullscreen mode

Next, we copy the modules to nginx modules-enabled, also copy configuration of modsecurity and unicode.

sudo cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules-enabled/

sudo cp /opt/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsecurity.conf

sudo cp /opt/ModSecurity/unicode.mapping /etc/nginx/unicode.mapping
Enter fullscreen mode Exit fullscreen mode

Enable ModSecurity in nginx.conf

Next, we edit configuration of nginx to load module of modsecurity

sudo nano /etc/nginx/nginx.conf

add this line to main configuration.

load_module /etc/nginx/modules-enabled/ngx_http_modsecurity_module.so;

then, we also need to modify the server block to activate modsecurity.

sudo nano /etc/nginx/sites-enabled/default

modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity.conf;
Enter fullscreen mode Exit fullscreen mode

and also, edit /etc/nginx/modsecurity.conf to change SecRuleEngine to On.

sudo nano /etc/nginx/modsecurity.conf

SecRuleEngine On

after that we can our nginx configuration and restart nginx server

sudo nginx -t

sudo systemctl restart nginx

We can test the nginx server with browser on its public ip address.

Update Rule with CORE RULE SET (CRS)

Now, we need to download core rule set from owasp, owasp crs provide rule to check if the client request has malicious code or not.

We directly download owasp crs to nginx configuration directory.

sudo git clone https://github.com/coreruleset/coreruleset.git /etc/nginx/owasp-crs

then we copy the configuration.

sudo cp /etc/nginx/owasp-crs/crs-setup.conf{.example,}

and we need to update our modsecurity configuration to load owasp crs.

sudo nano /etc/nginx/modsecurity.conf

Include owasp-crs/crs-setup.conf
Include owasp-crs/rules/*.conf
Enter fullscreen mode Exit fullscreen mode

last, we check nginx configuration,

sudo nginx -t

and restart nginx server.

sudo service nginx restart

Test Modsecurity + Nginx with browser
Try to access to your server and add some shell code on it :

https://ip_address/as.php?s=/bin/bash

If everything working as expected, forbidden access will show, with code 403. this mean we have success deploy our nginx server with modsecurity module.

To view detail about those error, we can see the log file of the modsecurity.

sudo tail -f /var/log/modsec_audit.log
sudo tail -f /var/log/nginx/error.log
Enter fullscreen mode Exit fullscreen mode

Hope this post help you secure your site even more.

💖 💪 🙅 🚩
henri_sekeladi
Henri Sekeladi

Posted on May 28, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related