Ubuntu 14 x64 server problem installing mod_security

Posted on 2014-08-10
Last Modified: 2014-08-10
Hi all,

I have followed the following procedure found on this link ( MATTBROCK TUTORIAL FOR UBUNTU 14.04 ) to install mod_security on my server:

sudo apt-get install libapache2-mod-security2
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo nano /etc/modsecurity/modsecurity.conf

Make the following options so:
SecRuleEngine On
SecRequestBodyLimit 50000000
SecRequestBodyInMemoryLimit 50000000

cd /tmp
sudo wget
sudo apt-get install zip
sudo unzip
sudo cp -r owasp-modsecurity-crs-master/* /etc/modsecurity/

sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf

sudo ls /etc/modsecurity/base_rules | xargs -I {} sudo ln -s /etc/modsecurity/base_rules/{} /etc/modsecurity/activated_rules/{}

sudo ls /etc/modsecurity/optional_rules | xargs -I {} sudo ln -s /etc/modsecurity/optional_rules/{} /etc/modsecurity/activated_rules/{}

sudo nano /etc/apache2/mods-available/security2.conf 
add the following line near the end, just before </IfModule>:
Include "/etc/modsecurity/activated_rules/*.conf"

sudo service apache2 restart
sudo rm -rfv /tmp/*

sudo apt-get install libapache2-mod-evasive
sudo mkdir /var/log/mod_evasive
sudo chown www-data:www-data /var/log/mod_evasive
sudo nano /etc/apache2/mods-available/evasive.conf

Make it so:
<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10

    #DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
    DOSLogDir           "/var/log/mod_evasive"

sudo ln -s /etc/apache2/mods-available/evasive.conf /etc/apache2/mods-enabled/evasive.conf
sudo service apache2 restart
sudo apt-get install rkhunter chkrootkit

sudo nano etc/chkrootkit.conf

sudo nano /etc/default/rkhunter

sudo mv /etc/cron.weekly/rkhunter /etc/cron.weekly/rkhunter_update
sudo mv /etc/cron.daily/rkhunter /etc/cron.weekly/rkhunter_run
sudo mv /etc/cron.daily/chkrootkit /etc/cron.weekly/

sudo apt-get install logwatch
sudo mv /etc/cron.daily/00logwatch /etc/cron.weekly/
sudo nano /etc/cron.weekly/00logwatch
/usr/sbin/logwatch --output mail --range 'between -7 days and -1 days'

sudo apt-get install acct
sudo touch /var/log/wtmp

sudo a2enmod modsecurity
sudo /etc/init.d/apache2 force-reload

Open in new window

However when I execute: sudo a2enmod modsecurity

lupocatttivo@octane:~$ sudo a2enmod modsecurity
ERROR: Module modsecurity does not exist!

Any help will be appreciated.

Thanks in advance.
Question by:badwolfff
    LVL 14

    Expert Comment

    Since the module does not exist, the install command must have failed. Try running it again. What errors does it display?
    apt-get install libapache2-mod-security2

    Open in new window


    Author Comment

    lupocatttivo@octane:~$ sudo apt-get install libapache2-mod-security2
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    libapache2-mod-security2 is already the newest version.
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

    Open in new window

    The problem is that I get this problem with mode-evasive as well:

    lupocatttivo@octane:~$ sudo a2enmod mod-evasive
    [sudo] password for lupocatttivo:
    ERROR: Module mod-evasive does not exist!

    Open in new window

    thanks for your message
    LVL 14

    Accepted Solution

    When enabling modules in apache, you don't need the "mod-" prefix. So use this command:
    sudo a2enmod evasive

    Open in new window


    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now