Installing Atomic mod_security rules (Delayed rules for mod_security) in cPanel

Posted: April 29, 2013 in cPanel

 

Follow the below steps to install Atomic mod_security rules in cPanel.

 

Stage 1: Run the following commands at command line:

mkdir /var/asl
mkdir /var/asl/tmp
mkdir /var/asl/data
mkdir /var/asl/data/msa
mkdir /var/asl/data/audit
mkdir /var/asl/data/suspicious
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
mkdir /var/asl/updates
mkdir /var/asl/rules/
mkdir /var/asl/rules/clamav
mkdir /etc/asl/
touch /etc/asl/whitelist
cd /usr/local/src/
wget http://updates.atomicorp.com/channels/rules/delayed/modsec-2.7-free-latest.tar.gz
tar zxvf modsec-2.7-free-latest.tar.gz
mkdir /usr/local/apache/conf/modsec_rules/
cp modsec/*  /usr/local/apache/conf/modsec_rules/

These command will create the required directory’s and download the latest free version of the Atomic Mod Security rules. It will also directly install them into the location of Apache designed for cPanel and configure the permission.

Stage 2: Configure cPanel to use the Mod Security Rules

In this stage, you can do everything from WHM as long as you have Mod Security already installed as part of your EasyApache build. If you do not, you will need to rebuild apache with Mod Security.

In go to: WHM -> Plugins -> Mod Security and then click: Edit Config

In this section, delete all the current content and then paste in the following configuration:

SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial

Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec2.whitelist.conf

Save this and restart Apache.

This should now have successfully installed the Atomic mod security rules into cPanel which are a much more secure rule base and include extra protection which is important for the latest hacks.

Advertisements
Comments
  1. Musti says:

    Hello,
    icant download the modsec-2.7-free-latest.tar.gz via shell.
    Can you provide me this file . thank you

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s