DEV Community

Henri Sekeladi
Henri Sekeladi

Posted on • Edited on

32

Install Nginx with Modsecurity 3 + OWASP CRS on Ubuntu 22.04

Preface

In this article we a VPS hosted on AWS EC2 Instance installed with Ubuntu 22.04

Update Package & Install Libraries

First, update the package and install some libraries that we need on ubuntu server 22.04.

sudo apt update && sudo apt upgrade

Install libraries that needed for our installation process from source of modsecurity 3.

sudo apt install gcc make build-essential autoconf automake libtool libcurl4-openssl-dev liblua5.3-dev libfuzzy-dev ssdeep gettext pkg-config libgeoip-dev libyajl-dev doxygen libpcre++-dev libpcre2-16-0 libpcre2-dev libpcre2-posix3 zlib1g zlib1g-dev -y

Install Modsecurity

Next, we will install modsecurity from source.

cd /opt && sudo git clone https://github.com/owasp-modsecurity/ModSecurity.git
cd ModSecurity

sudo git submodule init
sudo git submodule update

sudo ./build.sh
sudo ./configure

sudo make
sudo make install
Enter fullscreen mode Exit fullscreen mode

If we success with this installation, we make big move. go on.

Download Modsecurity-nginx Connector

Next, we download modsecurity nginx connector, we will use this later on.

cd /opt && sudo git clone https://github.com/owasp-modsecurity/ModSecurity-nginx.git

Install Nginx with latest from Ondrej PPA

Ok, we will install nginx from ondrej ppa, we got the latest version of nginx.

First, we need to add repository from ondrej and update our package.

sudo add-apt-repository ppa:ondrej/nginx -y
sudo apt update
sudo apt install nginx -y
Enter fullscreen mode Exit fullscreen mode

We can enable with systemctl to start nginx when our server up

sudo systemctl enable nginx
sudo systemctl status nginx
Enter fullscreen mode Exit fullscreen mode

We also need to check our nginx version, to match our nginx build manual later on.

sudo nginx -v
nginx version: nginx/1.25.4
Enter fullscreen mode Exit fullscreen mode

Download nginx source code

We should download source code that match version on nginx we recently installed.

cd /opt && sudo wget https://nginx.org/download/nginx-1.25.4.tar.gz
sudo tar -xzvf nginx-1.25.4.tar.gz
cd nginx-1.25.4
Enter fullscreen mode Exit fullscreen mode

after we download, extract and change directory to nginx source. we build nginx with module on modsecurity that we successfully installed above.

sudo ./configure --with-compat --add-dynamic-module=/opt/ModSecurity-nginx

sudo make
sudo make modules
Enter fullscreen mode Exit fullscreen mode

Next, we copy the modules to nginx modules-enabled, also copy configuration of modsecurity and unicode.

sudo cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules-enabled/

sudo cp /opt/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsecurity.conf

sudo cp /opt/ModSecurity/unicode.mapping /etc/nginx/unicode.mapping
Enter fullscreen mode Exit fullscreen mode

Enable ModSecurity in nginx.conf

Next, we edit configuration of nginx to load module of modsecurity

sudo nano /etc/nginx/nginx.conf

add this line to main configuration.

load_module /etc/nginx/modules-enabled/ngx_http_modsecurity_module.so;

then, we also need to modify the server block to activate modsecurity.

sudo nano /etc/nginx/sites-enabled/default

modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity.conf;
Enter fullscreen mode Exit fullscreen mode

and also, edit /etc/nginx/modsecurity.conf to change SecRuleEngine to On.

sudo nano /etc/nginx/modsecurity.conf

SecRuleEngine On

after that we can our nginx configuration and restart nginx server

sudo nginx -t

sudo systemctl restart nginx

We can test the nginx server with browser on its public ip address.

Update Rule with CORE RULE SET (CRS)

Now, we need to download core rule set from owasp, owasp crs provide rule to check if the client request has malicious code or not.

We directly download owasp crs to nginx configuration directory.

sudo git clone https://github.com/coreruleset/coreruleset.git /etc/nginx/owasp-crs

then we copy the configuration.

sudo cp /etc/nginx/owasp-crs/crs-setup.conf{.example,}

and we need to update our modsecurity configuration to load owasp crs.

sudo nano /etc/nginx/modsecurity.conf

Include owasp-crs/crs-setup.conf
Include owasp-crs/rules/*.conf
Enter fullscreen mode Exit fullscreen mode

last, we check nginx configuration,

sudo nginx -t

and restart nginx server.

sudo service nginx restart

Test Modsecurity + Nginx with browser
Try to access to your server and add some shell code on it :

https://ip_address/as.php?s=/bin/bash

If everything working as expected, forbidden access will show, with code 403. this mean we have success deploy our nginx server with modsecurity module.

To view detail about those error, we can see the log file of the modsecurity.

sudo tail -f /var/log/modsec_audit.log
sudo tail -f /var/log/nginx/error.log
Enter fullscreen mode Exit fullscreen mode

Hope this post help you secure your site even more.

AWS Security LIVE!

Join us for AWS Security LIVE!

Discover the future of cloud security. Tune in live for trends, tips, and solutions from AWS and AWS Partners.

Learn More

Top comments (1)

Collapse
 
jerry_b_4ca5c6766f7b815cf profile image
Jerry B

Very helpful. Thanks for the post.

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay