how to install Mod_Security

[Cyber-DL]

If you use cPanel, you just enable mod_security for cPanel, if you manage Apache httpd.conf yourself, you can check modsecurity documentation for configuration directives.

no , i'm using DirectAdmin

 

[anewday]

i typed SecAuditLog logs/audit_log at the bottom in rules , now whereis logs/audit_log ? it's in /var/logs/audit_log Or in /etc/modsecurity or another path ?

i'm so sorry for my cheap questions,
Best Regards

Where is your rules file? For example, if it is in /etc/modsecurity/ then the audit_log file will be in /etc/logs/audit_log

 

[Cyber-DL]

my rules is in /etc/modsecurity2/ and loaded from /etc/httpd/conf/extra/httpd-includes.conf , so where is correct location ?

/etc/logs/audit_log didn't exist , this path ( or correct path ) will be create Or must be create manualy ?!

Best Regards

 

[Cyber-DL]

anybody can't help me ?!

 

[anewday]

You need to make the folder if it doens't exist. It should be in /etc/logs/audit_log

 

[Cyber-DL]

You need to make the folder if it doens't exist. It should be in /etc/logs/audit_log

i do this , and i set chmod 777 for /etc/logs and for /etc/logs/audit_log ,

but after that i opened scriptet like c99 shell script and other part of my servers has problem with rules , but any thing wasn't in /etc/logs/audit_log

any idea !?

 

[anewday]

Try:

touch audit_log

 

[Cyber-DL]

Try:

touch audit_log

i do it ! but nothing appeared ,

[root@nvidia logs]# touch audit_log
[root@nvidia logs]#

 

[Cyber-DL]

Try:

touch audit_log

i think this take long time ! so did you have Yahoo ID for chat ?! or if you're using another messenger , tell what's that , it's better continue it in CHAT , and the answer will be paste here !

Best Regards

 

[anewday]

Change the owner of the file to the same user that Apache is running as. If it still doesn't work then it could be due to the fact that mod_security 2 uses different syntax.

 

[Cyber-DL]

Change the owner of the file to the same user that Apache is running as. If it still doesn't work then it could be due to the fact that mod_security 2 uses different syntax.

i'm using LiteSpeed Enterprise , not apache !

i should change it to apache or lshttpd

 

[anewday]

I meant the user Litespeed is running as.

 

[Cyber-DL]

[root@nvidia logs]# chown -R apache:apache *
[root@nvidia logs]# ls -la

drwxrwxrwx 2 root root 4096 Jul 24 17:00 .
drwxr-xr-x 49 root root 4096 Jul 28 18:51 ..
-rwxrwxrwx 1 apache apache 1 Jul 26 14:39 audit_log
[root@nvidia logs]#

everythings allright !? is any thing wrong with this ?

 

[anewday]

It looks ok.

 

[Cyber-DL]

Correct is :

set full path in your rule files , here for example my log file is a logz and located in /etc/modsecurity2/logs

SecAuditLog /etc/modsecurity2/logs/logz