Welcome! Log In Create A New Profile

Advanced

Did anybody sucessfully compiled Nginx with Modsecurity V3.0 and Modsecurity-Nginx connector recently ?

Posted by mkuser143 
Did anybody sucessfully compiled Nginx with Modsecurity V3.0 and Modsecurity-Nginx connector recently ?
Since I ma getting below error

checking for ModSecurity library in /usr/local/modsecurity ... not found
./configure: error: ngx_http_modsecurity_module requires the ModSecurity library.
make: *** No rule to make target `build', needed by `default'. Stop.
make: *** No rule to make target `install'. Stop.
make: *** No rule to make target `modules'. Stop.
On my Ubuntu 22.04 system, here's how I did it. Both the un-tarred Nginx folder and the ModSecurity folders are in the root of my /opt directory.



1.) Download the latest Nginx

cd /opt && sudo wget https://nginx.org/download/nginx-1.25.0.tar.gz

2.) sudo tar -xvzf nginx-1.25.0.tar.gz

3.) cd /opt && sudo git clone https://github.com/SpiderLabs/ModSecurity

4.) cd ModSecurity && sudo git submodule init && sudo git submodule update

5.) sudo ./build.sh

6.) sudo ./configure

7.) sudo make && sudo make install

8.) cd /opt && sudo git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx

9.) cd ./nginx-1.25.0

sudo ./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/sbin/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --modules-path=/usr/lib/nginx/modules --with-compat --with-debug --add-dynamic-module=/opt/ModSecurity-nginx --user=www-data --group=www-data --with-file-aio --with-http_realip_module --with-http_v2_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-pcre --with-http_gunzip_module --with-http_gzip_static_module

10.) sudo -s

make

make modules

make install

make clean

exit

11.) sudo nginx -v
--------------------
Configure ModSecurity

Test ModSecurity is NOT working YET by performing a simple local file inclusion attack by running the following command in your favorite browser:

http://mywebsite.com/?exec=/bin/bash

12.) tree /usr/lib/nginx/modules

13.) sudo rm -rf /usr/share/modsecurity-crs

14.) Download the OWASP rules

cd /opt && sudo git clone https://github.com/coreruleset/coreruleset /opt/modsecurity-crs

15.) sudo mv /opt/modsecurity-crs/crs-setup.conf.example /opt/modsecurity-crs/crs-setup.conf

16.) Rename the default request exclusion rule file:

sudo mv /opt/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /opt/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

17.) sudo mv /opt/modsecurity-crs /usr/local/

18.) Start by creating a ModSecurity directory in the /etc/nginx/ directory:

sudo mkdir -p /etc/nginx/modsec

19.) Copy over the unicode mapping file and the ModSecurity configuration file from your cloned ModSecurity GitHub repository:

sudo cp /opt/ModSecurity/unicode.mapping /etc/nginx/modsec/

sudo mv /opt/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf

20.) Change the value for SecRuleEngine to On:

sudo sed -i "s/SecRuleEngine DetectionOnly/SecRuleEngine On/" /etc/nginx/modsec/modsecurity.conf

21.) sudo vi /etc/nginx/modsec/main.conf

Include /etc/nginx/modsec/modsecurity.conf
Include /usr/local/modsecurity-crs/crs-setup.conf
Include /usr/local/modsecurity-crs/rules/*.conf

22.) Open your virtual host configuration file and insert the following lines in your server block:

sudo vi /etc/nginx/conf.d/mywebsite.com.conf

At the bottom, but before the closing } bracket:
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;

23.) sudo nginx -t

24.) sudo systemctl restart nginx

Test ModSecurity is NOW working by performing a simple local file inclusion attack by running the following command in your favorite web browser:

mywebsite.com/?exec=/bin/bash

mywebsite.com?doc=/bin/ls

sudo tail /var/log/modsec_audit.log

sudo tail /var/log/nginx/mywebsite.com.error.log
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 179
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready