HOW TO CONFIG ModSecurity in Apache2 , i have encountered a error. Can you help me?

[whxloveyrh]

root@ubuntu:rules# vim /etc/apache2/mods-available/security2.conf

# Default Debian dir for modsecurity's persistent data SecDataDir /var/cache/modsecurity

    # Include all the *.conf files in /etc/modsecurity.
    # Keeping your local configuration in that directory
    # will allow for an easy upgrade of THIS file and
    # make your life easier
    IncludeOptional /etc/modsecurity/*.conf
    IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
    #IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf
    # Include OWASP ModSecurity CRS rules if installed
    IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "/etc/apache2/mods-available/security2.conf" 14L, 613C written root@ubuntu:rules# service apache2 reload Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details. root@ubuntu:rules# systemctl status apache2.service * apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d `-apache2-systemd.conf Active: active (running) (Result: exit-code) since Mon 2017-06-05 19:55:01 CST; 2min 35s ago Process: 4291 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE) Process: 4936 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=1/FAILURE) Process: 4846 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS) Main PID: 4865 (apache2) Tasks: 55 (limit: 4915) Memory: 37.8M CPU: 355ms CGroup: /system.slice/apache2.service |-4865 /usr/sbin/apache2 -k start |-4868 /usr/sbin/apache2 -k start `-4869 /usr/sbin/apache2 -k start

Jun 05 19:54:53 ubuntu systemd[1]: Starting The Apache HTTP Server...
Jun 05 19:54:53 ubuntu apachectl[4846]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directJun 05 19:55:01 ubuntu systemd[1]: Started The Apache HTTP Server.
Jun 05 19:57:23 ubuntu systemd[1]: Reloading The Apache HTTP Server.
Jun 05 19:57:23 ubuntu apachectl[4936]: AH00526: Syntax error on line 62 of /usr/share/modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf:
Jun 05 19:57:23 ubuntu apachectl[4936]: ModSecurity: Found another rule with the same id
Jun 05 19:57:23 ubuntu apachectl[4936]: Action 'graceful' failed.
Jun 05 19:57:23 ubuntu apachectl[4936]: The Apache error log may have more information.
Jun 05 19:57:23 ubuntu systemd[1]: apache2.service: Control process exited, code=exited status=1
Jun 05 19:57:23 ubuntu systemd[1]: Reload failed for The Apache HTTP Server.
root@ubuntu:rules#

[csanders-git]

The problem is very much linked to the rules you're included. although we can't see exactly, it appears you're including CRS twice.

[whxloveyrh]

@csanders-git

my install's step are:
step 0:
apt install apache2
step 1:
apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev libapache2-modsecurity
step 2:
service apache2 reload
step 3:

          3.1  cd /etc/modsecurity/
          3.2 mv modsecurity.conf-recommended modsecurity.conf
          3.3 vim /etc/modsecurity/modsecurity.conf
          modify
               SecRuleEngine On

step 4:
$vim /etc/apache2/mods-available/security2.conf

 <IfModule security2_module>
	# Default Debian dir for modsecurity's persistent data
	SecDataDir /var/cache/modsecurity
	# Include all the *.conf files in /etc/modsecurity.
	# Keeping your local configuration in that directory
	# will allow for an easy upgrade of THIS file and
	# make your life easier
        IncludeOptional /etc/modsecurity/*.conf
	IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
        # Include OWASP ModSecurity CRS rules if installed
	IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load
</IfModule>

step 5:

     $a2enmod headers
     $a2enmod security2
     $service apache2 restart (**ERROR**)

root@ubuntu:mods-available# systemctl status apache2.service

• apache2.service - The Apache HTTP Server
  Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
  `-apache2-systemd.conf
  Active: failed (Result: exit-code) since Tue 2017-06-06 12:03:42 CST; 48min ago
  Process: 2103 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
  Process: 1994 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
  Process: 2110 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
  Main PID: 1741 (code=exited, status=0/SUCCESS)
  CPU: 62ms

Jun 06 12:03:42 ubuntu systemd[1]: apache2.service: Failed with result 'exit-code'.
Jun 06 12:03:42 ubuntu systemd[1]: Starting The Apache HTTP Server...
Jun 06 12:03:42 ubuntu apachectl[2110]: AH00526: Syntax error on line 62 of /usr/share/modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf:
Jun 06 12:03:42 ubuntu apachectl[2110]: ModSecurity: Found another rule with the same id
Jun 06 12:03:42 ubuntu apachectl[2110]: Action 'start' failed.
Jun 06 12:03:42 ubuntu apachectl[2110]: The Apache error log may have more information.
Jun 06 12:03:42 ubuntu systemd[1]: apache2.service: Control process exited, code=exited status=1
Jun 06 12:03:42 ubuntu systemd[1]: Failed to start The Apache HTTP Server.
Jun 06 12:03:42 ubuntu systemd[1]: apache2.service: Unit entered failed state.
Jun 06 12:03:42 ubuntu systemd[1]: apache2.service: Failed with result 'exit-code'.

I can restart apache ,after I comment "IncludeOptional /usr/share/modsecurity-crs/rules/*.conf".

<IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/*.conf
        #IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
        #IncludeOptional /usr/share/modsecurity-crs/activated_rules/*.conf
        # Include OWASP ModSecurity CRS rules if installed
        IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load
</IfModule>

[zimmerle]

Please check the content of owasp-crs.load file. Most likely you have OWASP being include twice.

[cdorsat]

Is the problem solved ? ? I have the same problem.

[zimmerle]

@cdorsat double check your configurations. Most likely you are including CRS twice.

[jmeile]

Hi

I'm also having this problem under Ubuntu 16.04. I rechecked if the file was included twice, but it wasn't.

The problem is that the file:
/usr/share/modsecurity-crs/owasp-crs.load

Does not exist. I get the error:
apache2: Syntax error on line 144 of /etc/apache2/apache2.conf: Syntax error on line 12 of /etc/apache2/mods-enabled/security2.conf: Could not open configuration file /usr/share/modsecurity-crs.load

I tried purging mod-security2:
apt purge libapache2-mod-security2

Here I restarted apache:
service apache2 restart

This worked. Then I tried to install mod-security2 again:
apt install libapache2-mod-security2

Apache was broken again. It seems that the Ubuntu distro is broken. This file doesn't get installed. I had the problem in three servers with Ubuntu 16.04

Best regards
Josef

[csanders-git]

First i'll say we don't package the ubuntu modsec but ...lets break it down piece by piece, we'll get there. Does the /usr/share/modsecurity-crs.load exist on your server? I just did the following (on docker admittedly but it should have the same repo's)

apt-get update
apt-get install apache2 libapache2-mod-security2 modsecurity-crs
cd /etc/apache2/mods-enabled
ln -s ../mods-available/security2.conf security.conf
ln -s ../mods-available/security2.load security.load
apachectl start

Seemed to work fine.

[jmeile]

Dear csanders-git

The problem is that both files:
/usr/share/modsecurity-crs.load
/usr/share/modsecurity-crs/owasp-crs.load

Doesn't exist. I purged the packages:
apt-get purge libapache2-mod-security2 modsecurity-crs

then reinstall them again:
apt-get install libapache2-mod-security2 modsecurity-crs

But the files won't be created. I get this while running the last command:

apache2_reload: Your configuration is broken. Not restarting Apache 2
apache2_reload: apache2: Syntax error on line 144 of /etc/apache2/apache2.conf: Syntax error on line 12 of /etc/apache2/mods-enabled/security2.conf: Could not open configuration file /usr/share/modsecurity-crs/owasp-crs.load: No such file or directory

I'm getting it in two more servers with Ubuntu 16.04.

Anyway, you are right. I should report this to the proper place.

Best regards
Josef

[absike015]

Hello evryone can anyone help here i can t find the /etc/modsecurity/ after i installed the modsecurity package !!!!!

[WPTSTW]

Please help me to solve this error.
Syntax error on line 7 of /etc/apache2/conf-enabled/modsecurity.conf:Invalid command " SecRuleEngine", perhaps mispelled or defined by a module not included in the sever configuration.

[FadilSIDI]

Bonjour evryone quelqu’un peut-il aider ici je ne peux pas trouver le /etc/modsecurity/ après avoir installé le paquet modsecurity !!!!!

déplace ca d'abord dans le /etc/modsecurity/
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf