How To Install mod_security_crs on CentOS 8

mod_security_crs is ModSecurity Rules

Introduction

In this tutorial we learn how to install mod_security_crs on CentOS 8.

What is `mod_security_crs`

This package provides the base rules for mod_security.

We can use yum or dnf to install mod_security_crs on CentOS 8. In this tutorial we discuss both methods but you only need to choose one of method to install mod_security_crs.

Install mod_security_crs on CentOS 8 Using dnf

Update yum database with dnf using the following command.

sudo dnf makecache --refresh

The output should look something like this:

CentOS Linux 8 - AppStream                                       43 kB/s | 4.3 kB     00:00    
CentOS Linux 8 - BaseOS                                          65 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - ContinuousRelease                               43 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - Extras                                          23 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - FastTrack                                       40 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - HighAvailability                                36 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - Plus                                            24 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - PowerTools                                      50 kB/s | 4.3 kB     00:00    
Extra Packages for Enterprise Linux Modular 8 - x86_64           13 kB/s | 9.2 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                   24 kB/s | 8.5 kB     00:00    
Metadata cache created.

After updating yum database, We can install mod_security_crs using dnf by running the following command:

sudo dnf -y install mod_security_crs

Install mod_security_crs on CentOS 8 Using yum

Update yum database with yum using the following command.

sudo yum makecache --refresh

The output should look something like this:

CentOS Linux 8 - AppStream                                       43 kB/s | 4.3 kB     00:00    
CentOS Linux 8 - BaseOS                                          65 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - ContinuousRelease                               43 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - Extras                                          23 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - FastTrack                                       40 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - HighAvailability                                36 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - Plus                                            24 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - PowerTools                                      50 kB/s | 4.3 kB     00:00    
Extra Packages for Enterprise Linux Modular 8 - x86_64           13 kB/s | 9.2 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                   24 kB/s | 8.5 kB     00:00    
Metadata cache created.

After updating yum database, We can install mod_security_crs using yum by running the following command:

sudo yum -y install mod_security_crs

How To Uninstall mod_security_crs on CentOS 8

To uninstall only the mod_security_crs package we can use the following command:

sudo dnf remove mod_security_crs

mod_security_crs Package Contents on CentOS 8

/etc/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-901-INITIALIZATION.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-905-COMMON-EXCEPTIONS.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-910-IP-REPUTATION.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-911-METHOD-ENFORCEMENT.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-912-DOS-PROTECTION.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-913-SCANNER-DETECTION.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-921-PROTOCOL-ATTACK.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf
/etc/httpd/modsecurity.d/activated_rules/RESPONSE-950-DATA-LEAKAGES.conf
/etc/httpd/modsecurity.d/activated_rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
/etc/httpd/modsecurity.d/activated_rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
/etc/httpd/modsecurity.d/activated_rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
/etc/httpd/modsecurity.d/activated_rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
/etc/httpd/modsecurity.d/activated_rules/RESPONSE-959-BLOCKING-EVALUATION.conf
/etc/httpd/modsecurity.d/activated_rules/RESPONSE-980-CORRELATION.conf
/etc/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
/etc/httpd/modsecurity.d/activated_rules/crawlers-user-agents.data
/etc/httpd/modsecurity.d/activated_rules/iis-errors.data
/etc/httpd/modsecurity.d/activated_rules/java-code-leakages.data
/etc/httpd/modsecurity.d/activated_rules/java-errors.data
/etc/httpd/modsecurity.d/activated_rules/lfi-os-files.data
/etc/httpd/modsecurity.d/activated_rules/php-config-directives.data
/etc/httpd/modsecurity.d/activated_rules/php-errors.data
/etc/httpd/modsecurity.d/activated_rules/php-function-names-933150.data
/etc/httpd/modsecurity.d/activated_rules/php-function-names-933151.data
/etc/httpd/modsecurity.d/activated_rules/php-variables.data
/etc/httpd/modsecurity.d/activated_rules/restricted-files.data
/etc/httpd/modsecurity.d/activated_rules/scanners-headers.data
/etc/httpd/modsecurity.d/activated_rules/scanners-urls.data
/etc/httpd/modsecurity.d/activated_rules/scanners-user-agents.data
/etc/httpd/modsecurity.d/activated_rules/scripting-user-agents.data
/etc/httpd/modsecurity.d/activated_rules/sql-errors.data
/etc/httpd/modsecurity.d/activated_rules/sql-function-names.data
/etc/httpd/modsecurity.d/activated_rules/unix-shell.data
/etc/httpd/modsecurity.d/activated_rules/windows-powershell-commands.data
/etc/httpd/modsecurity.d/crs-setup.conf
/usr/share/doc/mod_security_crs
/usr/share/doc/mod_security_crs/CHANGES
/usr/share/doc/mod_security_crs/README.md
/usr/share/licenses/mod_security_crs
/usr/share/licenses/mod_security_crs/LICENSE
/usr/share/mod_modsecurity_crs
/usr/share/mod_modsecurity_crs/rules
/usr/share/mod_modsecurity_crs/rules/REQUEST-901-INITIALIZATION.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-910-IP-REPUTATION.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-912-DOS-PROTECTION.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-913-SCANNER-DETECTION.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
/usr/share/mod_modsecurity_crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf
/usr/share/mod_modsecurity_crs/rules/RESPONSE-950-DATA-LEAKAGES.conf
/usr/share/mod_modsecurity_crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
/usr/share/mod_modsecurity_crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
/usr/share/mod_modsecurity_crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
/usr/share/mod_modsecurity_crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
/usr/share/mod_modsecurity_crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
/usr/share/mod_modsecurity_crs/rules/RESPONSE-980-CORRELATION.conf
/usr/share/mod_modsecurity_crs/rules/crawlers-user-agents.data
/usr/share/mod_modsecurity_crs/rules/iis-errors.data
/usr/share/mod_modsecurity_crs/rules/java-code-leakages.data
/usr/share/mod_modsecurity_crs/rules/java-errors.data
/usr/share/mod_modsecurity_crs/rules/lfi-os-files.data
/usr/share/mod_modsecurity_crs/rules/php-config-directives.data
/usr/share/mod_modsecurity_crs/rules/php-errors.data
/usr/share/mod_modsecurity_crs/rules/php-function-names-933150.data
/usr/share/mod_modsecurity_crs/rules/php-function-names-933151.data
/usr/share/mod_modsecurity_crs/rules/php-variables.data
/usr/share/mod_modsecurity_crs/rules/restricted-files.data
/usr/share/mod_modsecurity_crs/rules/scanners-headers.data
/usr/share/mod_modsecurity_crs/rules/scanners-urls.data
/usr/share/mod_modsecurity_crs/rules/scanners-user-agents.data
/usr/share/mod_modsecurity_crs/rules/scripting-user-agents.data
/usr/share/mod_modsecurity_crs/rules/sql-errors.data
/usr/share/mod_modsecurity_crs/rules/sql-function-names.data
/usr/share/mod_modsecurity_crs/rules/unix-shell.data
/usr/share/mod_modsecurity_crs/rules/windows-powershell-commands.data

References

mod_security_crs website

Summary

In this tutorial we learn how to install mod_security_crs on CentOS 8 using yum and dnf.