[Tutorial] How To Manually Update Comodo ModSecurity Rules For CyberPanel — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberHosting

[Tutorial] How To Manually Update Comodo ModSecurity Rules For CyberPanel

I originally posted this in the Facebook group but Owen asked me to post it here also, so here we are. As you may not know even fresh installs of CyberPanel come with ModSecurity rules that are over 2 years old so you may not be as protected as you think. the below tutorial assumes you already have ModSecurity Comodo rules installed via CyberPanel admin area...

----------

Step 1

go to https://waf.comodo.com/ and download the latest rules. It is important that you select NGINX rules as OpenLitespeed is not compatible with ModSecurity 2 rules.

----------

Step 2

using sftp go to /usr/local/lsws/conf/modsec/comodo where you will see the old rules.

----------

Step 3

check ownership on rules by opening any of the files and seeing who they are running as. it will either be cyberpanel:cyberpanel or lsadm:nobody. (I'm not sure which is correct but i've observed both on different servers)

----------

Step 4

delete all files in /usr/local/lsws/conf/modsec/comodo except for modsecurity.conf and then upload all the updated files you downloaded from comodo.

----------

Step 5

change owner for the files you uploaded according to what they were prior by using either of these commands depending on which is correct for your setup:

....

chown -R lsadm:nobody /usr/local/lsws/conf/modsec/comodo

....

chown -R cyberpanel:cyberpanel /usr/local/lsws/conf/modsec/comodo

----------

Step 6

edit the following file: /usr/local/lsws/conf/httpd_config.conf

....

find the line beginning modsecurity_rules_file

....

keep these 2 lines:

modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf

modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/modsecurity.conf

....

remove the lines from:

....

modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/00_Init_Initialization.conf

....

until

....

modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/28_Apps_OtherApps.conf

....

replace with new lines:

....

modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/00_Init_Initialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/01_Init_AppsInitialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/02_Global_Generic.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/03_Global_Agents.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/04_Global_Domains.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/05_Global_Incoming.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/06_Global_Backdoor.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/07_XSS_XSS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/08_Global_Other.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/09_Bruteforce_Bruteforce.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/10_HTTP_HTTP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/11_HTTP_HTTPDoS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/12_HTTP_Protocol.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/13_HTTP_Request.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/14_Outgoing_FilterGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/15_Outgoing_FilterASP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/16_Outgoing_FilterPHP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/17_Outgoing_FilterSQL.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/18_Outgoing_FilterOther.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/19_Outgoing_FilterInFrame.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/20_Outgoing_FiltersEnd.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/21_PHP_PHPGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/22_SQL_SQLi.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/23_ROR_RORGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/24_Apps_Joomla.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/25_Apps_JComponent.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/26_Apps_WordPress.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/27_Apps_WPPlugin.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/28_Apps_WHMCS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/29_Apps_Drupal.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/30_Apps_OtherApps.conf

----------

Step 7

Restart litespeed and you're good to go

----------

Step 8 (optional)

In Cyberpanel go to: ModSecurity Rules Pack and click configure next to Comodo Modsecurity 3.0

you can then turn off any rule sets you don't need. eg if all the sites on your server are wordpress then you can safely turn off drupal and joomla rules for very marginal improvement in efficiency.
---
Former web host. Find what I'm up to these days at https://epithet.uk

Comments

Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!