[Tutorial] How To Manually Update Comodo ModSecurity Rules For CyberPanel — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberHosting

[Tutorial] How To Manually Update Comodo ModSecurity Rules For CyberPanel

I originally posted this in the Facebook group but Owen asked me to post it here also, so here we are. As you may not know even fresh installs of CyberPanel come with ModSecurity rules that are over 2 years old so you may not be as protected as you think. the below tutorial assumes you already have ModSecurity Comodo rules installed via CyberPanel admin area...

----------

Step 1

go to https://waf.comodo.com/ and download the latest rules. It is important that you select NGINX rules as OpenLitespeed is not compatible with ModSecurity 2 rules.

----------

Step 2

using sftp go to /usr/local/lsws/conf/modsec/comodo where you will see the old rules.

----------

Step 3

check ownership on rules by opening any of the files and seeing who they are running as. it will either be cyberpanel:cyberpanel or lsadm:nobody. (I'm not sure which is correct but i've observed both on different servers)

----------

Step 4

delete all files in /usr/local/lsws/conf/modsec/comodo except for modsecurity.conf and then upload all the updated files you downloaded from comodo.

----------

Step 5

change owner for the files you uploaded according to what they were prior by using either of these commands depending on which is correct for your setup:

....

chown -R lsadm:nobody /usr/local/lsws/conf/modsec/comodo

....

chown -R cyberpanel:cyberpanel /usr/local/lsws/conf/modsec/comodo

----------

Step 6

edit the following file: /usr/local/lsws/conf/httpd_config.conf

....

find the line beginning modsecurity_rules_file

....

keep these 2 lines:

modsecurity_rules_file /usr/local/lsws/conf/modsec/rules.conf

modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/modsecurity.conf

....

remove the lines from:

....

modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/00_Init_Initialization.conf

....

until

....

modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/28_Apps_OtherApps.conf

....

replace with new lines:

....

modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/00_Init_Initialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/01_Init_AppsInitialization.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/02_Global_Generic.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/03_Global_Agents.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/04_Global_Domains.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/05_Global_Incoming.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/06_Global_Backdoor.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/07_XSS_XSS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/08_Global_Other.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/09_Bruteforce_Bruteforce.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/10_HTTP_HTTP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/11_HTTP_HTTPDoS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/12_HTTP_Protocol.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/13_HTTP_Request.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/14_Outgoing_FilterGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/15_Outgoing_FilterASP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/16_Outgoing_FilterPHP.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/17_Outgoing_FilterSQL.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/18_Outgoing_FilterOther.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/19_Outgoing_FilterInFrame.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/20_Outgoing_FiltersEnd.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/21_PHP_PHPGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/22_SQL_SQLi.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/23_ROR_RORGen.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/24_Apps_Joomla.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/25_Apps_JComponent.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/26_Apps_WordPress.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/27_Apps_WPPlugin.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/28_Apps_WHMCS.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/29_Apps_Drupal.conf
modsecurity_rules_file /usr/local/lsws/conf/modsec/comodo/30_Apps_OtherApps.conf

----------

Step 7

Restart litespeed and you're good to go

----------

Step 8 (optional)

In Cyberpanel go to: ModSecurity Rules Pack and click configure next to Comodo Modsecurity 3.0

you can then turn off any rule sets you don't need. eg if all the sites on your server are wordpress then you can safely turn off drupal and joomla rules for very marginal improvement in efficiency.
---
Former web host. Find what I'm up to these days at https://epithet.uk

Comments

  • Thank You, worked right away !
  • Did it a second time today.

    ls -l gave me surprisingly: lsadm nogroup

    So i did: chown -R lsadm:nogroup /usr/local/lsws/conf/modsec/comodo

    Hope that's right....please correct me if that's not right
  • chown -R cyberpanel:cyberpanel /usr/local/lsws/conf/modsec/comodo this worked for my installation.
  • Thank you. It works for me but i use owasp instead comodo.
  • Unable to download OWASP ModSecurity Core Rules and COMODO ModSecurity 3.0 mod security rules section.
    ==================================
    After a fresh installation, when I am configuring the Mod security on the cyber panel I got an error for both OWASP and MODDECURITY 3.0.

    I also checked both URLs .they are throwing 404 errors

    for comodo =https://cyberpanel.net/modsec/comodo.tar.gz
    for OWSAP =https://cyberpanel.net/modsec/owasp.tar.gz
    ======================================================

    Even at /usr/local/lsws/conf/modsec/ there is neither comodo folder nor owasp.

    ==============================================================

    The installation i did today only.
    ====================================

    Could you anyome please assist me.

    thanks
  • @subh

    you can edit the file

    /usr/local/CyberCP/plogical/modSec.py and change the mirrorpath from "cyberpanel.net" to "cyberpanel.sh"


    mirrorPath = "cyberpanel.sh"

    and try install and it will be ok
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!