mod_security templates (TEMPLATES)

Version 1.47


BETA With CustomBuild 2.0, mod_security can be installed. DA will need a few template changes and logs for mod_security. With mod_ruid2, logging is done with user permissions in /var/log/modsec_audit/user/* Without mod_ruid2, it's in /var/log/httpd or /var/log/nginx: modsec_audit.log modsec_debug.log ======================================================= directadmin.conf new value, internal default: modsec_audit_dir=/var/log/modsec_audit ======================================================= Template changes for: virtual_host2*.conf + user_virtual_host.conf: |*if RUID2_AND_MOD_SECURITY="1"| <IfModule mod_security2.c> SecAuditLogStorageDir |MODSEC_AUDIT_DIR|/|USER| </IfModule> |*endif| nginx templates will use a global mod_security setting. You can disable any nginx server{} by using the following in the Custom Httpd Config: ModSecurityEnabled off; ======================================================= Tokens: HAVE_MOD_SECURITY=1|0 RUID2_AND_MOD_SECURITY=1|0 MODSEC_AUDIT_DIR=/var/log/modsec_audit MODSEC_AUDIT_DIR is only set if HAVE_MOD_SECURITY==1 NGINX_MOD_SECURITY_ENABLE=include /etc/nginx/nginx-modsecurity-enable.conf; NGINX_MOD_SECURITY_ENABLE="" (blank) if mod_security is not enabled. ======================================================= DirectAdmin will create: /var/log/modsec_audit root:root 711 and on each user httpd.conf write, if missing: /var/log/modsec_audit user:user 700 ======================================================= Log Rotation Uses the same apache log rotation rules. It respects: rotation=1|0 logs_to_keep=5 Rotation is done during the full tally, right after /var/log/httpd/domains/*.log are rotated. And just before the HUP to apache (so only 1 HUP is given) Rotation on /var/log/modsec_audit/user/* is done based on the filename date, so assumes the correct folder naming format, eg: /var/log/modsec_audit/USERNAME/20141230/* Where the logs_to_keep setting will compute the number of seconds before now" (5 days = 5 * 24 * 3600), and if the date in the 20141230 (Dec 30, 2014) is older than 5 day before now, then the folder is deleted. The logs: modsec_audit.log modsec_debug.log are rotated up, using the .1 .2 ... .5 format.

Interested to try DirectAdmin? Get a 30-day Free Trial!