• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Mod_Security and Mod_Unique_id Install

I

InsertCoin

Basic Pleskian
Plesk: 9.5.2
OS: Ubuntu Hardy 8.04

I have been crawling around the internet looking for a way to install mod_security, however I have been unable to come up with a guide on how to do this. Most refer to installing it with "apt-get install libapache2-mod-security" and the documentation over at modsecurity.org advises that mod_unique_id needs to be enabled.

I found it on the server in /usr/lib/apache2/modules/mod_unique_id.so and tried to enable it to no avail (assume it needs to be compiled in).

Anyone know how I can get mod_security running?
 
Doesnt help really, as thats for centos/RH installs.

Ubuntu 8.04 doesn't have mod-security available.

Very strange that Plesk are not taking a more pro-active approach to allow people to be able to secure their server.
 
What about

apt-cache search mod_security

?

As I remember it may be libapache2-mod-security on Ubuntu.
 
Yep, that was my first attempt:

root@:/# apt-cache search mod_security
root@:/#

Is all that happens.

My sources.list:

deb http://archive.ubuntu.com/ubuntu hardy main restricted universe
deb http://archive.ubuntu.com/ubuntu hardy-updates main restricted universe
deb http://archive.ubuntu.com/ubuntu hardy-security main restricted universe

## This is temporary appended by Autoinstaller for
## specify source of product's packages for APT.
deb http://autoinstall.plesk.com/ubuntu/PSA_9.5.2 hardy all
 
Further information:

The reason for wanting to install is because if I create a file on my hosting (called bad.php) with the contents:

<? $secret_file = $_GET['secret_file'];
include ( $secret_file); ?>

And then call it with:

/bad.php?secret_file=/etc/passwd

It prints the contents of /etc/passwd to the browser, which is not very secure.
 
You must log in or register to reply here.

Similar threads

NateWon
Question Composer and default PHP version
Replies
1
Views
584
Kaspar
K
J
Question clobbered PHP-CLI after apt upgrade
Replies
9
Views
2K
James Heinrich
J
K
Issue I am getting errors while installing some Extensions
Replies
2
Views
950
kemalcizoglu
K
flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
1K
flederwiesel
flederwiesel
D
Resolved Looking for tutorial/information on how to install Matrix Docker container
Replies
4
Views
2K
David Borrink
D
Back
Top