• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Mod_Security and Mod_Unique_id Install

I

InsertCoin

Basic Pleskian
Plesk: 9.5.2
OS: Ubuntu Hardy 8.04

I have been crawling around the internet looking for a way to install mod_security, however I have been unable to come up with a guide on how to do this. Most refer to installing it with "apt-get install libapache2-mod-security" and the documentation over at modsecurity.org advises that mod_unique_id needs to be enabled.

I found it on the server in /usr/lib/apache2/modules/mod_unique_id.so and tried to enable it to no avail (assume it needs to be compiled in).

Anyone know how I can get mod_security running?
 
Doesnt help really, as thats for centos/RH installs.

Ubuntu 8.04 doesn't have mod-security available.

Very strange that Plesk are not taking a more pro-active approach to allow people to be able to secure their server.
 
What about

apt-cache search mod_security

?

As I remember it may be libapache2-mod-security on Ubuntu.
 
Yep, that was my first attempt:

root@:/# apt-cache search mod_security
root@:/#

Is all that happens.

My sources.list:

deb http://archive.ubuntu.com/ubuntu hardy main restricted universe
deb http://archive.ubuntu.com/ubuntu hardy-updates main restricted universe
deb http://archive.ubuntu.com/ubuntu hardy-security main restricted universe

## This is temporary appended by Autoinstaller for
## specify source of product's packages for APT.
deb http://autoinstall.plesk.com/ubuntu/PSA_9.5.2 hardy all
 
Further information:

The reason for wanting to install is because if I create a file on my hosting (called bad.php) with the contents:

<? $secret_file = $_GET['secret_file'];
include ( $secret_file); ?>

And then call it with:

/bad.php?secret_file=/etc/passwd

It prints the contents of /etc/passwd to the browser, which is not very secure.
 
You must log in or register to reply here.

Similar threads

D
Issue Installing Rocket Chat in Plesk with Docker using tutorial, need an answer.
2
Replies
30
Views
3K
Hangover2
Hangover2
andreios
Issue Dist-upgrade Ubuntu 22.04 to 24.04 has unmeet dependencies
Replies
3
Views
2K
learning_curve
learning_curve
D
Issue Installing Mattermost via Docker in Plesk - issues with containers
2
Replies
21
Views
11K
David Borrink
D
T
Resolved Grafana fails: Option '[alerting].enabled' cannot be true. Legacy Alerting is removed. It is no longer deployed, enhanced, or supported.
Replies
10
Views
2K
theunknownstuntman
T
michaeljoseph01
Question How to block non-mail traffic to certain ip?
Replies
1
Views
975
MarkM
MarkM
Back
Top