• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Mod_Security and Mod_Unique_id Install

I

InsertCoin

Basic Pleskian
Plesk: 9.5.2
OS: Ubuntu Hardy 8.04

I have been crawling around the internet looking for a way to install mod_security, however I have been unable to come up with a guide on how to do this. Most refer to installing it with "apt-get install libapache2-mod-security" and the documentation over at modsecurity.org advises that mod_unique_id needs to be enabled.

I found it on the server in /usr/lib/apache2/modules/mod_unique_id.so and tried to enable it to no avail (assume it needs to be compiled in).

Anyone know how I can get mod_security running?
 
Doesnt help really, as thats for centos/RH installs.

Ubuntu 8.04 doesn't have mod-security available.

Very strange that Plesk are not taking a more pro-active approach to allow people to be able to secure their server.
 
What about

apt-cache search mod_security

?

As I remember it may be libapache2-mod-security on Ubuntu.
 
Yep, that was my first attempt:

root@:/# apt-cache search mod_security
root@:/#

Is all that happens.

My sources.list:

deb http://archive.ubuntu.com/ubuntu hardy main restricted universe
deb http://archive.ubuntu.com/ubuntu hardy-updates main restricted universe
deb http://archive.ubuntu.com/ubuntu hardy-security main restricted universe

## This is temporary appended by Autoinstaller for
## specify source of product's packages for APT.
deb https://autoinstall.plesk.com/ubuntu/PSA_9.5.2 hardy all
 
Further information:

The reason for wanting to install is because if I create a file on my hosting (called bad.php) with the contents:

<? $secret_file = $_GET['secret_file'];
include ( $secret_file); ?>

And then call it with:

/bad.php?secret_file=/etc/passwd

It prints the contents of /etc/passwd to the browser, which is not very secure.
 
You must log in or register to reply here.

Similar threads

N
Question What does "set up mailing list server" do?
Replies
1
Views
793
nelteren
N
D
Question Cloudflare DNS Extension - Clarification on a few things
Replies
3
Views
2K
Kaspar
K
N
Issue apt update can't update anymore
Replies
1
Views
2K
LTUser
LTUser
NateWon
Question Composer and default PHP version
Replies
1
Views
2K
Kaspar
K
J
Question clobbered PHP-CLI after apt upgrade
Replies
9
Views
7K
James Heinrich
J
Back
Top