Accidentally deleted /etc/modsecurity

September 7, 2016 988 views
Security Ubuntu
cloudnine
By:
cloudnine

Hi,

I had lots of issues with mod_security blocking my sites on Ubuntu 14.04, so I uninstalled it by running:

apt-get remove libapache2-mod-security2

But, this still left the /etc/modsecurity/ folder intact, so I manually removed it by running rm -rf /etc/modsecurity

I reinstalled modsecurity again and enabled it, but can't proceed further with the configuration because, at /etc/modsecurity/, I can't find the two files modsecurity.conf-recommended and unicode.mapping. All I get when I change to the directory /etc/modsecurity/ and do an ls -la is this:

root@host01:/etc/modsecurity# ls
root@host01:/etc/modsecurity# ls -la
total 8
drwxr-xr-x 2 root root 4096 Sep 7 02:02 .
drwxr-xr-x 95 root root 4096 Sep 6 16:57 ..
root@host01:/etc/modsecurity#

The file modsecurity.conf-recommended at this path has to be renamed to modsecurity.conf for mod_security to work, but it's just not there.

I think it was a mistake to manually delete the /etc/modsecurity folder and would greatly appreciate any pointers to fix this issue.

Log In to Comment
1 Answer
ryanpq MOD September 7, 2016

I may have a solution for you. When you use apt-get remove apt will uninstall the program specified but retain all configuration and associated files it generated. On a re-install it attempts to continue to use these. To completely remove a program and all it's configuration you can use apt-get purge instead. To start over fresh with mod_security I would recommend (from the current state where you have it installed but not working properly) doing this:

apt-get purge libapache2-mod-security2
apt-get install libapache2-mod-security2

This should force a complete removal and re-installation and should re-create the files in /etc/modsecurity if they were created by that package's installation.

Reply
  • cloudnine September 7, 2016

    That worked like a charm, thank you very much!

    I now remember having used apt-get purge when I had to remove an older version of rsync on one of my droplets and compile the new one from source by following a tutorial somewhere , but it just didn't strike me that I could use the command to fix this problem.

    I hope this excellent tip will get indexed in search engines to help others in the future who may get stuck with similar issues.

Have another answer? Share your knowledge.

Related Questions