Accidentally deleted /etc/modsecurity

September 7, 2016 1.5k views
Security Ubuntu


I had lots of issues with mod_security blocking my sites on Ubuntu 14.04, so I uninstalled it by running:

apt-get remove libapache2-mod-security2

But, this still left the /etc/modsecurity/ folder intact, so I manually removed it by running rm -rf /etc/modsecurity

I reinstalled modsecurity again and enabled it, but can't proceed further with the configuration because, at /etc/modsecurity/, I can't find the two files modsecurity.conf-recommended and unicode.mapping. All I get when I change to the directory /etc/modsecurity/ and do an ls -la is this:

root@host01:/etc/modsecurity# ls
root@host01:/etc/modsecurity# ls -la
total 8
drwxr-xr-x 2 root root 4096 Sep 7 02:02 .
drwxr-xr-x 95 root root 4096 Sep 6 16:57 ..

The file modsecurity.conf-recommended at this path has to be renamed to modsecurity.conf for mod_security to work, but it's just not there.

I think it was a mistake to manually delete the /etc/modsecurity folder and would greatly appreciate any pointers to fix this issue.

1 Answer

I may have a solution for you. When you use apt-get remove apt will uninstall the program specified but retain all configuration and associated files it generated. On a re-install it attempts to continue to use these. To completely remove a program and all it's configuration you can use apt-get purge instead. To start over fresh with mod_security I would recommend (from the current state where you have it installed but not working properly) doing this:

apt-get purge libapache2-mod-security2
apt-get install libapache2-mod-security2

This should force a complete removal and re-installation and should re-create the files in /etc/modsecurity if they were created by that package's installation.

  • That worked like a charm, thank you very much!

    I now remember having used apt-get purge when I had to remove an older version of rsync on one of my droplets and compile the new one from source by following a tutorial somewhere , but it just didn't strike me that I could use the command to fix this problem.

    I hope this excellent tip will get indexed in search engines to help others in the future who may get stuck with similar issues.

Have another answer? Share your knowledge.