Facing issues while hardening the security of my Ubuntu droplet

April 23, 2016 1.2k views
Apache Security Ubuntu

Hey,

I'm a newbie here and facing a couple issue with my droplet. Wanted to harden the security of my Ubuntu droplet but facing some issues. Googled a lot but can't see any solution of these problems. Any suggestion on how to fix these?

1.) How can I update OWASP modsecurity core rule set? Right now I am using 2.2.4 and the latest version is 2.2.9 (https://github.com/SpiderLabs/owasp-modsecurity-crs)

2) I have installed mod_security. When I add the new symlinks to apache '/etc/apache2/mods-available/security2.conf" I get the following error:

Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.

When I comment the line line --> Include "/etc/modsecurity/activated_rules/*.conf"
Apache starts working again.

3) In /etc/sysctl.conf when I add these rules

Disable source packet routing

net.ipv4.conf.all.acceptsourceroute = 0
net.ipv6.conf.all.acceptsourceroute = 0

Log Martians

net.ipv4.icmpignoreboguserrorrespons­es = 1

and reloaded the new rules by "sudo service procps start"

I get the following error after running "sysctl -p"

sysctl: cannot stat /proc/sys/net/ipv4/conf/default/acceptsourcerout­e: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv6/conf/default/acceptsourcerout­e: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/icmpignoreboguserrorrespons­es: No such file or directory

1 Answer

Hi,

I faced the same isseu with /proc/sys/net/ipv4/conf/default/acceptsourcerout­e and /proc/sys/net/ipv6/conf/default/acceptsourcerout­e.

Did you found a solution for it yet?

Regards...

  • Nope but checked the files are there.

    • I got it! :-D

      Very simple. You did copy from Odd Random thoughts Hardening guide?

      edit both files again and delete these lines complete and add them manuelly again. Take the one line above and under as well!

      There is some kind of hidden character if you cut n paste from the webside.

      regards,

Have another answer? Share your knowledge.