Hi Phan,
On Fri, Jan 07, 2022 at 12:08:22AM -0800, Phan Thanh Bình wrote:
> Hi all, how can I check the installed version of modsecurity in linux?
there are many ways to do that.
You can check that through your package manager (if you installed
it from any repository), eg:
$ dpkg -l "libapache2-mod-security2"
...
||/ Name Version Architecture Description
+++-========================-============-============-============================================
ii libapache2-mod-security2 2.9.3-1 amd64 Tighten web applications security for Apache
Or you can access this information throug the logs. mod_security2 make a log entry (in case of
right settints :)) at every startup:
[Fri Jan 07 09:00:52.976833 2022] [:notice] [pid 39793:tid 140063602048064] ModSecurity for Apache/2.9.3 (
http://www.modsecurity.org/) configured.
[Fri Jan 07 09:00:52.976943 2022] [:notice] [pid 39793:tid 140063602048064] ModSecurity: APR compiled version="1.6.5"; loaded version="1.6.5"
[Fri Jan 07 09:00:52.976959 2022] [:notice] [pid 39793:tid 140063602048064] ModSecurity: PCRE compiled version="8.39 "; loaded version="8.39 2016-06-14"
[Fri Jan 07 09:00:52.976971 2022] [:notice] [pid 39793:tid 140063602048064] ModSecurity: LUA compiled version="Lua 5.1"
[Fri Jan 07 09:00:52.976982 2022] [:notice] [pid 39793:tid 140063602048064] ModSecurity: YAJL compiled version="2.1.0"
[Fri Jan 07 09:00:52.976994 2022] [:notice] [pid 39793:tid 140063602048064] ModSecurity: LIBXML compiled version="2.9.4"
[Fri Jan 07 09:00:52.977005 2022] [:notice] [pid 39793:tid 140063602048064] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
Note, that as you can see, you get many more detailed information
about the engine.
Unfortunately, libmodsecurity3 + Nginx does not have this feature
set, you will see only the connector version in the log.
And of course, as Christian wrote, you can get the information
with help of "strings" command:
$ strings /usr/lib/x86_64-linux-gnu/libmodsecurity.so | grep "ModSecurity v3"
ModSecurity v3.0.6 (
$ strings /usr/lib/apache2/modules/mod_security2.so | grep Apache/2.9
ModSecurity for Apache/2.9.3 (
http://www.modsecurity.org/)
Regards,
a.