How-Tos – Page 2

NGINX + ModSecurity v3 + OWASP CRS on Ubuntu 24.04 LTS – Step by Step – Part 2

Part 2 – Installing the OWASP Core Rule Set (CRS)

After successfully installing ModSecurity v3 in Part 1, this guide will now show you how to install and activate the OWASP Core Rule Set to enable protection rules for ModSecurity.

Download and Activate the OWASP CRS

The following commands will let you download and activate the rule set. Change to the modsec directory, clone the Git repository, and create the crs-setup.conf file:

Bash

cd /etc/nginx/modsec
sudo git clone https://github.com/coreruleset/coreruleset.git
cd coreruleset
sudo cp crs-setup.conf.example crs-setup.conf

(more…)

13. June 2025

NGINX + ModSecurity v3 + OWASP CRS on Ubuntu 24.04 LTS – Step by Step – Part 1

Part 1 – Compiling and Installing the Modules and Enabling ModSecurity v3

This guide shows the complete installation of ModSecurity v3 with NGINX and the OWASP Core Rule Set (CRS) on an Ubuntu server – including correct module paths, symlink conventions, and example tests.

In Part 1 you install the necessary modules and enable ModSecurity v3.
In Part 2 we add the OWASP Core Rule Set (CRS).
In Part 3 we cover the required exceptions for the OWASP Core Rule Set to run a WordPress website.

1. Install Dependencies

Bash

sudo apt update
sudo apt install -y git g++ build-essential autoconf automake libtool \
  libpcre3 libpcre3-dev libpcre2-dev libxml2 libxml2-dev libyajl-dev \
  pkg-config zlib1g zlib1g-dev libcurl4-openssl-dev \
  liblua5.3-dev libgeoip-dev doxygen

(more…)

13. June 2025

Full Linux System Backups with the dd_image.sh Script – Compressed, Remote, Automated

Repository: https://github.com/andreas-schwab-swx/dd_image

If you’re looking for a simple yet powerful solution for full disk image backups on Linux, the dd_image script offers a versatile tool: it creates complete disk images, compresses them on-the-fly, and transfers them automatically via SSHFS to a remote server – with logging, retention logic, and optional notifications.

Features at a Glance

Full disk backups using dd
On-the-fly compression with xz
Remote storage via sshfs
Automatic cleanup of old backups
Progress monitoring and detailed logging
Prevents concurrent runs using a lock file
Optional email notifications on success or failure
Optional zero-fill for better compression

(more…)

8. June 2025

Configuring the Tailscale Exit Node in the Admin Console

Step 7 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

IIn the final step of the series, the Tailscale exit node is declared within the Tailnet. After this, you’re ready to use Tailscale.

You can view all Tailscale machines in the overview: https://login.tailscale.com/admin/machines.

(more…)

30. May 2025

Configuring Tailscale as an Exit Node in Detail

Step 6 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

In this part of the series, each step of the setup script from the previous article is explained in detail.

If you’re not interested in the technical background, you can skip this part.

(more…)

30. May 2025

Configuring Tailscale as an Exit Node using a Script

Step 5 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

In this part of the series, I’ll show you a script that prepares the Ubuntu Server network settings for Tailscale.

(more…)

30. May 2025

Installing Tailscale on Ubuntu Server

Step 4 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

In this part of the series, you’ll learn how to install Tailscale on an Ubuntu Server.

Go to https://login.tailscale.com/start to sign in to Tailscale.

(more…)

30. May 2025

Configuring the firewall and establishing an SSH connection to Ubuntu Server

Step 3 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

In this part of the series, you’ll configure the server’s firewall.

After completing the installation and updating all packages, you’ll configure the firewall using ufw.

(more…)

30. May 2025

Installing Ubuntu Server

Step 2 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

In this part of the series, you’ll learn how to install Ubuntu Server step by step.

Preparing the Ubuntu Server installation

With the login credentials you received, log into the netcup Server Control Panel.

Select your server, then click on Settings on the left. Here you can set the keyboard layout and adjust the UEFI settings. I selected “de” for the keyboard and enabled UEFI boot. You can leave the other settings as they are.

(more…)

30. May 2025

Ordering the server

Step 1 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

First, you need to order a server. I’m using netcup as a provider, but you can choose a different one as long as it offers similar features.

To use a server as a Tailscale exit node, you don’t need much computing power or memory. In general, the smallest vServer from netcup with 2 GB RAM and 2 vCores should be sufficient.

(more…)

29. May 2025

Category: How-Tos

Part 2 – Installing the OWASP Core Rule Set (CRS)

Download and Activate the OWASP CRS

Part 1 – Compiling and Installing the Modules and Enabling ModSecurity v3

1. Install Dependencies

Features at a Glance

Step 7 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

Step 6 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

Step 5 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

Step 4 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

Step 3 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

Step 2 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

Preparing the Ubuntu Server installation

Step 1 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi