Hello, last night i tried to install mod_security on a debian squeeze server, at first i thought that it would be an easy task but i was wrong, it turned out quite tricky to get it running the main reason was that debian has version 2.5.12-1 at its repository which it is not support the latest Core Rule Set so if you too are seeing this error:
Syntax error on line 91 of /etc/apache2/modsecurity_crs/activated_rules/modsecurity_crs_20_protocol_violations.conf: Error creating rule: Unknown variable: REQBODY_ERROR Action 'configtest' failed. The Apache error log may have more information. failed!
You are lucky,there is a bugfix, go to the mentioned line of apache’s error and change
solution was given here https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2011-May/000779.html
if you are not feeling well with this for whatever reason, you can always use the outdated CRS that it comes with the package from the debian repository and it is located at /usr/share/doc/mod-security-common/examples/rules
root@debian ~ # ls -la /usr/share/doc/mod-security-common/examples/rules total 92K drwxr-xr-x 5 root root 4.0K Jul 11 23:27 . drwxr-xr-x 3 root root 4.0K Jul 11 23:27 .. drwxr-xr-x 2 root root 4.0K Jul 11 23:27 base_rules -rw-r--r-- 1 root root 22K Feb 5 2010 CHANGELOG -rw-r--r-- 1 root root 18K Jul 31 2009 LICENSE -rw-r--r-- 1 root root 6.6K Feb 5 2010 modsecurity_crs_10_config.conf drwxr-xr-x 2 root root 4.0K Jul 11 23:27 optional_rules -rw-r--r-- 1 root root 17K Feb 5 2010 README drwxr-xr-x 2 root root 4.0K Jul 11 23:27 util
Hope this helps somebody to avoid much time going from site to site