I don't have an Ubuntu machine to test, but if you have the folder /etc/apache2/mod-security/
I guess you can create the file in there.
If the folder doesn't exist, you could try running:
find / -name "modsecurity_crs*"
and check where the crs rules are stored (and create the file within this folder if it doesn't exist)