GUI editor to tame mod_security rules

⌈⌋ ⎇ branch:  modseccfg


Artifact [8efc0cc278]

Artifact 8efc0cc2784bbaabc4d5e2bb52418049225986a080b18a429f12079fb567d5ba:

  • File FAQ.md — part of check-in [8107fab63c] at 2021-03-05 16:18:57 on branch trunk — Note about emoji bug (albeit already removed all instances) (user: mario size: 4643)

FAQ

Not really a FAQ, just some preemptive notes and a few common errors.

Errors

Doesn't work

That's not a useful error message.
(Someone here is slightly annoyed from Stackoverflow questions these days.)

Something doesn't work

Many features are unimplemented as of yet.

App crashes

It will do that if you use most functions but haven't:

  • selected a vhost file
  • or an existing log file
  • and if remote files (sshfs-mounted server) aren't really writable (no working check yet)

Doesn't start

Look at the terminal output.

Python import error for _tkinter

As mentioned in the README setup instructions, you do need python3-tk installed (or whatever it's called in your distro).

Noto color emoji / X Error of failed request: BadLength

That's a bug in libxft/tkinter in recent distros. Either uninstall all color emoji fonts, or upgrade tcl+tkinter(...) to 8.6.11. But since that will take some time to make its rounds, any colored glyphs have been removed in modseccfg 0.8 anyway. (Was largely decoration for menus and buttons anyhow.)

Syntax error for f"…" strings

Requires py >=3.6

Main window freezes

It'll do that whilst reading logs, or any other window pops up (editor, info, etc.)

App hangs after main window closed

The multi-window interface may get stuck in a dead loop, if the mainwindow got closed before any aux windows.

How to file a bug report?

Use /tktnew and include the full console output, expected behaviour, and necessary log and conf excerpts, file names and mount point if any. Else it will be closed on sight.

Features

Does this really delete config files?

No. Per default it will even create heaps of backup files in ~/backup-config/.

Does the remote binding option need :/ ?

It does suffice to say modseccfg srv5:.
The slash is just for decoration, the colon makes it a servername argument.

Why don't all rules have tags?

The CoreRuleSet omits them for most rules.
(Something like tag:app-wordpress etc. would be sensible. Hint, hint.)

Where's the config file?

In ~/.config/modseccfg/settings.json

Are there sshfs options to be set?

Secret config option is sshfs_o.

Other secret options

editor_font can't be edited from the config window, due to being a list. The config definition allows to add a third font property ["…", "…", "bold"] however.

Can this use other log scanners?

If there's a command line tool to scan audit logs for problems, then yes, an option could be added. (In fact, it's planned to bundle a bin/ folder and according menu for Log analyzers.)

Why doesn't this provide for editing of VirtualHost sections?

That would be more work. And less intuitive for the majority, and those that have properly separated vhosts into distinct config files.

There's a few python packages for Apache config parsing that would allow so, but none that are overly convenient to build upon. (Not to mention support for non-destructive file updating.)

It always writes to the first VirtualHost in a file

Yes.

All SecRule* flags are appended, or injected before any first closing </VirtualHost>

Use a better structure:

  • vhost.domain.conf

     <VirtualHost *:80>
        Include vhost.domain.dir
     </VirtualHost>
     <VirtualHost *:443>
        Include vhost.domain.dir
        Include ssl.conf
     </VirtualHost>
    
  • vhost.domain.dir

      ServerName example.com
      DocumentRoot /www/domain/
      …
      SecRuleEngine On
    

Which coincidentally avoids some repetition.

Can this use python package xyz?

No idea.

Where's the nginx support?

Not planned. Code contributions are accepted however.

There are enough nginx config parsers out there. Adopting one of them should be simple. Basically just needs to reuse the vhosts structure, and pass any modsecurity_rules_file over to vhosts.vhosts()

Will this work with mod_security v3 ?

Probably not. I'd imagine this to be a parsing nightmare for Apache as well. So if, it's probably just going to cover secrule_includes, and you'll have to have vhost.name.secrule files alongside.

Install packages as rpm?

Nobody asked for those yet. You can convert installable packages with alien --to-rpm modsec-flameeyes_2020.06.13_all.deb however. Use locate modseccfg/install to find the package directory.