D 2020-11-13T15:04:59.549
L modseccfg
N text/x-markdown
P 48ac27547103d732bab8e6ca138b875935849f6c7a925caca997db3a318837d2
U mario
W 1866
> ***WARNING: THIS IS ALPHA STAGE QUALITY AND WILL MOST CERTAINLY DELETE YOUR APACHE CONFIGURATION***
> (It doesn't, but: no waranty and such.)
## modseccfg
* Simple GUI editor for SecRuleDisableById settings
* Tries to suggest false positives from error and audit logs
* And a few options to configure mod_security and CRS variables.
* Obviously requires `ssh -X` forwarding, or preparing config
rules on a local test setup, and `*.conf` files to be writable
by current user (running as root is not advised).
# Usage
You obviously should have Apache(2.x) + mod_security(2.9) + CRS(3.x) set up
and running already (in DetectionOnly mode initially), to allow for log
inspection and adapting rules.
1. start modseccfg (`python3 -m modseccfg`)
2. Select a configuration/vhost file to inspect + work on.
3. Pick the according error.log
4. Inspect the rules with a high error count.
5. [Disable] offending rules (if they're not essential to CRS, or would
likely poke holes into useful protections).
6. Thenceforth restart Apache after testing changes (`apache2ctl -t`).
<img src="/raw/59f5daf65f51e0642d0925d43aa6a6b262bb54aefd026cb342bcdecda01459c0?m=image/gif">
## Notes
* Preferrably do not edit default `/etc/apache*` files
* Work on separated `/srv/web/conf.d/*` configuration, if available
* And keep vhost settings in e.g. `vhost.*.dir` files, rather than
multiple `<VirtualHost>` in one `*.conf` (else only the first section
will be augmented).
## Missing features
* Doesn't process any audit.log yet.
* Can't classify wrapped (`<Location>` or other directives) rules yet.
* No rule information dialog.
* No SecOption editor yet.
* No CRS settings (setvar:crs…) editor yet.
* Recipes are not worth using yet.
* No sudo usage.
* No support for nginx or mod_sec v3.
Z 322d01a6591c7b7cd7464ec03b0cd5dc