Check-in [fd5f570868]
Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Update README with GIF, use .rst for pkg README. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
fd5f570868f85bd42b34180c6d808419 |
User & Date: | mario 2020-11-13 15:20:26 |
Context
2020-11-14
| ||
10:15 | Introduce remote() `srvroot` file I/O wrapper, to fusemount ssh:/ root to work on. Mode can be activated with cmdline param: `modseccfg srv5:` check-in: 0b3b4b79d9 user: mario tags: trunk | |
2020-11-13
| ||
15:20 | Update README with GIF, use .rst for pkg README. check-in: fd5f570868 user: mario tags: trunk | |
14:50 | Initial prototype (conf parser, log reader, mainwindow somewhat functional) check-in: 5f35cb034d user: mario tags: trunk, 0.0.9 | |
Changes
Changes to Makefile.
1 2 3 4 5 6 7 8 9 | run: ./g.py setup: version --read modseccfg/__init__.py --incr --write python3 setup.py bdist_wheel rm -r modseccfg.egg-info upload: | > | | 1 2 3 4 5 6 7 8 9 10 11 | run: ./g.py setup: version --read modseccfg/__init__.py --incr --write python3 setup.py bdist_wheel rm -r modseccfg.egg-info upload: pandoc README.md -o README.rst python3 setup.py bdist_wheel upload |
Changes to README.md.
1 2 3 4 5 6 7 | > *WARNING: THIS IS ALPHA STAGE QUALITY AND WILL MOST CERTAINLY DELETE YOUR APACHE CONFIGURATION* > (It doesn't, but: no waranty and such.) ## modseccfg * Simple GUI editor for SecRuleDisableById settings * Tries to suggest false positives from error and audit logs | | | > > | | > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | > *WARNING: THIS IS ALPHA STAGE QUALITY AND WILL MOST CERTAINLY DELETE YOUR APACHE CONFIGURATION* > (It doesn't, but: no waranty and such.) ## modseccfg * Simple GUI editor for SecRuleDisableById settings * Tries to suggest false positives from error and audit logs * (And a few options to configure mod_security and CRS variables.) * Obviously requires `ssh -X` forwarding, or preparing config rules on a local test setup, and `*.conf` files to be writable by current user (running as root is not advised). ## Usage ![](https://fossil.include-once.org/modseccfg/raw/59f5daf65f51?m=image/gif) You obviously should have Apache(2.x) + mod_security(2.9) + CRS(3.x) set up and running already (in DetectionOnly mode initially), to allow for log inspection and adapting rules. 1. start modseccfg (`python3 -m modseccfg`) 2. Select a configuration/vhost file to inspect + work on. 3. Pick the according error.log 4. Inspect the rules with a high error count. 5. [Disable] offending rules (if they're not essential to CRS, or would likely poke holes into useful protections). 6. Thenceforth restart Apache after testing changes (`apache2ctl -t`). ### Notes * Preferrably do not edit default `/etc/apache*` files * Work on separated `/srv/web/conf.d/*` configuration, if available * And keep vhost settings in e.g. `vhost.*.dir` files, rather than multiple `<VirtualHost>` in one `*.conf` (else only the first section will be augmented). ### Missing features * Doesn't process any audit.log yet. * Can't classify wrapped (`<Location>` or other directives) rules yet. * No rule information dialog. * No SecOption editor yet. * No CRS settings (setvar:crs…) editor yet. * Recipes are not worth using yet. * No sudo usage. * No support for nginx or mod_sec v3. * No support for Windows setups. (Would work, but no interest in user support.) |
Changes to setup.py.
︙ | ︙ | |||
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | # from pluginconf.setup import setup setup( fn="modseccfg/__init__.py", name="modseccfg", package_dir={"": "."}, package_data={}, data_files=[], entry_points={ "console_scripts": [ "modseccfg=modseccfg.mainwindow:main", ] } ) | > | 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | # from pluginconf.setup import setup setup( fn="modseccfg/__init__.py", name="modseccfg", long_description="README.rst", package_dir={"": "."}, package_data={}, data_files=[], entry_points={ "console_scripts": [ "modseccfg=modseccfg.mainwindow:main", ] } ) |