|Man pages (in data_files=) are now handled by pluginconf.setup|
|mario authored 5 days ago last checkin d9a54476b ⎘|
|📂 dev||Add File→Install menu for *.deb packages or scripts.‹›||46 days ago|
|📂 html2mallard||Converted project wiki to yelp pages. (subproject: html2mallard)‹›||16 days ago|
|📂 logfmt1||Comment updates, fixed script wrappers, unify update-logfmt to python‹›||32 days ago|
|📂 manpage||Add manpages (seemingly setup(data_files=…) knows where to place them‹›||19 days ago|
|📂 modseccfg||Converted project wiki to yelp pages. (subproject: html2mallard)‹›||16 days ago|
|📂 test||publish data test (mostly vhost/secrule extraction)‹›||47 days ago|
|📄 FAQ.md||Type and description changes in crsoptions. Release as 0.3.0‹›||58 days ago|
|📄 LICENSE||Add FAQ and license‹›||63 days ago|
|📄 Makefile||Man pages (in data_files=) are now handled by pluginconf.setup‹›||5 days ago|
|📄 NEWS||Release as 0.7.0‹›||25 days ago|
|📄 README.md||Man pages (in data_files=) are now handled by pluginconf.setup‹›||5 days ago|
|📄 pytest.ini||disable regex warnings‹›||44 days ago|
|📄 requirements.txt||Add basic plugin_load(), generilize `add_menu()` into `init()`‹›||22 days ago|
|📄 setup.py||Man pages (in data_files=) are now handled by pluginconf.setup‹›||5 days ago|
|📄 tox.ini||publish data test (mostly vhost/secrule extraction)‹›||47 days ago|
mod_security config GUI
- GUI to define SecRuleRemoveById settings on a vhost-basis
- Tries to suggest false positives from error and audit logs
- And configure mod_security and CoreRuleSet variables.
- Runs locally, via
ssh -Xforwarding, or per
WARNING: THIS IS ALPHA STAGE QUALITY AND WILL MOST CERTAINLY DELETE YOUR APACHE CONFIGURATION - It doesn't, but: no warranty and such. - Also, hasn't many features yet.
You can install this package locally or on a server:
pip3 install -U modseccfg
And your distro must provide a full Python installaton and mod_security:
sudo apt install python3-tk ttf-unifont libapache2-mod-security2
To run the GUI locally / on test setups:
Or to connect to a remote server:
Takes a bit longer on startup, but is heaps better than X11 forwarding.
You obviously should have Apache + mod_security + CRS set up and running already (in DetectionOnly mode initially), to allow for log inspection and adapting rules.
- Start modseccfg (
python3 -m modseccfg)
- Select a configuration/vhost file to inspect + work on.
- Pick the according error.log
- Inspect the rules with a high error count.
- [Disable] offending rules
- Don't just go by the error count however!
- Make sure you don't disable essential or heuristic rules.
- Compare error with access log details.
- Else craft an exception rule ([Modify] or →Recipes).
- Thenceforth restart Apache (after testing changes:
- Preferrably do not edit default
- Work on separated
/srv/web/conf.d/*configuration, if available
- And keep vhost settings in e.g.
vhost.*.dirfiles, rather than multiple
*.conf(else only the first section will be augmented).
- Use the editor (F4) to verify more complex settings.
- Rule [modify] is still unimplemented.
- Recipes are not worth using yet.
- No sudo usage.
- overview.gif added by mario on 2020-12-09 22:39:53. [details]