Removed Wrap and Masquerade menu entries. | ||
---|---|---|
mario authored 0 days ago last checkin c563db986 ⎘ | ||
π data | Add data/ dir, and common_false_positives.log (for CRS 2.2 however, nβΉβΊ | 100 days ago |
π install | Add basic plugin_load(), generilize `add_menu()` into `init()`βΉβΊ | 60 days ago |
π scripts | Add basic plugin_load(), generilize `add_menu()` into `init()`βΉβΊ | 60 days ago |
π __init__.py | Remove remaining emoji Unicode occurences (info, modify, vhosts)βΉβΊ | 0 days ago |
π __main__.py | Initial prototype (conf parser, log reader, mainwindow somewhat functβΉβΊ | 104 days ago |
π advise.py | hacky support for [menu]β[event] markupβΉβΊ | 84 days ago |
π crsoptions.py | Enable fn_preconf() usage only in recipe and crsoptions for now (shouβΉβΊ | 79 days ago |
π editor.py | Use SPDX id in license:βΉβΊ | 87 days ago |
π icons.py | Use crs icon.βΉβΊ | 98 days ago |
π logs.py | change print() to log()βΉβΊ | 64 days ago |
π mainwindow.py | Removed Wrap and Masquerade menu entries.βΉβΊ | 0 days ago |
π modify.py | Remove remaining emoji Unicode occurences (info, modify, vhosts)βΉβΊ | 0 days ago |
π recipe.py | add some tags: to sample rulesβΉβΊ | 60 days ago |
π ruleinfo.py | Remove remaining emoji Unicode occurences (info, modify, vhosts)βΉβΊ | 0 days ago |
π secoptions.py | Use SPDX id in license:βΉβΊ | 87 days ago |
π utils.py | Add basic plugin_load(), generilize `add_menu()` into `init()`βΉβΊ | 60 days ago |
π vhosts.py | Remove remaining emoji Unicode occurences (info, modify, vhosts)βΉβΊ | 0 days ago |
π writer.py | Use prefix/whitespace prepending for whole block (some macros just goβΉβΊ | 71 days ago |
modseccfg
mod_security config GUI
- GUI to define SecRuleRemoveById settings on a vhost-basis
- Tries to suggest false positives from error and audit logs
- And configure mod_security and CoreRuleSet variables.
- Runs locally, via
ssh -X
forwarding, or permodseccfg ssh:/
remoting.
WARNING: THIS IS ALPHA STAGE QUALITY AND WILL MOST CERTAINLY DELETE YOUR APACHE CONFIGURATION - It doesn't, but: no warranty and such. - Also, hasn't many features yet.
Installation
You can install this package locally or on a server:
pip3 install -U modseccfg
And your distro must provide a full Python installaton and mod_security:
sudo apt install python3-tk ttf-unifont libapache2-mod-security2
Start options
To run the GUI locally / on test setups:
modseccfg
Or to connect to a remote server:
modseccfg root@vps5:/
Takes a bit longer on startup, but is heaps better than X11 forwarding.
Usage
You obviously should have Apache + mod_security + CRS set up and running already (in DetectionOnly mode initially), to allow for log inspection and adapting rules.
- Start modseccfg (
python3 -m modseccfg
) - Select a configuration/vhost file to inspect + work on.
- Pick the according error.log
- Inspect the rules with a high error count.
- [Disable] offending rules
- Don't just go by the error count however!
- Make sure you don't disable essential or heuristic rules.
- Compare error with access log details.
- Else craft an exception rule ([Modify] or βRecipes).
- Thenceforth restart Apache (after testing changes:
apache2ctl -t
).
See also:
- usage
- remoting
- preconf setup and recipes
- log scripts/
- or the "FAQ"
Notes
- Preferrably do not edit default
/etc/apache*
files - Work on separated
/srv/web/conf.d/*
configuration, if available - And keep vhost settings in e.g.
vhost.*.dir
files, rather than multiple<VirtualHost>
in one*.conf
(else only the first section will be augmented). - Use the editor (F4) to verify more complex settings.
Missing features
- Rule [modify] is still unimplemented.
- Recipes are not worth using yet.
- No sudo usage.
Attachments:
- overview.gif added by mario on 2020-12-09 22:39:53. [details]