| patch for PluginMeta() wrapper required in last pluginconf.gui.window() | ||
|---|---|---|
| mario authored 553 days ago last checkin 4f8b060ed ⎘ | ||
| 📂 dev | Add File→Install menu for *.deb packages or scripts.‹› | 1611 days ago |
| 📂 html2mallard | Converted project wiki to yelp pages. (subproject: html2mallard)‹› | 1580 days ago |
| 📂 logfmt1 | Comment updates, fixed script wrappers, unify update-logfmt to python‹› | 1597 days ago |
| 📂 manpage | Remove remaining emoji Unicode occurences (info, modify, vhosts)‹› | 1526 days ago |
| 📂 modseccfg | comment fixes‹› | 922 days ago |
| 📂 test | publish data test (mostly vhost/secrule extraction)‹› | 1611 days ago |
| 📄 FAQ.md | Note about emoji bug (albeit already removed all instances)‹› | 1518 days ago |
| 📄 LICENSE | Add FAQ and license‹› | 1628 days ago |
| 📄 Makefile | comment fixes‹› | 922 days ago |
| 📄 NEWS | Release as 0.7.0‹› | 1589 days ago |
| 📄 README.md | comment fixes‹› | 922 days ago |
| 📄 pytest.ini | disable regex warnings‹› | 1608 days ago |
| 📄 requirements.txt | Add basic plugin_load(), generilize `add_menu()` into `init()`‹› | 1586 days ago |
| 📄 setup.py | add msc_pyparser option dependency `pip install modseccfg[all]`‹› | 922 days ago |
| 📄 tox.ini | publish data test (mostly vhost/secrule extraction)‹› | 1611 days ago |
modseccfg
mod_security config GUI
- GUI to define SecRuleRemoveById settings on a vhost-basis
- Tries to suggest false positives from error and audit logs
- And configure mod_security and CoreRuleSet variables.
- Runs locally, via
ssh -Xforwarding, or permodseccfg ssh:/remoting.
WARNING: THIS IS ALPHA STAGE QUALITY AND WILL MOST CERTAINLY DELETE YOUR APACHE CONFIGURATION - It doesn't, but: no warranty and such. - Also, hasn't many features yet.
Installation
You can install this package locally or on a server:
pip3 install -U modseccfgAnd your distro must provide a full Python installaton and mod_security:
sudo apt install python3-tk ttf-unifont libapache2-mod-security2
Start options
To run the GUI locally / on test setups:
modseccfgOr to connect to a remote server:
modseccfg root@vps5:/
Takes a bit longer on startup, but is heaps better than X11 forwarding.
Usage
You obviously should have Apache + mod_security + CRS set up and running already (in DetectionOnly mode initially), to allow for log inspection and adapting rules.
- Start modseccfg (
python3 -m modseccfg) - Select a configuration/vhost file to inspect + work on.
- Pick the according error.log
- Inspect the rules with a high error count.
- [Disable] offending rules
- Don't just go by the error count however!
- Make sure you don't disable essential or heuristic rules.
- Compare error with access log details.
- Else craft an exception rule ([Modify] or →Recipes).
- Thenceforth restart Apache (after testing changes:
apache2ctl -t).
See also:
- usage
- remoting
- preconf setup and recipes
- log scripts/
- or the "FAQ"
Notes
- Preferrably do not edit default
/etc/apache*files - Work on separated
/srv/web/conf.d/*configuration, if available - And keep vhost settings in e.g.
vhost.*.dirfiles, rather than multiple<VirtualHost>in one*.conf(else only the first section will be augmented). - Use the editor (F4) to verify more complex settings.
Missing features
- Rule [modify] is still unimplemented.
- Recipes are not worth using yet.
- No sudo usage.
Attachments:
- overview.gif [download] added by mario on 2020-12-09 22:39:53. [details]
