GUI editor to tame mod_security rules

โŒˆโŒ‹ โŽ‡ branch:  modseccfg

patch for PluginMeta() wrapper required in last pluginconf.gui.window()
mario authored 391 days ago last checkin 4f8b060ed
๐Ÿ“‚ dev Add Fileโ†’Install menu for *.deb packages or scripts.โ€นโ€บ 1450 days ago
๐Ÿ“‚ html2mallard Converted project wiki to yelp pages. (subproject: html2mallard)โ€นโ€บ 1419 days ago
๐Ÿ“‚ logfmt1 Comment updates, fixed script wrappers, unify update-logfmt to pythonโ€นโ€บ 1435 days ago
๐Ÿ“‚ manpage Remove remaining emoji Unicode occurences (info, modify, vhosts)โ€นโ€บ 1365 days ago
๐Ÿ“‚ modseccfg comment fixesโ€นโ€บ 761 days ago
๐Ÿ“‚ test publish data test (mostly vhost/secrule extraction)โ€นโ€บ 1450 days ago
๐Ÿ“„ FAQ.md Note about emoji bug (albeit already removed all instances)โ€นโ€บ 1356 days ago
๐Ÿ“„ LICENSE Add FAQ and licenseโ€นโ€บ 1466 days ago
๐Ÿ“„ Makefile comment fixesโ€นโ€บ 761 days ago
๐Ÿ“„ NEWS Release as 0.7.0โ€นโ€บ 1428 days ago
๐Ÿ“„ README.md comment fixesโ€นโ€บ 761 days ago
๐Ÿ“„ pytest.ini disable regex warningsโ€นโ€บ 1447 days ago
๐Ÿ“„ requirements.txt Add basic plugin_load(), generilize `add_menu()` into `init()`โ€นโ€บ 1425 days ago
๐Ÿ“„ setup.py add msc_pyparser option dependency `pip install modseccfg[all]`โ€นโ€บ 761 days ago
๐Ÿ“„ tox.ini publish data test (mostly vhost/secrule extraction)โ€นโ€บ 1450 days ago

modseccfg

mod_security config GUI

  • GUI to define SecRuleRemoveById settings on a vhost-basis
  • Tries to suggest false positives from error and audit logs
  • And configure mod_security and CoreRuleSet variables.
  • Runs locally, via ssh -X forwarding, or per modseccfg ssh:/ remoting.

WARNING: THIS IS ALPHA STAGE QUALITY AND WILL MOST CERTAINLY DELETE YOUR APACHE CONFIGURATION - It doesn't, but: no warranty and such. - Also, hasn't many features yet.

Installation

  • You can install this package locally or on a server:

    pip3 install -U modseccfg

  • And your distro must provide a full Python installaton and mod_security:

    sudo apt install python3-tk ttf-unifont libapache2-mod-security2

Start options

  • To run the GUI locally / on test setups:

    modseccfg

  • Or to connect to a remote server:

    modseccfg root@vps5:/

Takes a bit longer on startup, but is heaps better than X11 forwarding.

Usage

You obviously should have Apache + mod_security + CRS set up and running already (in DetectionOnly mode initially), to allow for log inspection and adapting rules.

  1. Start modseccfg (python3 -m modseccfg)
  2. Select a configuration/vhost file to inspect + work on.
  3. Pick the according error.log
  4. Inspect the rules with a high error count.
  5. [Disable] offending rules
    • Don't just go by the error count however!
    • Make sure you don't disable essential or heuristic rules.
    • Compare error with access log details.
    • Else craft an exception rule ([Modify] or โ†’Recipes).
  6. Thenceforth restart Apache (after testing changes: apache2ctl -t).

See also:

Notes

  • Preferrably do not edit default /etc/apache* files
  • Work on separated /srv/web/conf.d/* configuration, if available
  • And keep vhost settings in e.g. vhost.*.dir files, rather than multiple <VirtualHost> in one *.conf (else only the first section will be augmented).
  • Use the editor (F4) to verify more complex settings.

Missing features

  • Rule [modify] is still unimplemented.
  • Recipes are not worth using yet.
  • No sudo usage.

Attachments:

  • overview.gif [download] added by mario on 2020-12-09 22:39:53. [details]