D 2020-11-13T14:52:05.652
L modseccfg
N text/x-markdown
U mario
W 1761
> *WARNING: THIS IS ALPHA STAGE QUALITY AND WILL MOST CERTAINLY DELETE YOUR APACHE CONFIGURATION*
> (It doesn't, but: no waranty and such.)
## modseccfg
* Simple GUI editor for SecRuleDisableById settings
* Tries to suggest false positives from error and audit logs
* And a few options to configure mod_security and CRS variables.
* Obviously requires `ssh -X` forwarding, or preparing config
rules on a local test setup, and `*.conf` files to be writable
by current user (running as root is not advised).
# Usage
You obviously should have Apache(2.x) + mod_security(2.9) + CRS(3.x) set up
and running already (in DetectionOnly mode initially), to allow for log
inspection and adapting rules.
1. start modseccfg (`python3 -m modseccfg`)
2. Select a configuration/vhost file to inspect + work on.
3. Pick the according error.log
4. Inspect the rules with a high error count.
5. [Disable] offending rules (if they're not essential to CRS, or would
likely poke holes into useful protections).
6. Thenceforth restart Apache after testing changes (`apache2ctl -t`).
## Notes
* Preferrably do not edit default `/etc/apache*` files
* Work on separated `/srv/web/conf.d/*` configuration, if available
* And keep vhost settings in e.g. `vhost.*.dir` files, rather than
multiple `<VirtualHost>` in one `*.conf` (else only the first section
will be augmented).
## Missing features
* Doesn't process any audit.log yet.
* Can't classify wrapped (`<Location>` or other directives) rules yet.
* No rule information dialog.
* No SecOption editor yet.
* No CRS settings (setvar:crs…) editor yet.
* Recipes are not worth using yet.
* No sudo usage.
* No support for nginx or mod_sec v3.
Z 3b0ddccd14c4ec5d46f32c6d0608947e