GUI editor to tame mod_security rules

⌈⌋ branch:  modseccfg


Artifact [8efc0cc278]

Artifact 8efc0cc2784bbaabc4d5e2bb52418049225986a080b18a429f12079fb567d5ba:

  • File FAQ.md — part of check-in [8107fab63c] at 2021-03-05 16:18:57 on branch trunk — Note about emoji bug (albeit already removed all instances) (user: mario size: 4643)

# FAQ

Not really a FAQ, just some preemptive notes and a few common errors.


## Errors

### Doesn't work

That's not a useful error message.  
(Someone here is slightly annoyed from Stackoverflow questions these days.)

#### Something doesn't work

Many features are unimplemented as of yet.

#### App crashes

It will do that if you use most functions but haven't:

 * selected a vhost file
 * or an existing log file
 * and if remote files (sshfs-mounted server) aren't really writable (no working check yet)

#### Doesn't start

Look at the terminal output.

#### Python import error for _tkinter

As mentioned in the README setup instructions, you do need python3-tk
installed (or whatever it's called in your distro).

#### Noto color emoji / X Error of failed request:  BadLength

That's a [bug in libxft/tkinter](https://gitlab.freedesktop.org/xorg/lib/libxft/-/merge_requests/1)
in recent distros. Either uninstall all color emoji fonts, or upgrade
[tcl+tkinter(...) to 8.6.11](https://packages.debian.org/sid/tk). But since
that will take some time to make its rounds, any colored glyphs have been
removed in modseccfg 0.8 anyway. (Was largely decoration for menus and
buttons anyhow.)

#### Syntax error for f"…" strings

Requires py >=3.6

#### Main window freezes

It'll do that whilst reading logs, or any other window pops up (editor,
info, etc.)

#### App hangs after main window closed

The multi-window interface may get stuck in a dead loop, if the mainwindow
got closed before any aux windows.

#### How to file a bug report?

Use [/tktnew](https://fossil.include-once.org/modseccfg/tktnew) and include
the full console output, expected behaviour, and necessary log and conf
excerpts, file names and mount point if any. Else it will be closed on sight.


## Features

### Does this really delete config files?

No. Per default it will even create heaps of backup files in
`~/backup-config/`.

### Does the remote binding option need `:/` ?

It does suffice to say `modseccfg srv5:`.  
The slash is just for decoration, the colon makes it a servername argument.


### Why don't all rules have tags?

The CoreRuleSet omits them for most rules.  
(Something like `tag:app-wordpress` etc. would be sensible. Hint, hint.)


### Where's the config file?

In `~/.config/modseccfg/settings.json`


#### Are there sshfs options to be set?

Secret config option is `sshfs_o`.

#### Other secret options

`editor_font` can't be edited from the config window, due to being
a list. The config definition allows to add a third font
property `["…", "…", "bold"]` however.


### Can this use other log scanners?

If there's a command line tool to scan audit logs for problems,
then yes, an option could be added. (In fact, it's planned to
bundle a bin/ folder and according menu for Log analyzers.)


### Why doesn't this provide for editing of VirtualHost sections?

That would be more work. And less intuitive for the majority,
and those that have properly separated vhosts into distinct
config files.

There's a few python packages for Apache config parsing that would
allow so, but none that are overly convenient to build upon. (Not
to mention support for non-destructive file updating.)


#### It always writes to the first VirtualHost in a file

Yes.

All SecRule* flags are appended, or injected before any first
closing `</VirtualHost>`

Use a better structure:

  * **vhost.domain.conf**

         <VirtualHost *:80>
            Include vhost.domain.dir
         </VirtualHost>
         <VirtualHost *:443>
            Include vhost.domain.dir
            Include ssl.conf
         </VirtualHost>

  * **vhost.domain.dir**

          ServerName example.com
          DocumentRoot /www/domain/
          …
          SecRuleEngine On

Which coincidentally avoids some repetition.


### Can this use python package xyz?

No idea.


### Where's the nginx support?

Not planned. Code contributions are accepted however.

There are enough nginx config parsers out there.  Adopting one of them
should be simple.  Basically just needs to reuse the `vhosts` structure,
and pass any modsecurity_rules_file over to vhosts.vhosts()


### Will this work with mod_security v3 ?

Probably not. I'd imagine this to be a parsing nightmare for Apache
as well. So if, it's probably just going to cover secrule_includes,
and you'll have to have vhost.name.secrule files alongside.


### Install packages as rpm?

Nobody asked for those yet. You can convert installable packages with
[`alien --to-rpm modsec-flameeyes_2020.06.13_all.deb`](https://wiki.debian.org/Alien)
however. Use `locate modseccfg/install` to find the package directory.