GUI editor to tame mod_security rules

⌈⌋ ⎇ branch:  modseccfg


Artifact [f6b837c90c]

Artifact f6b837c90c431daae5bce0a5e9d4f43cf053ccd6c6441fa3c441b2fe93773ab5:

  • File README.md — part of check-in [d9a54476b3] at 2021-01-12 22:51:06 on branch trunk — Man pages (in data_files=) are now handled by pluginconf.setup (user: mario size: 4330)

## mod_security config GUI

 * GUI to define SecRuleRemoveById settings on a vhost-basis
 * Tries to suggest false positives from error and audit logs
 * And configure mod_security and CoreRuleSet variables.
 * Runs locally, via `ssh -X` forwarding, or per `modseccfg ssh:/`
   remoting.

![](https://fossil.include-once.org/modseccfg/raw/59f5daf65f51?m=image/gif)


## Installation

 * You can install this package locally or on a server:

        pip3 install modseccfg

 * And your distro must provide a full Python installaton and mod_security:

        sudo apt install python3-tk ttf-unifont libapache2-mod-security2


## Start options

 * To run the GUI locally / on test setups:

        modseccfg

 * Or with sshfs [remoting](https://fossil.include-once.org/modseccfg/wiki/remoting)
   directly to the servers filesystem:

        modseccfg root@vps5:/

   A little slower on startup, but allows live log inspection. Requires
   preconfigured ssh hosts and automatic pubkey authorization. Beware
   of the implicit `~/mnt/` point, if connecting as root.

Alternatively there's also slow X11 forwarding (`ssh -X vps modseccfg`) or
[`xpra --start ssh:vps5 --start=modseccfg`](https://xpra.org/) to run it on
on the server.


## Usage

You obviously should have Apache + mod_security + CRS set up and
running already (in DetectionOnly mode initially), to allow for log
inspection and adapting rules.

 1. Start modseccfg (`python3 -m modseccfg`)
 2. Select a configuration/vhost file to inspect + work on.
 3. Pick the according error.log
 4. Inspect the rules with a high error count (→[info] button to see docs).
 5. [Disable] offending rules
     * **Don't just go by the error count however!**
     * Make sure you don't disable essential or heuristic rules.
     * Compare error with access log details.
     * Else craft an exception rule ([Modify] or →Recipes).
 6. Thenceforth restart Apache (after testing changes: `apache2ctl -t`).

See also: [usage](https://fossil.include-once.org/modseccfg/wiki/usage)
[remoting](https://fossil.include-once.org/modseccfg/wiki/remoting),
or [preconf/recipe setup](https://fossil.include-once.org/modseccfg/wiki/preconf),
or the ["FAQ"](https://fossil.include-once.org/modseccfg/doc/trunk/FAQ.md).


### Notes

 * Preferrably do not edit default `/etc/apache*` files
 * Work on separated `/srv/web/conf.d/*` configuration, if available
 * And keep vhost settings in e.g. `vhost.*.dir` files, rather than
   multiple `<VirtualHost>` in one `*.conf` (else only the first section
   will be augmented).
 * Requires some setup for the recipes (notably *.preconf includes for vhosts),
   but not for basic rule disabling/modifications.
 * File→Install packages are Debian-only
 * Reporting scripts also require Ruby


### from `project` import `meta`

| meta           | info                                                            |
|:---------------|:----------------------------------------------------------------|
| depends        | python:[pysimplegui](https://pypi.org/project/PySimpleGUI/), python:[pluginconf](https://pypi.org/project/pluginconf/), python:[tkinter](https://docs.python.org/3/library/tkinter.html), sys:[mod-security](https://packages.debian.org/sid/libapache2-mod-security2), bin:[sshfs](https://packages.debian.org/sid/sshfs)  |
| compat         | Python ≥3.6, Apache 2.x, mod_security 2.9.x, CRS 3.x, BSD/Linux |
| compliancy     | xdg, pluginspec, !pep8, logfmt, !desktop, !xdnd, mallard, man, sshrc, !netrc, !http_proxy, !nobackup, !releases.json, !doap, !packfile |
| system usage   | opportune shell invokes (sshfs, find, cat, dpkg, xdg-open)      |
| paths          | ~/mnt/,  ~/backup-config/, ~/.config/modseccfg/                 |
| testing        | few data-driven assertions, only manual UI and usage tests      |
| docs           | minimal wiki, yelp, news                                        |
| activity       | burst, temporary                                                |
| state          | beta                                                            |
| support        | `None`                                                          |
| contrib        | mail, fossil DVCS (create an account or send bundles)           |
| announce       | [freshcode.club](https://freshcode.club/projects/modseccfg), pypi.org    |