GUI editor to tame mod_security rules

โŒˆโŒ‹ โŽ‡ branch:  modseccfg

Shorten titles (rm modseccfg:)
mario authored 175 days ago last checkin c7b7b39b4
๐Ÿ“‚ dev Add Fileโ†’Install menu for *.deb packages or scripts.โ€นโ€บ 292 days ago
๐Ÿ“‚ html2mallard Converted project wiki to yelp pages. (subproject: html2mallard)โ€นโ€บ 262 days ago
๐Ÿ“‚ logfmt1 Comment updates, fixed script wrappers, unify update-logfmt to pythonโ€นโ€บ 278 days ago
๐Ÿ“‚ manpage Remove remaining emoji Unicode occurences (info, modify, vhosts)โ€นโ€บ 208 days ago
๐Ÿ“‚ modseccfg Remove remaining emoji Unicode occurences (info, modify, vhosts)โ€นโ€บ 208 days ago
๐Ÿ“‚ test publish data test (mostly vhost/secrule extraction)โ€นโ€บ 293 days ago
๐Ÿ“„ FAQ.md Note about emoji bug (albeit already removed all instances)โ€นโ€บ 199 days ago
๐Ÿ“„ LICENSE Add FAQ and licenseโ€นโ€บ 309 days ago
๐Ÿ“„ Makefile Remove remaining emoji Unicode occurences (info, modify, vhosts)โ€นโ€บ 208 days ago
๐Ÿ“„ NEWS Release as 0.7.0โ€นโ€บ 270 days ago
๐Ÿ“„ README.md Man pages (in data_files=) are now handled by pluginconf.setupโ€นโ€บ 251 days ago
๐Ÿ“„ pytest.ini disable regex warningsโ€นโ€บ 290 days ago
๐Ÿ“„ requirements.txt Add basic plugin_load(), generilize `add_menu()` into `init()`โ€นโ€บ 268 days ago
๐Ÿ“„ setup.py Man pages (in data_files=) are now handled by pluginconf.setupโ€นโ€บ 251 days ago
๐Ÿ“„ tox.ini publish data test (mostly vhost/secrule extraction)โ€นโ€บ 293 days ago

modseccfg

mod_security config GUI

  • GUI to define SecRuleRemoveById settings on a vhost-basis
  • Tries to suggest false positives from error and audit logs
  • And configure mod_security and CoreRuleSet variables.
  • Runs locally, via ssh -X forwarding, or per modseccfg ssh:/ remoting.

WARNING: THIS IS ALPHA STAGE QUALITY AND WILL MOST CERTAINLY DELETE YOUR APACHE CONFIGURATION - It doesn't, but: no warranty and such. - Also, hasn't many features yet.

Installation

  • You can install this package locally or on a server:

    pip3 install -U modseccfg
    
  • And your distro must provide a full Python installaton and mod_security:

    sudo apt install python3-tk ttf-unifont libapache2-mod-security2
    

Start options

  • To run the GUI locally / on test setups:

    modseccfg
    
  • Or to connect to a remote server:

    modseccfg root@vps5:/
    

Takes a bit longer on startup, but is heaps better than X11 forwarding.

Usage

You obviously should have Apache + mod_security + CRS set up and running already (in DetectionOnly mode initially), to allow for log inspection and adapting rules.

  1. Start modseccfg (python3 -m modseccfg)
  2. Select a configuration/vhost file to inspect + work on.
  3. Pick the according error.log
  4. Inspect the rules with a high error count.
  5. [Disable] offending rules
    • Don't just go by the error count however!
    • Make sure you don't disable essential or heuristic rules.
    • Compare error with access log details.
    • Else craft an exception rule ([Modify] or โ†’Recipes).
  6. Thenceforth restart Apache (after testing changes: apache2ctl -t).

See also:

Notes

  • Preferrably do not edit default /etc/apache* files
  • Work on separated /srv/web/conf.d/* configuration, if available
  • And keep vhost settings in e.g. vhost.*.dir files, rather than multiple <VirtualHost> in one *.conf (else only the first section will be augmented).
  • Use the editor (F4) to verify more complex settings.

Missing features

  • Rule [modify] is still unimplemented.
  • Recipes are not worth using yet.
  • No sudo usage.

Attachments:

  • overview.gif [download] added by mario on 2020-12-09 22:39:53. [details]