Update of "scripts"
Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
| Artifact ID: | b913d0519de35107596bde4c8563b29debfcd5bed81c09c1719507f8c5163b5f |
|---|---|
| Page Name: | scripts |
| Date: | 2020-12-09 09:45:44 |
| Original User: | mario |
| Next | 906593c970eea40fc9647758d02cd45afed1c53a4313084aebd4ccf73af71ca3 |
## Log processors / filters
There's a small sample of log filter scripts/ in Log → Report and → Preprocess.
> There aren't many yet. Because this is slightly hamstrung by the virtually > unparsable Apache log formats. In particular any "extended" log formats > aren't extractable just with cut/awk and similar shell constructs, because > the log field order is arbitrary and thus incompatible across different > setups. (And no, the standard combined format itself isn't useful to > scan for more interesting attributes. Nor is the mish-mash of delimiters > and the mid-90s datetime format.)
Nonetheless, you can probably use some of the reports. In particular the netnea rulereport scripts. They basically craft similar exception rules, as modseccfg recipes, but show them all at once - to cherrypick from.
You can keep the rule report window open alongside the main window. Making it slightly more useful than the log tab even.
Report and preprocess scripts are just bundled with modseccfg for convenience. And you can easily copy them out from the scripts/ directory, if you want to keep using them independently. (If anyone wants an installer .deb bundle, please drop a mail.)
#### Add your own
Use `locate modseccfg/scripts` to find the scripts/ directory. But **do not** save your own scripts there, but just symlink them in. (Else they will get deleted with any update.)
Each script (even if just a slim shell wrapper), requires a little description block atop, at least:
# type: report # category: mytools # title: search for common issue...
grep "error" $1 # or whatever
You can parameterize the scripts likewise, or have a `# type: image` report even. See the `scripts/__init__.py` documentation block for details. Filters are probably the easiest to craft.