GUI editor to tame mod_security rules

⌈⌋ ⎇ branch:  modseccfg


remoting

remoting ssh:/

In order to use modseccfg with a remote server, the easiest option is to start it with a ssh: servername:

modseccfg vps:/

This obviously requires that you have an according Host entry in your ~/.ssh/config with RSA key.

You can of course use a full hostname and user prefix:

modseccfg www-data@ssh.example.com:/

But if you don't have a key configured, the terminal would bring up the ssh password prompt quite frequently.

How does this work?

modseccfg internally starts sshfs and binds the remote system to ~/mnt/sshname:/. That mount will remain active while modseccfg is running, and unmounted on exit. All *.conf file access and most log scanning uses this filesystem mount point.

Other functions (concurrent audit log reading, or package installs) will open another ssh channel however.

Alternatives

In theory you could also use X11 forwarding, when modseccfg was installed on the server:

 ssh vps -X modseccfg

In practice, this is unbearably slow. Python/Tkinter over SSH is no fun, but a fallback alternative.

So alternatively, you might want to install xpra:

 xpra --start ssh:vps5 --start=modseccfg

That's much faster. But still requires both xpra and pip3 install modseccfg on the server beforehand.

Pros & Cons

The sshfs-remoting might be slower on startup, as each Apache *.conf file has to be read individually. (And ssh/encryption does indeed have a performance price). But overall it's easier to use than installing modseccfg on the server.

Care should be taken that the ~/mnt/ point isn't accessed by other tools (backup scripts) while modseccfg is running.

Alternatively you can change the mount point in File → Settings → Utils, of course.

There's also an sshfs_opts config option. Which you don't normally need however.