Skip to main content

Editor to tame mod_security rulesets

Project description

modseccfg

  • GUI to define SecRuleRemoveById settings on a vhost-basis

  • Tries to suggest false positives from error and audit logs

  • And configure mod_security and CoreRuleSet variables.

  • Runs locally, via ssh -X forwarding, or per modseccfg ssh:/ remoting.

image0

Installation

  • You can install this package locally or on a server:

    pip3 install modseccfg
  • And your distro must provide a full Python installaton and mod_security:

    sudo apt install python3-tk ttf-unifont libapache2-mod-security2

Start options

  • To run the GUI locally / on test setups:

    modseccfg
  • Or with sshfs remoting directly to the servers filesystem:

    modseccfg root@vps5:/

    A little slower on startup, but allows live log inspection. Requires preconfigured ssh hosts and automatic pubkey authorization. Beware of the implicit ~/mnt/ point, if connecting as root.

Alternatively there’s also slow X11 forwarding (ssh -X vps modseccfg) or `xpra --start ssh:vps5 --start=modseccfg <https://xpra.org/>`__ to run it on on the server.

Usage

You obviously should have Apache + mod_security + CRS set up and running already (in DetectionOnly mode initially), to allow for log inspection and adapting rules.

  1. Start modseccfg (python3 -m modseccfg)

  2. Select a configuration/vhost file to inspect + work on.

  3. Pick the according error.log

  4. Inspect the rules with a high error count (→[info] button to see docs).

  5. [Disable] offending rules

    • Don’t just go by the error count however!

    • Make sure you don’t disable essential or heuristic rules.

    • Compare error with access log details.

    • Else craft an exception rule ([Modify] or →Recipes).

  6. Thenceforth restart Apache (after testing changes: apache2ctl -t).

See also: usage remoting, or preconf/recipe setup, or the “FAQ”.

Notes

  • Preferrably do not edit default /etc/apache* files

  • Work on separated /srv/web/conf.d/* configuration, if available

  • And keep vhost settings in e.g. vhost.*.dir files, rather than multiple <VirtualHost> in one *.conf (else only the first section will be augmented).

  • Requires some setup for the recipes (notably *.preconf includes for vhosts), but not for basic rule disabling/modifications.

  • File→Install packages are Debian-only

  • Reporting scripts also require Ruby

from project import meta

meta

info

depends

python:pysimplegui, python:pluginconf, python:tkinter, sys:mod-security, bin:sshfs _

compat

Python ≥3.6, Apache 2.x, mod_security 2.9.x, CRS 3.x, BSD/Linux

compliancy

xdg, pluginspec, !pep8, !logfmt, !desktop, !xdnd, !mallard, sshrc, !netrc, !http_proxy, !nobackup, !PKG_INFO, !releases.json, !doap, !packfile

system usage

opportune shell invokes (sshfs, find, cat, dpkg, xdg-open)

paths

~/mnt/, ~/backup-config/, ~/.config/modseccfg/

testing

few data-driven assertions, only manual UI and usage tests

docs

minimal wiki, news, no man page

activity

burst, temporary

state

beta

support

None

contrib

mail, fossil DVCS (create an account or send bundles)

announce

freshcode.club, pypi.org

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

modseccfg-0.6.3-py3-none-any.whl (211.0 kB view details)

Uploaded Python 3

File details

Details for the file modseccfg-0.6.3-py3-none-any.whl.

File metadata

  • Download URL: modseccfg-0.6.3-py3-none-any.whl
  • Upload date:
  • Size: 211.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: Python-urllib/3.7

File hashes

Hashes for modseccfg-0.6.3-py3-none-any.whl
Algorithm Hash digest
SHA256 96980db401cacc6bc13b0d691754bf0c672f713e239d05f0efe6c42f6dfa5f21
MD5 f1a472ffc24374b8525d15661c47d51c
BLAKE2b-256 5f88d6d689de7fc2a74fbcf722b3fe74e6797b072e88c95b565f2fa4f19f2679

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page