ModSecurity

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,

I am writing this request on behalf of my friend Josh and myself. We were
recently discussing a joint project related to ModSecurity and would
like to hear the community opinion about it...

The overall goal of our project is to provide a transparent, standardized
and well-documented ModSecurity configuration layout - "the perfect setup" ;-)

We'd like to make this a community effort, discussing with you some of the
best strategies on 

 * where to put rules
 * where to put data
 * how to maintain this with the most consistent effort
 * how to backup the configuration
 * how to quickly setup new ModSecurity nodes
 * ... put your requirement here ...

We know that there will be no consensus on what the perfect setup might be.
If this happens to become in exchange in ModSecurity setup ideas, then this
might also be a benefit.

We'd like to bundle this discussion into packages for major platforms, e.g.
Debian/Ubuntu and RPM-based Linux systems.
Of course, this will be an open-source project.

To find a starting point, we took Ivan's approach from the ModSecurity
Handbook to have a basic directory-layout to start with. 
Our goal is to

 * Provide a basic directory layout
 * Make this layout as generic and automatic updatable as possible
 * Provide platform-independent additional tools, scripts, etc, such
   as the guardian-log.pl
 * Support default settings for remote-logging (e.g. AuditConsole,
   syslog, etc)

Further requirements might be

 * Support for distribution of configurations, which should be much
   easier when all machines are running the same, standardized layout
 * Documentation of customizations


What we're NOT trying to do
- ---------------------------

This is not going to be a binary distribution package for the ModSecurity
module for all major platforms. We cannot provides this at the current time
and since there are binary packages for all major distributions around this
would be doubled work.
So the focus solely is to provide a directory layout, basic configuration
guidelines and a concept for maintenance.


So far, we're currently at the beginning of the process and would love to 
take initial effort to gather community experiences and contributions :-)

The first step is to gather a list of basic requirements and directory
layout/organization proposals.

If anyone is interested in taking part, giving suggestions, then either
send them to the list contact Josh (jamuse@...) or me (chris@...)
or subscribe to our mailing-list at

	jwall-modsecurity@...

(see https://secure.jwall.org/mailman/listinfo/jwall-modsecurity )


Best regards,

   Chris & Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iD8DBQFM3FrYpc5/RcXDlTwRAnCWAJ9ANZTbGYcEDRHExMehIZagwFQvkwCfcHra
BzmHV5GL4f/FCrxQ2fNcGaA=
=/fc6
-----END PGP SIGNATURE-----

Re: [mod-security-users] The perfect setup From: <christian.folini@po...> - 2010-11-16 07:41 Hi there, There was not a lot of response to this welcome new project. I'll give you some food for thought and maybe somebody catches the bait and adds his own feedback. I think it's a good idea to keep the rules independent of the Apache Instance. That way you can have multiple Apaches on the same node and update the rulebase only once. I see three types of rules being used: - Core-Rules - Local Rules (These are the rules which apply for all instances) - Service-Specific rules Each type has different ID ranges. Local rules apply to all apache instances. I've been using that to Put new virtual patching rules into production. These are kept separate from the core-rules but they are also kept independent of the Apache instance. Service-Specific rules go with the apache config of an instance. If you have a lot of instances, it can make sense to keep two copies of the core-rules: A detection and a blocking variant. The apache instance then includes one of the two variants. Include .../core-rules-detect/* Or Include .../core-rules-block/* While this is dead-simple, it's maybe saner to use ModSec settings to achieve that goal. It should be possible to come up with decent pathnames if you look at the Linux File Hierarchy Standard. Regs, Christian -----Ursprüngliche Nachricht----- Von: Christian Bockermann [mailto:chris@...] Gesendet: Donnerstag, 11. November 2010 22:07 An: Mod Security Cc: AuditConsole List Betreff: [mod-security-users] The perfect setup -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, I am writing this request on behalf of my friend Josh and myself. We were recently discussing a joint project related to ModSecurity and would like to hear the community opinion about it... The overall goal of our project is to provide a transparent, standardized and well-documented ModSecurity configuration layout - "the perfect setup" ;-) We'd like to make this a community effort, discussing with you some of the best strategies on * where to put rules * where to put data * how to maintain this with the most consistent effort * how to backup the configuration * how to quickly setup new ModSecurity nodes * ... put your requirement here ... We know that there will be no consensus on what the perfect setup might be. If this happens to become in exchange in ModSecurity setup ideas, then this might also be a benefit. We'd like to bundle this discussion into packages for major platforms, e.g. Debian/Ubuntu and RPM-based Linux systems. Of course, this will be an open-source project. To find a starting point, we took Ivan's approach from the ModSecurity Handbook to have a basic directory-layout to start with. Our goal is to * Provide a basic directory layout * Make this layout as generic and automatic updatable as possible * Provide platform-independent additional tools, scripts, etc, such as the guardian-log.pl * Support default settings for remote-logging (e.g. AuditConsole, syslog, etc) Further requirements might be * Support for distribution of configurations, which should be much easier when all machines are running the same, standardized layout * Documentation of customizations What we're NOT trying to do - --------------------------- This is not going to be a binary distribution package for the ModSecurity module for all major platforms. We cannot provides this at the current time and since there are binary packages for all major distributions around this would be doubled work. So the focus solely is to provide a directory layout, basic configuration guidelines and a concept for maintenance. So far, we're currently at the beginning of the process and would love to take initial effort to gather community experiences and contributions :-) The first step is to gather a list of basic requirements and directory layout/organization proposals. If anyone is interested in taking part, giving suggestions, then either send them to the list contact Josh (jamuse@...) or me (chris@...) or subscribe to our mailing-list at jwall-modsecurity@... (see https://secure.jwall.org/mailman/listinfo/jwall-modsecurity ) Best regards, Chris & Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iD8DBQFM3FrYpc5/RcXDlTwRAnCWAJ9ANZTbGYcEDRHExMehIZagwFQvkwCfcHra BzmHV5GL4f/FCrxQ2fNcGaA= =/fc6 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev _______________________________________________ mod-security-users mailing list mod-security-users@... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Appliances, Rule Sets and Support: http://www.modsecurity.org/breach/index.html

1 message has been excluded from this view by a project administrator.