Re: [mod-security-users] Core rules for mod_security 1.9x orsomediffere solution...
Brought to you by:
victorhora,
zimmerletw
From: Robin D. <rob...@gm...> - 2008-01-03 21:31:07
|
Hi Michael, Thanks for the notice, that's great to hear! Best, Robin -----Original Message----- From: Michael Shinn [mailto:mi...@go...] Sent: donderdag 3 januari 2008 22:12 To: Robin Diederen Cc: mod...@li... Subject: Re: [mod-security-users] Core rules for mod_security 1.9x orsomediffere solution... The gotroot files archive (which includes the rules) is offline for a few hours due to scheduled maintenance. It should be back up before the end of the day. On Thu, 2008-01-03 at 22:07 +0100, Robin Diederen wrote: > Hi Ryan (and others), > > > > Thanks for the tips. I tried to download the GotRoot rulesets, but, > they are offline. > > > > For what the compilation of mod_security v2 is concerned.. I get these > errors: > > root@web:~/ModSecurity/modsecurity-apache_2.1.4/apache2# make > > Makefile:40: /etc/apache2/build/special.mk: No such file or directory > > make: *** No rule to make target `/etc/apache2/build/special.mk'. > Stop. > > root@web:~/ModSecurity/modsecurity-apache_2.1.4/apache2# > > > > So then I comment out the reference to special.mk (the build directory > does exists in the specified location). Then I comment out the line > referring to special.mk; I get this error: > > root@web:~/ModSecurity/modsecurity-apache_2.1.4/apache2# make > > make: *** No rule to make target `local-shared-build', needed by > `all'. Stop. > > root@web:~/ModSecurity/modsecurity-apache_2.1.4/apache2# > > > > I did install the Apache development packages. > > > > Any clues? > > > > Best, Robin > > > > > ______________________________________________________________________ > From:Ryan Barnett [mailto:Ryan.Barnett@Breach.com] > Sent: donderdag 3 januari 2008 1:35 > To: Robin Diederen; mod...@li... > Subject: RE: [mod-security-users] Core rules for mod_security 1.9x or > somediffere solution... > > > > > There are 2 different places you can look - > > * The ModSecurity CVS archive for the 1.9 branch has some rules > - http://mod-security.cvs.sourceforge.net/mod-security/rules/ > * Check out the GotRoot Rules - > http://www.gotroot.com/mod_security+rules > > > > Keep in mind that both of these rulesets have some limitations (see > http://www.modsecurity.org/blog/archives/2007/01/key_advantages.html) > which is why we created the Core Rules. They will, however, provide > you with a starting point. > > > > As for your compilation errors with the 2.x code, did you see this > past email thread? > http://marc.info/?l=mod-security-users&m=119364832414967&w=2 Are you > seeing the same errors? > > > > -- > Ryan C. Barnett > ModSecurity Community Manager > > Breach Security: Director of Training > > Web Application Security Consortium (WASC) Member > > CIS Apache Benchmark Project Lead > > SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > > Author: Preventing Web Attacks with Apache > > > > > > > ______________________________________________________________________ > From:mod...@li... > [mailto:mod...@li...] On Behalf Of > Robin Diederen > Sent: Wednesday, January 02, 2008 6:19 PM > To: mod...@li... > Subject: [mod-security-users] Core rules for mod_security 1.9x or > somediffere solution... > > > > > Hello all, > > > > First, let me introduce myself. My name is Robin and I just got into > hosting (I'm hosting my own websites). While Googlin' the internet for > security enhancements for web servers, I stumbled upon mod_security. > After some reading, I decided to give the module a try, as it sounds > as quite a promising gain. > > > > So I downloaded mod_security on my webserver (Ubuntu 6.0.6 LTS LAMP > installation) by using the version offered through the Ubuntu > repository. That went well (I would not have expected otherwise). > Then, I downloaded the latest core ruleset from the mod_security > website. However, that one didn't work, as it is meant for 2.x > versions of mod_security. > > > > So now I'm looking for a ruleset that can work with the older > mod_security (yeah I know I should not be doing that, but, then again, > it's only for testing purposes) or. a way to install mod_security on > my Ubuntu installation (the make process always breaks on various > error; some I can resolve, some not). > > > > Who can help me? > > > > Best, Robin > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users -- Michael T. Shinn KeyID:0xDAE2EC86 Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86 SANS Advisory Board Member Got Root? http://www.gotroot.com modsecurity rules: http://www.modsecurityrules.com Troubleshooting Firewalls: http://troubleshootingfirewalls.com -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.13/1207 - Release Date: 2-1-2008 11:29 |