[mod-security-users] Seeking methods: How to continuously audit deployed ModSecurity installations
Brought to you by:
victorhora,
zimmerletw
From: Christopher J. M. <cma...@ap...> - 2014-04-25 15:11:12
|
Greetings folks, I am looking for some inout on methods used to monitor deployments of ModSecurity. In particular I would like to find out what folks are doing to continuously monitor their deployments to assure integrity of the system, such that: 1) The ModSecurity configuration and rulesets are not modified without authorization. 2) That the running Apache never is without ModSecurity running. 3) That the ‘running' ModSecurity ruleset matches exactly what is expected. 4) If there is any change to any of the above three things that alerts are generated to syslog and to the ‘admin’ via some other mechanism (e.g. email). How are other folks in their deployments handling this? Does ModSecurity handle this? What about: Tripwire? OSSEC? Simple MD5 and Script checks? Nagios with NRPE? Any thoughts or input as far as what others are doing in this regard would be terrific. Thanks! Christopher |