modsecurity_crs_10_config.conf missing

[jb044]

The latest mod_security rpm (2.6.6-2) as provided by the Atomic yum repo for RHEL seems to mis /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf, previous versions did include this file. However /etc/httpd/conf.d/00_mod_security.conf still refers to this file and because of that after the latest mod_security from the Atomic repo gets installed or upgraded, apache refuses to start.

I looked at the specfile and it seems the sections for this file are commented out.

Am I missing something here or did something go wrong?

[mikeshinn]

That file is not used anymore, so comment it out of your config. The example config file will no longer include a reference to it in the next release.

ASL will generate your modsecurity config for you. If you are not using ASL, then you will want to configure modsecurity yourself, per the wiki:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

You can also download an example configuration file, but keep in mind that you really want to setup modscurity for your needs and should not rely on any example configuration file to be exactly right for your system. Its a good example, dont get me wrong, but your needs might be different: different memory settings, inspection settings, etc. The example is a good starting point, but not something you should assume will be perfect for your system:

https://www.atomicorp.com/wiki/index.ph ... x_waf.conf

[jb044]

IC

However where does mod_security get enabled now?

[EvolutionCrazy]

nowhere?

looks like that if you are an ASL customer it does not get enabled by default?

even the delayed rulesets does not include a standard modsecurity config:
http://updates.atomicorp.com/channels/rules/delayed/

[mikeshinn]

looks like that if you are an ASL customer it does not get enabled by default?

Thanks for the question, but I'm not sure I understand it. ASL automatically enables, setups modsecurity and generates all modsecurity configuration files on the fly, it doesnt use or rely on that file. That file is not used by ASL, and never has been. So for ASL, modsecurity gets enabled by default.

This thread is about the free rpms we put out (the atomic repo is our free yum repository, it is not used by ASL), and those are not used by ASL. so perhaps thats where the confusion lies? This file was removed from the free modsecurity months ago, but those rpms are not used by ASL.

even the delayed rulesets does not include a standard modsecurity config:
http://updates.atomicorp.com/channels/rules/delayed/

I'm not sure I follow you. The modsecurity configuration file is provided on the modsecurity page:

https://www.atomicorp.com/wiki/index.ph ... x_waf.conf

The installation instructions for modsecurity are provided at the URL below, which explains how to create that configuration file as well as providing a link to one:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

So if you follow those instructions, you'll be right as rain. We specifically do not include a config file with the rules for the same reason no one else does - your modsecurity config file shouldnt change, and the rules are updated several times a day, so that would cause your config to change several times a day! You dont want someone overwriting your custom config file with something new every time theres a new rules update. That would be disastrous, so we dont do it.

Nevertheless, none of this is necessary for ASL, as ASL installs, enables and configures modsecurity for you. These instructions, and files, are for people that are setting up modsecurity themselves.

If you want an all in one package to install, enable, configure, maintain and automatically upgrade modsecurity based on your needs, use ASL. That what its for. If you want to DIY, then follow the instructions in the wiki.

I hope this answers your question, but if I misunderstood your question please let me know and thanks again for your question.

[EvolutionCrazy]

hi,

thanks for the exaustive and quick reply

yeah this is an old centos5 box without ASL subscription... mod security was working ok with the delayed rules but stopped working a few mod_security updates ago due to missing tortix* file.

didn't spend much time on it, just using the sample tortix* file provided in your link have it working again

PS: is there a way to subscribe only to the updated modsecurity rules realtime feed or do I need to get the whole ASL package (which I'm not planning to use on this box)?

[mikeshinn]

PS: is there a way to subscribe only to the updated modsecurity rules realtime feed or do I need to get the whole ASL package (which I'm not planning to use on this box)?

Thanks for the question. Yes, you can subscribe to just the updated modsecurity rules realtime feed and no you do not need to get ASL to do this. You can sign up for a license here:

https://www.atomicorp.com/amember/signup.php

You will want to sign up for the "Real Time Web Application Security Rules Subscription". You can get a monthly, or annual license.

Please let us know if you have any other questions or if we can assist you with anything else.