{ "info": { "author": "Younes JAAIDI", "author_email": "yjaaidi@shookalabs.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 2", "Programming Language :: Python :: 3", "Topic :: Utilities" ], "description": "ModSecurity Exception Generator\n###############################\n\n**ModSecurity Exception Generator** is a tool that generates **ModSecurity** exception rules by automatically analyzing ModSecurity audit logs. This is very useful and almost essential to avoid false positives and rejecting legitimate clients.\n\nInstallation\n************\n\n.. code-block:: bash\n\n pip install modsecurity-exception-generator\n\nUsage\n*****\n\nCommand options\n===============\n\n-d\n--\n SQL URL of the data store where the **ModSecurity** audit log parsed data will be stored and loaded from.\n\n *Example: 'sqlite:////tmp/modsecurity-exception-factory.db'.*\n\n-i [Optional]\n-------------\n Path to the ModSecurity audit log file to parse.\n\n One can use '-' as a value for this parameter to read the audit log data from standard input.\n\n-c [Optional]\n-------------\n Path of the optional configuration file. \n\nBasic examples\n==============\n\n.. code-block:: bash\n \n modsecurity-exception-generator \\\n -i /path/to/modsec_audit.log \\\n -d \"sqlite:////tmp/service.db\" \\\n > modsecurity_crs_15_exceptions.conf\n\n.. code-block:: bash\n \n zcat modsec_audit.log.*.gz \\\n | modsecurity-exception-generator \\\n -i - \\\n -d \"sqlite:////tmp/service.db\" \\\n > modsecurity_crs_15_exceptions.conf\n\nWARNING\n*******\n\n The produced exceptions must be loaded BEFORE the rules they are applied to.\n\nRemoving superfluous exceptions\n===============================\n\nGenerating exceptions by simply running the '**modsecurity-exception-generator**' program, as in the basic examples, might generate some superfluous exception rules. Thus we need some advanced options to obtain smarter results. That's where the YAML configuration file given using the '**-c**' option comes in handy.\n\nThe YAML configuration file supports the following directives:\n\nignore\n------\n\nIndicates which logs most be ignored by the exception generator.\n\nexample\n^^^^^^^\n\nTo ignore any log message produced by the rule with the id 981176.\n\n.. code-block::\n \n ignore:\n rule_id: [981176]\n\nThis can also be applied to other variables like '**host_name**' *(targeted host name)*, '**request_filename**' *(targeted url)* or '**payload_container**' *(the variable that matched the rule)*.\n\nminimum_occurrence_count_threshold\n----------------------------------\n\nIgnore exceptions that affect less than **minimum_occurence_count_threshold** log message occurrences.\n\nmaximum_value_count_threshold\n-----------------------------\n\nSometimes, exceptions rules can have conditions with too many values like the following example.\n\n.. code-block::\n \n SecRule REQUEST_FILENAME \"@rx ^(/foo_bar|/blabla|/test_2/|...)$\" ...\n\nThis condition can be ignored by setting **maximum_value_count_threshold** to a value lesser than the number of values in the regular expression.\n\nConfiguration example for the Core Rule Set\n===========================================\n\n.. code-block::\n \n ignore:\n rule_id: [981174, 981176, 981203, 981200, 981201, 981202, 981203, 981204, 981205, 981220]\n \n minimum_occurrence_count_threshold: 1000", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/shookalabs/modsecurity-exception-factory", "keywords": null, "license": "MIT", "maintainer": null, "maintainer_email": null, "name": "modsecurity-exception-factory", "package_url": "https://pypi.org/project/modsecurity-exception-factory/", "platform": "any", "project_url": "https://pypi.org/project/modsecurity-exception-factory/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/shookalabs/modsecurity-exception-factory" }, "release_url": "https://pypi.org/project/modsecurity-exception-factory/0.1.4/", "requires_dist": null, "requires_python": null, "summary": "A tool that generates ModSecurity exception rules by automatically analyzing ModSecurity audit logs.", "version": "0.1.4" }, "last_serial": 1839299, "releases": { "0.1.4": [ { "comment_text": "", "digests": { "md5": "2011159579d14b94f749e24628d65e87", "sha256": "c2960065a1cf9590dd4c2864170ba3b4f15baa451ca0729a5b899a33d11ee4db" }, "downloads": -1, "filename": "modsecurity-exception-factory-0.1.4.tar.gz", "has_sig": false, "md5_digest": "2011159579d14b94f749e24628d65e87", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19088, "upload_time": "2015-11-30T11:01:02", "url": "https://files.pythonhosted.org/packages/e0/ba/594153b570503229e5b85657757998a74dd65e9e22135fefde2b10066668/modsecurity-exception-factory-0.1.4.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "2011159579d14b94f749e24628d65e87", "sha256": "c2960065a1cf9590dd4c2864170ba3b4f15baa451ca0729a5b899a33d11ee4db" }, "downloads": -1, "filename": "modsecurity-exception-factory-0.1.4.tar.gz", "has_sig": false, "md5_digest": "2011159579d14b94f749e24628d65e87", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19088, "upload_time": "2015-11-30T11:01:02", "url": "https://files.pythonhosted.org/packages/e0/ba/594153b570503229e5b85657757998a74dd65e9e22135fefde2b10066668/modsecurity-exception-factory-0.1.4.tar.gz" } ] }