Author Topic: Comodo WAF for DirectAdmin  (Read 15867 times)

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 338
Comodo WAF for DirectAdmin
« on: March 03, 2015, 06:03:06 AM »
Comodo WAF can now be easily integrated into DirectAdmin.

If your server is running DirectAdmin you may enable Comodo ModSecurity protection rules and Comodo WAF plugin using the next steps:

  • Check that you are using the latest CustomBuild 2.0.



    See more information about DirectAdmin CustomBuild here: http://forum.directadmin.com/showthread.php?t=44743

  • Make sure that CPAN and SUDO utils installed on your system.
  • Open CustomBuild interface and click update of Comodo ModSecurity Rule Set





If installation is successful you will be able to use CWAF plugin in the Extra Features section of the main menu of DirectAdmin.







Alternatively, you may enable ModSecurity Comodo rule set from the console:


cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity


Release Notes:

  • Update of Comodo rules is controlled by DirectAdmin CustomBuild.
  • Current CWAF version was not tested with DirectAdmin on FreeBSD platform, but only on CentOs and Debian.
  • If you want to send feedbacks directly to Comodo Test Lab through our plugin, you need to SignUp and set your Comodo account in the plugin.

Please send us your feedback to improve this feature.



[attachment deleted by admin]
« Last Edit: March 03, 2015, 06:24:46 AM by vadim »
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14623
    • Video Blog
Re: Comodo WAF for DirectAdmin
« Reply #1 on: March 03, 2015, 08:30:33 AM »
Great job guys!

Offline SeLLeRoNe

  • Newbie
  • *
  • Posts: 5
Re: Comodo WAF for DirectAdmin
« Reply #2 on: March 03, 2015, 09:33:08 AM »
Hi guys,

i've just installed the rules and relative plugin into DirectAdmin using CustomBuild 2 on 3 Servers and one of those isnt working correctly.

The Server that isnt working is an old CentOS 5 64Bit server (all software are up2date related to the CentOS Mirrors).

The problem i'm facing is probably related to old perl that this OS doesnt want to update :) Here is the error i do have once accessing the CWAF plugin:
"remove_tree" is not exported by the File::Path module
Can't continue after import errors at /usr/lib/perl5/site_perl/5.8.8/Comodo/CWAF/ClientAPI.pm line 12
BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Comodo/CWAF/ClientAPI.pm line 12.
Compilation failed in require at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 11.
BEGIN failed--compilation aborted at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 11.

Since i cant apply the rules from the web interface CustomBuild notify me that i've no the current/correct ruleset version for modsecurity.

It's not a hurry and/or a big issue, i wanted just notify you guys about this issue, if a fix get released i would highly appreciate that.

Thanks

Best regards

Andrea Iannucci

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: Comodo WAF for DirectAdmin
« Reply #3 on: March 03, 2015, 10:23:01 AM »
Hi, Andrea.

We have tested Plugin for limited OS versions amount.
If it's possible, please try to update File::Path module.

For example:

# cpan
Terminal does not support AddHistory.
cpan> upgrade File::Path
CPAN: Storable loaded ok (v2.20)
Reading '/home/.cpan/Metadata'
................................................................
cpan>q
Terminal does not support GetHistory.
Lockfile removed.

« Last Edit: March 03, 2015, 10:29:50 AM by akabakov »

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 275
Re: Comodo WAF for DirectAdmin
« Reply #4 on: March 04, 2015, 08:39:57 AM »
CWAF installation fixed on CentOS 5.

Thank you Andrea for access provided :)

This improvement will be available in next version of client

Offline SeLLeRoNe

  • Newbie
  • *
  • Posts: 5
Re: Comodo WAF for DirectAdmin
« Reply #5 on: March 04, 2015, 09:49:35 AM »
Your welcome.

I've noticed another bug (maybe more than one).

All user-related logs are stored in admin folder log (/var/log/modsec_audit/admin)

The httpd.conf is correctly set (so each user should write in their own folder), but it doesnt

The line made me think that is a bug is this one:

log=admin&pwd=cindy&wp-submit=Log%20In&redirect_to=http%3A%2F%2Fwww.giuseppegambi.it%2Fsito%2Fwp-admin%2F&testcookie=1

This domain is owned by another user (not admin).

Also, in the same file i can see another error message:
Message: collection_store: Failed to access DBM file "/tmp/ip": Permission denied

/tmp have 777 permissions but is mounetd nosuid,noexec in fstab for security purpose:
drwxrwxrwt   4 root root 2,3M  4 mar 15:48 tmp

Anything i can do?

If you need access just let me know, is the same server you've already checked but i've changed passwords back :)

PS: the system is using Apache 2.4 and mod_ruid2 (i suppose is related to mod_ruid2)

Best regards

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 275
Re: Comodo WAF for DirectAdmin
« Reply #6 on: March 04, 2015, 11:11:20 AM »
Hi Andrea

Quote
All user-related logs are stored in admin folder log (/var/log/modsec_audit/admin)
I guess this is because you state this folder as storage for modsecurity audit logs at "Security Engine" plugin tab
Modsecurity doesn't separate admin/user logs

Quote
Also, in the same file i can see another error message:
Message: collection_store: Failed to access DBM file "/tmp/ip": Permission denied

According to this thread mod_security still not compatible with mod_ruid2
http://forums.cpanel.net/f442/mod-ruid-2-modsecurity-385712-p2.html#post1821282
As I see from this topic problem is not resolved yet :(


Offline SeLLeRoNe

  • Newbie
  • *
  • Posts: 5
Re: Comodo WAF for DirectAdmin
« Reply #7 on: March 04, 2015, 02:00:43 PM »
I see, but the SecAuditLogStorageDir value in virtualhost shouldnt be useful to set a path for each user?

Regards

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: Comodo WAF for DirectAdmin
« Reply #8 on: March 05, 2015, 09:59:55 AM »
You can set SecAuditLogStorageDir  path for each user in virtualhost  conf, but logs will be written in common log-file too.

Offline SeLLeRoNe

  • Newbie
  • *
  • Posts: 5
Re: Comodo WAF for DirectAdmin
« Reply #9 on: March 05, 2015, 12:16:49 PM »
Ok i can confirm that now data are written in user specific dir (did not check if are also written in admin dir).

No idea why it took so long :)

Regards

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1498
  • BETA FORCE MEMBER
Re: Comodo WAF for DirectAdmin
« Reply #10 on: March 10, 2015, 12:41:11 PM »
Congratulations on the release! It is a big step, reaching other markets that don't use cPanel.

Which one is the next release? ISPConfig? :D

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 338
Re: Comodo WAF for DirectAdmin
« Reply #11 on: March 11, 2015, 03:22:10 AM »
Congratulations on the release! It is a big step, reaching other markets that don't use cPanel.

Which one is the next release? ISPConfig? :D

Thank you. The next important step we want to do in the near future - release protection rules for Nginx platform.
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1498
  • BETA FORCE MEMBER
Re: Comodo WAF for DirectAdmin
« Reply #12 on: March 11, 2015, 11:14:39 AM »
Thank you. The next important step we want to do in the near future - release protection rules for Nginx platform.
Yes, that is for web server.
What I mean is for Control Panel?

Offline hack3rb43

  • Newbie
  • *
  • Posts: 1
Re: Comodo WAF for DirectAdmin
« Reply #13 on: March 12, 2015, 12:48:18 AM »
please help install with centos 6 directadmin but some server have error when apply rules

please help to fix






Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 275
Re: Comodo WAF for DirectAdmin
« Reply #14 on: March 12, 2015, 04:41:45 AM »
Hi there :)

Quote
please help install with centos 6 directadmin but some server have error when apply rules
please help to fix

I have answered on DirectAdmin forum.
Plugin can not find exclude cache. To re-generate lets try to perform rules update.
Please try to delete /usr/local/cwaf/rules/rules.dat file then update rules with 'Rules 1.25 is available' button (Alternatively you can do the same with CustomBuild 2.0 plugin. Update Comodo ModSecurity Rule Set)
If this not help, please delete content of /usr/local/cwaf/tmp/rules/ (two directories '/workdir1' and '/workdir2') and content of /usr/local/cwaf/tmp/CACHE directory and update rules again.
Also owner of /usr/local/cwaf directory should be 'cwaf_plugin'.
If not, please run:
 # chown -R cwaf_plugin:cwaf_plugin /usr/local/cwaf

Regards, Oleg
« Last Edit: March 12, 2015, 06:33:56 AM by oleg.tsygany »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek