Comodo WAF for DirectAdmin

[vadim]

Comodo WAF can now be easily integrated into DirectAdmin.

If your server is running DirectAdmin you may enable Comodo ModSecurity protection rules and Comodo WAF plugin using the next steps:

• Check that you are using the latest CustomBuild 2.0.
  
  
  
  See more information about DirectAdmin CustomBuild here: http://forum.directadmin.com/showthread.php?t=44743
  
  
• Make sure that CPAN and SUDO utils installed on your system.
• Open CustomBuild interface and click update of Comodo ModSecurity Rule Set

If installation is successful you will be able to use CWAF plugin in the Extra Features section of the main menu of DirectAdmin.







Alternatively, you may enable ModSecurity Comodo rule set from the console:


cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity


Release Notes:

• Update of Comodo rules is controlled by DirectAdmin CustomBuild.
• Current CWAF version was not tested with DirectAdmin on FreeBSD platform, but only on CentOs and Debian.
• If you want to send feedbacks directly to Comodo Test Lab through our plugin, you need to SignUp and set your Comodo account in the plugin.

Please send us your feedback to improve this feature.



[attachment deleted by admin]

[Melih]

Great job guys!

[SeLLeRoNe]

Hi guys,

i've just installed the rules and relative plugin into DirectAdmin using CustomBuild 2 on 3 Servers and one of those isnt working correctly.

The Server that isnt working is an old CentOS 5 64Bit server (all software are up2date related to the CentOS Mirrors).

The problem i'm facing is probably related to old perl that this OS doesnt want to update Here is the error i do have once accessing the CWAF plugin:
"remove_tree" is not exported by the File::Path module
Can't continue after import errors at /usr/lib/perl5/site_perl/5.8.8/Comodo/CWAF/ClientAPI.pm line 12
BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Comodo/CWAF/ClientAPI.pm line 12.
Compilation failed in require at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 11.
BEGIN failed--compilation aborted at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 11.

Since i cant apply the rules from the web interface CustomBuild notify me that i've no the current/correct ruleset version for modsecurity.

It's not a hurry and/or a big issue, i wanted just notify you guys about this issue, if a fix get released i would highly appreciate that.

Thanks

Best regards

Andrea Iannucci

[akabakov]

Hi, Andrea.

We have tested Plugin for limited OS versions amount.
If it's possible, please try to update File::Path module.

For example:

# cpan
Terminal does not support AddHistory.
cpan> upgrade File::Path
CPAN: Storable loaded ok (v2.20)
Reading '/home/.cpan/Metadata'
................................................................
cpan>q
Terminal does not support GetHistory.
Lockfile removed.

[oleg.tsygany]

CWAF installation fixed on CentOS 5.

Thank you Andrea for access provided

This improvement will be available in next version of client

[SeLLeRoNe]

Your welcome.

I've noticed another bug (maybe more than one).

All user-related logs are stored in admin folder log (/var/log/modsec_audit/admin)

The httpd.conf is correctly set (so each user should write in their own folder), but it doesnt

The line made me think that is a bug is this one:

log=admin&pwd=cindy&wp-submit=Log%20In&redirect_to=http%3A%2F%2Fwww.giuseppegambi.it%2Fsito%2Fwp-admin%2F&testcookie=1

This domain is owned by another user (not admin).

Also, in the same file i can see another error message:
Message: collection_store: Failed to access DBM file "/tmp/ip": Permission denied

/tmp have 777 permissions but is mounetd nosuid,noexec in fstab for security purpose:
drwxrwxrwt   4 root root 2,3M  4 mar 15:48 tmp

Anything i can do?

If you need access just let me know, is the same server you've already checked but i've changed passwords back

PS: the system is using Apache 2.4 and mod_ruid2 (i suppose is related to mod_ruid2)

Best regards

[oleg.tsygany]

Hi Andrea

All user-related logs are stored in admin folder log (/var/log/modsec_audit/admin)

I guess this is because you state this folder as storage for modsecurity audit logs at "Security Engine" plugin tab
Modsecurity doesn't separate admin/user logs

Also, in the same file i can see another error message:
Message: collection_store: Failed to access DBM file "/tmp/ip": Permission denied

According to this thread mod_security still not compatible with mod_ruid2
http://forums.cpanel.net/f442/mod-ruid-2-modsecurity-385712-p2.html#post1821282
As I see from this topic problem is not resolved yet

[SeLLeRoNe]

I see, but the SecAuditLogStorageDir value in virtualhost shouldnt be useful to set a path for each user?

Regards

[akabakov]

You can set SecAuditLogStorageDir  path for each user in virtualhost  conf, but logs will be written in common log-file too.

[SeLLeRoNe]

Ok i can confirm that now data are written in user specific dir (did not check if are also written in admin dir).

No idea why it took so long

Regards

[w-e-v]

Congratulations on the release! It is a big step, reaching other markets that don't use cPanel.

Which one is the next release? ISPConfig?

[vadim]

Congratulations on the release! It is a big step, reaching other markets that don't use cPanel.

Which one is the next release? ISPConfig?

Thank you. The next important step we want to do in the near future - release protection rules for Nginx platform.

[w-e-v]

Thank you. The next important step we want to do in the near future - release protection rules for Nginx platform.

Yes, that is for web server.
What I mean is for Control Panel?

[hack3rb43]

please help install with centos 6 directadmin but some server have error when apply rules

please help to fix

[oleg.tsygany]

Hi there

please help install with centos 6 directadmin but some server have error when apply rules
please help to fix

I have answered on DirectAdmin forum.
Plugin can not find exclude cache. To re-generate lets try to perform rules update.
Please try to delete /usr/local/cwaf/rules/rules.dat file then update rules with 'Rules 1.25 is available' button (Alternatively you can do the same with CustomBuild 2.0 plugin. Update Comodo ModSecurity Rule Set)
If this not help, please delete content of /usr/local/cwaf/tmp/rules/ (two directories '/workdir1' and '/workdir2') and content of /usr/local/cwaf/tmp/CACHE directory and update rules again.
Also owner of /usr/local/cwaf directory should be 'cwaf_plugin'.
If not, please run:
 # chown -R cwaf_plugin:cwaf_plugin /usr/local/cwaf

Regards, Oleg