Author Topic: Free mod_security rules!  (Read 15225 times)

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 334
Re: Free mod_security rules!
« Reply #15 on: January 14, 2014, 10:37:57 AM »
1. If I am running another panel other than cPanel, can I still use the Agent? If "yes", how can I access the WAF panel to manage and update the rules?

Yes, you may install standalone scripts:

Cpanel installation hasn't been found.
You may install standalone scripts.

Continue installation [y/n]:


In that case you will be able to access:


See more here:
https://waf.comodo.com/doc/Comodo_Web_Application_Firewall_Quick_Start_Guide.pdf
https://waf.comodo.com/doc/Comodo_Web_Application_Firewall_Admin_Guide.pdf

2. How can I apply the rules to only a few specific websites (virtual hosts), instead of ALL the websites?

If you don't use cPanel with CWAF plugin, you need to edit Apache configuration files.

See example of solution here: http://serverfault.com/questions/487329/enable-mod-security-for-only-one-website

3. Is there a tool or online service that can be used to do an "attack" and see Comodo WAF in action?

Basically, you may use web-browser to send some hackers requests, trying SQL injection or XSS. Or try to use some kind of vulnerability scanner, like Comodo Hacker Guarduan: http://www.hackerguardian.com/

--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline designcentre

  • Comodo Member
  • **
  • Posts: 48
CPanel still now joy with new loader :(
« Reply #16 on: January 14, 2014, 11:05:08 PM »
Found CPanel installation.
Continue installation [y/n]: y
Path to perl packages
PERL - /usr/local/cpanel/3rdparty/bin/perl
CPAN - /usr/local/cpanel/3rdparty/perl/514/bin/cpan

Check perl dependencies...      [OK]
Check Apache HTTP installation...        [OK] (2.2)
Check Mod_Security installation...      [OK]
Decompress Comodo WAF package.../usr/bin/tail: cannot open `..//root/cwaf_client_install.sh' for reading: No such file or directory

gzip: stdin: unexpected end of file
/bin/tar: Child returned status 1
/bin/tar: Error is not recoverable: exiting now
        [OK]

Enter CWAF connection data
--------------------------

Enter CWAF user: xxxxxxxxxxxxx
Enter CWAF password: xxxxxxxxxxxxx
Prepare Comodo WAF configuration...
Comodo WAF Perl modules package not found.
Installation aborted

Offline httpEasy

  • Newbie
  • *
  • Posts: 14
Re: CPanel still now joy with new loader :(
« Reply #17 on: January 15, 2014, 02:55:18 AM »
Found CPanel installation.
Continue installation [y/n]: y
Path to perl packages
PERL - /usr/local/cpanel/3rdparty/bin/perl
CPAN - /usr/local/cpanel/3rdparty/perl/514/bin/cpan

Check perl dependencies...      [OK]
Check Apache HTTP installation...        [OK] (2.2)
Check Mod_Security installation...      [OK]
Decompress Comodo WAF package.../usr/bin/tail: cannot open `..//root/cwaf_client_install.sh' for reading: No such file or directory

gzip: stdin: unexpected end of file
/bin/tar: Child returned status 1
/bin/tar: Error is not recoverable: exiting now
        [OK]

Enter CWAF connection data
--------------------------

Enter CWAF user: xxxxxxxxxxxxx
Enter CWAF password: xxxxxxxxxxxxx
Prepare Comodo WAF configuration...
Comodo WAF Perl modules package not found.
Installation aborted

I encountered the same issue. Would it help to change the script

Quote
if [ ! -r Comodo-CWAF.tar.gz ]; then
    echo -e "\nComodo WAF Perl modules package not found."
    do_exit 1
  fi
           
  $TAR_BIN -zxf Comodo-CWAF.tar.gz

and rename all instances of the package name to cwaf_rules-0.3x.tgz?

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 334
Re: CPanel still now joy with new loader :(
« Reply #18 on: January 15, 2014, 04:14:05 AM »
I encountered the same issue. Would it help to change the script

Hello

Seems you started installation script from another directory.

Please try to change directory before starting script, e.g.


cd /root
bash cwaf_client_install.sh



Documentation and installation instructions will be expanded in the near future.
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline Valentin N

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2869
  • Usability Study Group
    • My homepage at the moment
Re: Free mod_security rules!
« Reply #19 on: January 15, 2014, 07:37:33 AM »
very interesting! As I will learn to webprogram this might be very very useful as well as helpful tool. Great done!
« Last Edit: January 15, 2014, 10:05:13 AM by Valentin N »
Skype: comodohelper (Personal)

CEVPN: Valentin N

CIS 6.3

Keep CTM alive by voting


Offline httpEasy

  • Newbie
  • *
  • Posts: 14
Re: CPanel still now joy with new loader :(
« Reply #20 on: January 15, 2014, 09:03:56 AM »
Hello

Seems you started installation script from another directory.

Please try to change directory before starting script, e.g.


cd /root
bash cwaf_client_install.sh



Nope. I ran it from root and the error occurred after connecting to waf. Anyway, now it seems to work.

Offline designcentre

  • Comodo Member
  • **
  • Posts: 48
Re: CPanel still now joy with new loader :(
« Reply #21 on: January 15, 2014, 05:45:45 PM »
Hello

Seems you started installation script from another directory.

Please try to change directory before starting script, e.g.


cd /root
bash cwaf_client_install.sh


I was exactly the same I started the script as per instructions from root folder...but all good this morning & installed nicely onto the cPanel server. Now to keep an eye on the logs - Thanks again

Documentation and installation instructions will be expanded in the near future.

Offline Je1te

  • Newbie
  • *
  • Posts: 2
Re: Free mod_security rules!
« Reply #22 on: February 18, 2014, 03:06:44 PM »
Thanks Comodo for offering this service for free! The admin guide of the WAF states "Currently CWAF is designed for and has been tested on Apache on Linux servers. The firewall versions for other server types are coming shortly. ". Does anyone know about the compatibility of the rules with nginx? And is there a chance that the rules will also be tested on nginx in the future?

Offline pgzn

  • Newbie
  • *
  • Posts: 2
Re: Free mod_security rules!
« Reply #23 on: March 03, 2014, 08:11:11 PM »
To quote the VP, this is a huge f-ing deal. Glad I found this after a year of occasional searching. Gotroot left low margin hosts to the wolves with no warning.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14588
    • Video Blog
Re: Free mod_security rules!
« Reply #24 on: March 04, 2014, 12:31:02 AM »
Thanks Comodo for offering this service for free! The admin guide of the WAF states "Currently CWAF is designed for and has been tested on Apache on Linux servers. The firewall versions for other server types are coming shortly. ". Does anyone know about the compatibility of the rules with nginx? And is there a chance that the rules will also be tested on nginx in the future?

one by one we are testing with it all. next is litespeed, then nginx.

Offline Je1te

  • Newbie
  • *
  • Posts: 2
Re: Free mod_security rules!
« Reply #25 on: March 04, 2014, 07:52:33 AM »
one by one we are testing with it all. next is litespeed, then nginx.

That's good news, thanks!

Offline pthirose

  • Newbie
  • *
  • Posts: 2
Re: Free mod_security rules!
« Reply #26 on: April 17, 2014, 02:51:26 PM »
First, thank you for providing this.  Finding a good set of baseline rules that don't create a bunch of false neg/pos is always difficult.

Are most of you switching from OWASP CRS to Comodo or are you starting new?  I'm curious how the Comodo ruleset compares to the CRS.  There is a separate post comparing performance against commercial/paid rules, and I thought it interesting there was a column for "no rules" (why run mod_security w/out rules?).

However, I'm more interested in comparing against CRS.  IMO, CRS is sorta the baseline, especially in the free realm.

I'm new to this.  I'm not running cPanel or anything, just straight-up Apache 2.2.x and mod_security 2.8.  Until now, I was just using CRS/2.2.9.

If anyone has any opinion on Comodo free rules vs the OWASP CRS rules, I'd greatly appreciate hearing your take on both.

Thank you,
PH

Offline mommaroodles

  • Newbie
  • *
  • Posts: 3
Re: Free mod_security rules!
« Reply #27 on: June 05, 2014, 11:50:59 AM »
Hello :)

I also have Mod Security 2.8 and I get warning message after starting the installation saying that it had not been tested with mod security 2.08 - now I'm wondering, is it ok to install despite the warning message or do I use the OWASP rules.

I'd appreciate it if someone could please tell me if its ok to use with Mod Security 2.8.

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 364
Re: Free mod_security rules!
« Reply #28 on: June 22, 2014, 02:21:05 PM »
Modsecurity 2.8.0 works with Comodo rules.

Offline crownhost

  • Newbie
  • *
  • Posts: 11
Re: Free mod_security rules!
« Reply #29 on: June 29, 2014, 05:04:18 AM »
Hi,
Are these just the core rules or Comodo's own rules?
Can anyone here using these rules on a cpanel server comment on their usefulness please?

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek