Learn about Centmin Mod LEMP Stack today
Register Now

Beta Branch update prep for ModSecurity v3.0

Discussion in 'Centmin Mod Github Commits' started by eva2000, Aug 5, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    48,977
    11,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,474
    Local Time:
    2:04 AM
    Nginx 1.21.x
    MariaDB 10.x
    unless you know how to configure modsecurity and it's gotchas, I'd avoid it. if using Cloudflare Pro and higher paid plans, you already have CF WAF available anyway.

     
  2. Rake-GH

    Rake-GH Active Member

    178
    91
    28
    Jul 29, 2019
    USA
    Ratings:
    +140
    Local Time:
    12:04 PM
    default
    default
    I don't use the paid cloudflare. But I did get modsecurity installed, got it setup and got it to trigger with your test rule. Pretty neat. I'm just gonna play with it in DetectionOnly mode for a couple days.

    I also found they have an exclusion profile for Xenforo too: crs_exclusions_xenforo
     
  3. eva2000

    eva2000 Administrator Staff Member

    48,977
    11,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,474
    Local Time:
    2:04 AM
    Nginx 1.21.x
    MariaDB 10.x
    oh didn't know that :cool:
     
  4. Pasta

    Pasta New Member

    14
    2
    3
    Aug 3, 2021
    Ratings:
    +6
    Local Time:
    12:04 AM
    Nginx 1.21.x
    MariaDB 10.4
    Is this the correct way to set up logrotate for modsecurity. Does the alias ngxrestart work after postrotate?

    nano /etc/logrotate.d/mod_security

    /var/log/modsec_audit.log {
    daily
    rotate 7
    missingok
    compress
    postrotate
    ngxrestart > /dev/null 2>/dev/null || true
    endscript
    }
     
  5. eva2000

    eva2000 Administrator Staff Member

    48,977
    11,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,474
    Local Time:
    2:04 AM
    Nginx 1.21.x
    MariaDB 10.x
    You can check if ngxrestart works for that by manually doing a forced debug logrotate via command
    Code (Text):
    logrotate -df /var/log/modsec_audit.log
    
     
  6. Pasta

    Pasta New Member

    14
    2
    3
    Aug 3, 2021
    Ratings:
    +6
    Local Time:
    12:04 AM
    Nginx 1.21.x
    MariaDB 10.4
    Thanks, i had to chmod modsec_audit.log to 0644 to make it work.
     
  7. hazehs

    hazehs Member

    34
    1
    8
    Jul 18, 2020
    Ratings:
    +6
    Local Time:
    4:04 PM
    NGINX 1.18
    MariaDB 10.4