|
|
| Binary packages for debian |
 
France |
2007-04-03 02:48:51 |
Hi !
I've noticed that there's no updates of Debian binary
packages since
1.9.4 get out.
There's no implementation of the 2.x series.
And that's the Alberto Gonzalez Iniesta packages !
In official Debian repository you find only the 1.8.x.
Is there any reason about that ?
Sioban.
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-users lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Binary packages for debian |
 
Spain |
2007-04-03 04:55:27 |
On Tue, Apr 03, 2007 at 09:48:51AM +0200, gotrootsioban.net wrote:
> Hi !
>
> I've noticed that there's no updates of Debian binary
packages since
> 1.9.4 get out.
>
> There's no implementation of the 2.x series.
> And that's the Alberto Gonzalez Iniesta packages !
>
> In official Debian repository you find only the 1.8.x.
>
> Is there any reason about that ?
mod-security packages had to be removed from Debian due to
licensing
problems. I still maintain them (updated) in my site:
http://etc.initta
b.org/~agi/debian/
You may find there mod-sec 1.9.x and 2.x for both etch/sid
and sarge.
Regards,
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y
soporte técnico
agi(inittab.org|debian.org)| en GNU/Linux y software
libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E
4BA4 01C3
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Binary packages for debian |
France |
2007-04-03 08:32:38 |
Hi !
Is there any doc to help the migration between 1.9.x and
2.1.x ???
I'm somewhat lost
I would like a sample of modsecurity.conf with a little more
than what
is in the .deb...
Thanks...
Sioban
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Binary packages for debian |
 
United States |
2007-04-03 08:37:08 |
I am putting the finishing touches on a 1.9 to 2.0 Migration
Matrix that
will help users to translate directives/functionality
between the Mod
versions. It should be up on the Mod site soon (possibly
later today).
--
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
--------------
Web Security Threat Report Webinar on May 9, 2007 (12 pm
EST)
Learn More About the Breach Webinar Series:
http://www.breach.
com/webinars.asp
--------------
> -----Original Message-----
> From: mod-security-users-bounceslists.sourceforge.net
[mailto:mod-
> security-users-bounceslists.sourceforge.net] On
Behalf Of
> gotrootsioban.net
> Sent: Tuesday, April 03, 2007 9:33 AM
> To: mod-security-userslists.sourceforge.net
> Subject: Re: [mod-security-users] Binary packages for
debian
>
> Hi !
>
> Is there any doc to help the migration between 1.9.x
and 2.1.x ???
>
> I'm somewhat lost
>
> I would like a sample of modsecurity.conf with a little
more than what
> is in the .deb...
>
> Thanks...
>
> Sioban
>
>
------------------------------------------------------------
------------
-
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the
chance to
share
> your
> opinions on IT & business topics through brief
surveys-and earn cash
>
http://www.techsay.com/default.p
hp?page=join.php&p=sourceforge&CID=DEVDE
V
> _______________________________________________
> mod-security-users mailing list
> mod-security-userslists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-
security-users
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Binary packages for debian |
United States |
2007-04-03 08:37:03 |
In addition, if you are looking for an example conf file for
2.x you can
use the Core Rule Set available as part of the ModSecurity
distribution
on www.modsecurity.org
~ Ofer Shezaf
ModSecurity Core Rule Set project leader
CTO, Breach Security
> -----Original Message-----
> From: mod-security-users-bounceslists.sourceforge.net
[mailto:mod-
> security-users-bounceslists.sourceforge.net] On
Behalf Of Ryan
Barnett
> Sent: Tuesday, April 03, 2007 4:37 PM
> To: gotrootsioban.net; mod-security-userslists.sourceforge.net
> Subject: Re: [mod-security-users] Binary packages for
debian
>
> I am putting the finishing touches on a 1.9 to 2.0
Migration Matrix
> that
> will help users to translate directives/functionality
between the Mod
> versions. It should be up on the Mod site soon
(possibly later
today).
>
> --
> Ryan C. Barnett
> ModSecurity Community Manager
> Breach Security: Director of Application Security
Training
> Web Application Security Consortium (WASC) Member
> Author: Preventing Web Attacks with Apache
>
> --------------
> Web Security Threat Report Webinar on May 9, 2007 (12
pm EST)
> Learn More About the Breach Webinar Series:
> http://www.breach.
com/webinars.asp
> --------------
>
>
> > -----Original Message-----
> > From: mod-security-users-bounceslists.sourceforge.net [mailto:mod-
> > security-users-bounceslists.sourceforge.net] On
Behalf Of
> > gotrootsioban.net
> > Sent: Tuesday, April 03, 2007 9:33 AM
> > To: mod-security-userslists.sourceforge.net
> > Subject: Re: [mod-security-users] Binary packages
for debian
> >
> > Hi !
> >
> > Is there any doc to help the migration between
1.9.x and 2.1.x ???
> >
> > I'm somewhat lost
> >
> > I would like a sample of modsecurity.conf with a
little more than
> what
> > is in the .deb...
> >
> > Thanks...
> >
> > Sioban
> >
> >
>
------------------------------------------------------------
-----------
> -
> -
> > Take Surveys. Earn Cash. Influence the Future of
IT
> > Join SourceForge.net's Techsay panel and you'll
get the chance to
> share
> > your
> > opinions on IT & business topics through brief
surveys-and earn cash
> >
>
http://www.techsay.com/default.ph
p?page=join.php&p=sourceforge&CID=DEVD
> E
> V
> > _______________________________________________
> > mod-security-users mailing list
> > mod-security-userslists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/mod-
security-users
>
>
------------------------------------------------------------
-----------
> --
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the
chance to
share
> your
> opinions on IT & business topics through brief
surveys-and earn cash
>
http://www.techsay.com/default.ph
p?page=join.php&p=sourceforge&CID=DEVD
> EV
> _______________________________________________
> mod-security-users mailing list
> mod-security-userslists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-
security-users
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Binary packages for debian |
France |
2007-04-03 09:02:48 |
Ofer Shezaf a écrit :
> In addition, if you are looking for an example conf
file for 2.x you can
> use the Core Rule Set available as part of the
ModSecurity distribution
> on www.modsecurity.org
>
I've finally found them... I'm somewhat dumb about this
one... it's
included in the debian binary...
BTW I've got a lot of audit log since this new one with
strange chars in
them :
Message: Access denied with code 400 (phase 1). Pattern
match
"ÜÆØØdØØ.Å+$" at REQUEST_HEADERS:HOST. Æid
"960017"Å Æmsg "Host header
is a numeric IP address"Å Æseverity
"CRITICAL"Å
Any Idea why it is doing that ?
And one last thing I've noted, on our forum, by simply
posting a new
thread I get warnings like that :
- PHP source code leakage
- ASP/JSP source code leakage
Thanks.
Sioban
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Binary packages for debian |
France |
2007-04-03 09:29:08 |
gotrootsioban.net a écrit :
> BTW I've got a lot of audit log since this new one with
strange chars in
> them :
>
> Message: Access denied with code 400 (phase 1). Pattern
match
> "ÜÆØØdØØ.Å+$" at REQUEST_HEADERS:HOST. Æid
"960017"Å Æmsg "Host header
> is a numeric IP address"Å Æseverity
"CRITICAL"Å
>
> Any Idea why it is doing that ?
>
I've found this one.
That's because I was tailing the audit logs while I got the
'C' part of
the logs printed on my console.
After that I got strange chars, but that's only relevant ot
that
console, so no problems.
Hum BTW.
I didn't find how to tell to filter the post part, is 2.x
doing it ?
I've got a phpbb forum hacked last week because I was not
filtering POST.
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Binary packages for debian |
France |
2007-04-03 10:25:15 |
I've installed the rules from GotRoot but I have a lot of
problem with
that rule (in rules.conf):
SecRule REQUEST_PROTOCOL
"!^HTTP/(0.9|1.0|1.1)$"
"id:340000,severity:1,msg:'Bad HTTP Protocol'"
which locks out any request...
--54d2d61b-A--
[03/Apr/2007:17:19:58 +0200] 3u2SKFt5CDgAAA8thm0AAAAFww.xx.yy.zz 4630
aa.bb.cc.dd 80
--54d2d61b-B--
GET / HTTP/1.1
Host: www.domain.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr;
rv:1.8.1.3)
Gecko/20070309 Firefox/2.0.0.3
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0
.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: phpbb2mysql_data=...
Cache-Control: max-age=0
--54d2d61b-F--
HTTP/1.1 500 Internal Server Error
Content-Length: 538
Connection: close
Content-Type: text/html; charset=iso-8859-1
--54d2d61b-H--
Message: Access denied with code 500 (phase 2). Match of
"rx
^HTTP/(0\.9|1\.0|1\.1)$" against
"REQUEST_PROTOCOL" required. [id "3
40000"] [msg "Bad HTTP Protocol"] [severity
"ALERT"]
Action: Intercepted (phase 2)
Stopwatch: 1175613598437928 3858 (1772 3634 -)
Producer: ModSecurity v2.1.0 (Apache 2.x)
Server: Apache/2.2.3 (Debian)
--54d2d61b-Z--
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Binary packages for debian |
United States |
2007-04-03 10:38:15 |
Take a look at the NOTE for the REQUEST_PROTOCOL variable in
the
Reference Manual -
http://www.modsecurity.org/documentation
/modsecurity-apache/2.1.0/modsec
urity2-apache-reference.html#N10B55
My guess is that the "t:lowercase" transformation
function is being
inherited for this rule so it should be written with
lowercase "http"
instead of "HTTP" -
SecRule REQUEST_PROTOCOL
"!^http/(0.9|1.0|1.1)$"
FYI - this is an example of an overlapping rule between the
GotRoot
rules and the Core Rules. Here is one rule from the
modsecurity_crs_30_http_policy.conf file that does the same
thing
however it takes into account transformation functions (uses
"t:none")
and also optimizes the RegEx a bit -
SecRule REQUEST_PROTOCOL "!^HTTP/(0.9|1.[01])$"
"t:none, deny,log,auditlog,status:505,msg:'HTTP
protocol version is
not allowed by policy', severity:'2',id:'9600
34'"
--
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
--------------
Web Security Threat Report Webinar on May 9, 2007 (12 pm
EST)
Learn More About the Breach Webinar Series:
http://www.breach.
com/webinars.asp
--------------
> -----Original Message-----
> From: mod-security-users-bounceslists.sourceforge.net
[mailto:mod-
> security-users-bounceslists.sourceforge.net] On
Behalf Of
> gotrootsioban.net
> Sent: Tuesday, April 03, 2007 11:25 AM
> To: mod-security-userslists.sourceforge.net
> Subject: Re: [mod-security-users] Binary packages for
debian
>
> I've installed the rules from GotRoot but I have a lot
of problem with
> that rule (in rules.conf):
>
> SecRule REQUEST_PROTOCOL
"!^HTTP/(0.9|1.0|1.1)$"
> "id:340000,severity:1,msg:'Bad HTTP
Protocol'"
>
> which locks out any request...
>
> --54d2d61b-A--
> [03/Apr/2007:17:19:58 +0200] 3u2SKFt5CDgAAA8thm0AAAAFww.xx.yy.zz 4630
> aa.bb.cc.dd 80
> --54d2d61b-B--
> GET / HTTP/1.1
> Host: www.domain.net
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
fr; rv:1.8.1.3)
> Gecko/20070309 Firefox/2.0.0.3
> Accept:
>
text/xml,application/xml,application/xhtml+xml,text/html;q=0
.9,text/plai
n;
> q=0.8,image/png,*/*;q=0.5
> Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Cookie: phpbb2mysql_data=...
> Cache-Control: max-age=0
>
> --54d2d61b-F--
> HTTP/1.1 500 Internal Server Error
> Content-Length: 538
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
>
> --54d2d61b-H--
> Message: Access denied with code 500 (phase 2). Match
of "rx
> ^HTTP/(0\.9|1\.0|1\.1)$" against
"REQUEST_PROTOCOL" required. [id
"3
> 40000"] [msg "Bad HTTP Protocol"]
[severity "ALERT"]
> Action: Intercepted (phase 2)
> Stopwatch: 1175613598437928 3858 (1772 3634 -)
> Producer: ModSecurity v2.1.0 (Apache 2.x)
> Server: Apache/2.2.3 (Debian)
>
> --54d2d61b-Z--
>
>
------------------------------------------------------------
------------
-
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the
chance to
share
> your
> opinions on IT & business topics through brief
surveys-and earn cash
>
http://www.techsay.com/default.p
hp?page=join.php&p=sourceforge&CID=DEVDE
V
> _______________________________________________
> mod-security-users mailing list
> mod-security-userslists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-
security-users
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|
| Re: Binary packages for debian |
France |
2007-04-03 11:07:36 |
Ryan Barnett a écrit :
> My guess is that the "t:lowercase"
transformation function is being
> inherited for this rule so it should be written with
lowercase "http"
> instead of "HTTP" -
>
> SecRule REQUEST_PROTOCOL
"!^http/(0.9|1.0|1.1)$"
>
Yes I've tried that, but even with the lowercase I get
errors 500...
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief
surveys-and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mod-security-users mailing list
mod-security-userslists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-
security-users
|
|