Topic: New contrib : mod_security2

[Fof]

hi guys,

I just created my second SMEserver's package which is the very powerful and useful module for apache2 but I have always no cvs access... what's a  pity ! (cf http://forums.contribs.org/index.php/topic,42830.0.html)

I'm pressed to uploads my contribs.

Best regards.

[cactus]

but I have always no cvs access... what's a  pity !

Please stop commenting on this in the forum in every topic you create. Use the bug you created for that. It is there for a reason, if you are wondering why it is not picked up: try there.

[Franco]

where is the package?

[Fof]

where is the package?

I have to get an access through sourceforge in order to upload my contribs on the cvs.

[Franco]

I have to get an access through sourceforge in order to upload my contribs on the cvs.

Why wait? Put it up somewhere so we can try! What does mod_security2 do?

Thanks,

[Fof]

Why wait? Put it up somewhere so we can try! What does mod_security2 do?

Thanks,

Somewhere on my own servers did you mean ?
Actually, I could upload my contribs on my server for some tests, it's really not a problem.

[Franco]

That's what I mean
Let us know and I'll be happy to test.

Thanks,

[Fof]

That's what I mean
Let us know and I'll be happy to test.

Thanks,

Ovidentia :
http://www.deblogtoi.com/index.php?post/2008/12/08/%5BUnofficial-Contrib%5D-%3A-Ovidentia-3.7.3-1-pour-SME-Server

ModSecurity :
http://www.deblogtoi.com/index.php?post/2008/12/22/ModSecurity-2.5.7-1-for-SME-server

[CharlieBrady]

Fof, please also supply links to your src.rpm files.

[Fof]

Ok, sorry, I will package it with the "-ba" option tomorrow.

[Fof]

I have supplied the src.rpm as well

Thanks.

[Fof]

I have improved the building process in order to build much better as said in the devguide.

ModSecurity-2.5.7 release 2 :
http://www.deblogtoi.com/public/informatique/SME_Server/modsecurity-2.5.7-2.src.rpm
http://www.deblogtoi.com/public/informatique/SME_Server/modsecurity-2.5.7-2.i386.rpm

[cactus]

I have improved the building process in order to build much better as said in the devguide.

No you did not, as there are still actions being done in the SPEC file. Please subscribe to the devinfo mailinglist so we can discuss and help you there.

[CharlieBrady]

No you did not, as there are still actions being done in the SPEC file. Please subscribe to the devinfo mailinglist so we can discuss and help you there.

Cactus, alternatively you could open bugs in the bug tracker, and we can provide feedback there.

[soprom]

Please tell us more about what it does!
Why should I use this for?
does it compare to snort?

[CharlieBrady]

Please tell us more about what it does!
Why should I use this for?
does it compare to snort?

Just a tiny bit of effort will provide answers to your questions:

http://www.google.com.au/search?q=mod_security2

[soprom]

Thanks Charlie, but I had already done that. But since I'm not good at ready rpms, I'd like to understand a little more if this is important or not in SME and if Snort does the same on a separate firewall.

[Fof]

Snort is an IDS and not a firewall. The currently firewall is Netfilter but it's used for intercepting and manipulationg the network package (filtering).
On the other hand, modSecurity is used for parsing the http headers because the most of attacks come from URL.

From the modsecurity doc :
"ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the
web application level, organisations need all the help they can get in making their systems secure. WAFs
are deployed to establish an increased external security layer to detect and/or prevent attacks before they
reach web applications. ModSecurity provides protection from a range of attacks against web applications
and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infra-
structure."

Is it better now ?