DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #4595 from aledbf/nginx-update

Browse source 
Rollback change of ModSecurity setting SecAuditLog
This commit is contained in:
Kubernetes Prow Robot 2019-09-24 17:05:59 -07:00 committed by GitHub
commit daf8634acf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/user-guide/third-party-addons/modsecurity.md
View file

@ -8,8 +8,8 @@ The default ModSecurity configuration file is located in `/etc/nginx/modsecurity
To enable the ModSecurity feature we need to specify `enable-modsecurity: "true"` in the configuration configmap. To enable the ModSecurity feature we need to specify `enable-modsecurity: "true"` in the configuration configmap.
>__Note:__ the default configuration use detection only, because that minimizes the chances of post-installation disruption. >__Note:__ the default configuration use detection only, because that minimizes the chances of post-installation disruption.
The file `/var/log/modsec_audit.log` contains the log of ModSecurity. Due to the value of the setting [SecAuditLogType=Concurrent](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#secauditlogtype) the ModSecurity log is stored in multiple files inside the directory `/var/log/audit`.
The default `Serial` value in SecAuditLogType can impact performance.
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
The directory `/etc/nginx/owasp-modsecurity-crs` contains the [owasp-modsecurity-crs repository](https://github.com/SpiderLabs/owasp-modsecurity-crs). The directory `/etc/nginx/owasp-modsecurity-crs` contains the [owasp-modsecurity-crs repository](https://github.com/SpiderLabs/owasp-modsecurity-crs).

5
images/nginx/rootfs/build.sh
View file

@ -332,8 +332,8 @@ cp unicode.mapping /etc/nginx/modsecurity/unicode.mapping
# Replace serial logging with concurrent # Replace serial logging with concurrent
sed -i 's|SecAuditLogType Serial|SecAuditLogType Concurrent|g' /etc/nginx/modsecurity/modsecurity.conf sed -i 's|SecAuditLogType Serial|SecAuditLogType Concurrent|g' /etc/nginx/modsecurity/modsecurity.conf
# Use stdout for modsecurity logs # Concurrent logging implies the log is stored in several files
sed -i 's|SecAuditLog /var/log/modsec_audit.log|SecAuditLog /dev/stdout|g' /etc/nginx/modsecurity/modsecurity.conf echo "SecAuditLogStorageDir /var/log/audit/" >> /etc/nginx/modsecurity/modsecurity.conf
# Download owasp modsecurity crs # Download owasp modsecurity crs
cd /etc/nginx/ cd /etc/nginx/
@ -576,6 +576,7 @@ writeDirs=( \
/opt/modsecurity/var/log \ /opt/modsecurity/var/log \
/opt/modsecurity/var/upload \ /opt/modsecurity/var/upload \
/opt/modsecurity/var/audit \ /opt/modsecurity/var/audit \
/var/log/audit \
); );
for dir in "${writeDirs[@]}"; do for dir in "${writeDirs[@]}"; do