[Owasp-modsecurity-core-rule-set] Updating CRS

Arthur Dent misc.lists at blueyonder.co.uk
Sat Feb 6 08:03:59 EST 2010


Hello,

In the latest version of CRS the README file contains the following
text:

"You can optionally automatically download the latest rules by using the
rules-updater.pl script in the /util directory.  Refer to the README
file in the /util dir."

The util directory in the tarball however contains neither a
rules-updater script, nor a readme file.

This leads me to a more generic question - How best to maintain one's
ruleset.

I would very much like some sort of automatic (or configurable
semi-automatic) updating process. I am also a little concerned about
local exceptions. A little while ago Ryan was very helpful in getting me
over some FP problems. The solution involved updating
modsecurity_crs_48_local_exceptions.conf. Today I updated to CRS 2.0.5
and, having unpacked the tarball, was merrily copying the files
into /etc/httpd/modsecurity.d/base_rules/ Fortunately my root
environment has overwrite confirmation on, and I realised just in the
nick of time that I was about to overwrite the file with Ryan's rule
exceptions in.

Is there no way to engineer a system - possibly a bit like
spamassassin's sa-update which receives rule updates, but where local
modifications are stored in a local.conf file which is untouched by the
update process?

Just a thought...

Mark





More information about the Owasp-modsecurity-core-rule-set mailing list