Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-12-16 05:19:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0aca2a5aaf5367cb4373771a2c8dd93cc46bad1b
CyberPanel/cyberpanel-mods/security/ModSecurity-Fix-README.md

7.0 KiB
Raw Blame History

CyberPanel ModSecurity Rules Fix

Overview

This fix addresses common issues with ModSecurity Rules Packages in CyberPanel where OWASP ModSecurity Core Rules show as "off" even after installation. The problem typically occurs due to:

  1. Incorrect status detection logic - The system doesn't properly detect installed OWASP rules
  2. Outdated download URLs - The OWASP rules download URL was incorrect
  3. JavaScript state synchronization issues - Frontend toggle state doesn't sync with backend
  4. Missing error handling - Insufficient logging and error reporting

Issues Fixed

1. Status Detection Logic (firewallManager.py)

  • Problem: The getOWASPAndComodoStatus method only checked for modsec/owasp in configuration files
  • Fix: Added multiple detection methods:
    • Check for modsec/owasp in configuration
    • Check for owasp-modsecurity-crs in configuration
    • Verify actual file existence in filesystem
    • Added similar verification for Comodo rules

2. OWASP Rules Download (modSec.py)

  • Problem: Used incorrect GitHub URL that resulted in 404 errors
  • Fix: Updated to use correct GitHub repository URL:
    • Old: https://github.com/coreruleset/coreruleset/archive/v3.3.2/master.zip
    • New: https://github.com/coreruleset/coreruleset/archive/refs/tags/v4.0.0.zip

3. JavaScript State Synchronization (firewall.js)

  • Problem: Toggle state variables weren't properly updated when status was fetched
  • Fix: Added proper state variable updates (owaspInstalled, comodoInstalled) in both update scenarios

4. Error Handling and Logging (modSec.py)

  • Problem: Insufficient logging made debugging difficult
  • Fix: Added comprehensive logging throughout the installation process:
    • Download progress logging
    • Extraction progress logging
    • File verification logging
    • Installation verification

Files Modified

  1. cyberpanel/firewall/firewallManager.py

    • Enhanced getOWASPAndComodoStatus method
    • Added filesystem verification for rule packages

  2. cyberpanel/plogical/modSec.py

    • Updated OWASP download URL to v4.0.0
    • Added comprehensive logging
    • Added installation verification
    • Improved error handling
    • Updated to use simplified CRS v4.0.0 structure

  3. cyberpanel/firewall/static/firewall/firewall.js

    • Fixed JavaScript state synchronization
    • Added proper variable updates

Manual Fix Script

A comprehensive fix script is provided at cyberpanel/cyberpanel-mods/security/modsecurity-fix.sh that:

  1. Backs up current configuration
  2. Downloads and installs OWASP ModSecurity Core Rules v3.3.4
  3. Creates proper configuration files
  4. Sets correct permissions
  5. Updates LiteSpeed configuration
  6. Restarts LiteSpeed
  7. Verifies installation

Running the Fix Script

# Make the script executable
chmod +x cyberpanel/cyberpanel-mods/security/modsecurity-fix.sh

# Run the fix script
./cyberpanel/cyberpanel-mods/security/modsecurity-fix.sh

Manual Installation Steps

If you prefer to fix the issue manually:

1. Download OWASP Rules

cd /tmp
wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v4.0.0.zip -O owasp.zip
unzip owasp.zip -d /usr/local/lsws/conf/modsec/
mv /usr/local/lsws/conf/modsec/coreruleset-4.0.0 /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-4.0.0

2. Set Up Configuration Files

cd /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-4.0.0
cp crs-setup.conf.example crs-setup.conf
cp rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
cp rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf

3. Create Master Configuration

Create /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-4.0.0/owasp-master.conf:

include /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-4.0.0/crs.conf

Note: CRS v4.0.0 uses a simplified structure with a single crs.conf file that includes all necessary rules, unlike v3.x which required individual rule file includes.

Key Differences in CRS v4.0.0:

  • Simplified Configuration: Single crs.conf file instead of multiple individual rule files
  • Plugin System: Replaced application exclusion packages with a plugin system
  • Improved Performance: Better rule organization and execution
  • Enhanced Security: Updated attack patterns and detection methods
  • Better Documentation: Improved configuration examples and guides

4. Update LiteSpeed Configuration

Add to /usr/local/lsws/conf/httpd_config.conf:

modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-4.0.0/owasp-master.conf

5. Set Permissions and Restart

chown -R lsadm:lsadm /usr/local/lsws/conf/modsec
chmod -R 755 /usr/local/lsws/conf/modsec
systemctl restart lsws

Verification

After applying the fix:

  1. Access CyberPanel → Security → ModSecurity Rules Packages
  2. Check Status: OWASP ModSecurity Core Rules should show as "enabled"
  3. Test Toggle: The toggle should work properly (enable/disable)
  4. Check Logs: Verify no errors in ModSecurity logs

Troubleshooting

Common Issues

  1. Rules still show as disabled

    • Check file permissions: ls -la /usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/
    • Verify configuration: grep -i owasp /usr/local/lsws/conf/httpd_config.conf
    • Check LiteSpeed logs: tail -f /usr/local/lsws/logs/error.log

  2. Download fails

    • Check internet connectivity
    • Verify GitHub access: curl -I https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.4.zip
    • Try manual download and extraction

  3. LiteSpeed won't start

    • Check configuration syntax: /usr/local/lsws/bin/lshttpd -t
    • Restore backup: cp /usr/local/lsws/conf/httpd_config.conf.backup.* /usr/local/lsws/conf/httpd_config.conf
    • Check ModSecurity syntax

Log Files

  • ModSecurity Log: /usr/local/lsws/logs/modsec.log
  • Audit Log: /usr/local/lsws/logs/auditmodsec.log
  • Installation Log: /home/cyberpanel/modSecInstallLog
  • LiteSpeed Error Log: /usr/local/lsws/logs/error.log

Security Considerations

  1. Rule Updates: Regularly update OWASP rules for latest security patterns
  2. False Positives: Monitor logs for legitimate traffic being blocked
  3. Performance: OWASP rules can impact performance - monitor server resources
  4. Custom Rules: Add custom rules in /usr/local/lsws/conf/modsec/rules.conf

Support

If you encounter issues after applying this fix:

  1. Check the troubleshooting section above
  2. Review log files for specific error messages
  3. Verify all file permissions and ownership
  4. Test with a simple configuration first

Changelog

  • v1.0: Initial fix for ModSecurity status detection issues
  • v1.1: Added comprehensive logging and error handling
  • v1.2: Updated to OWASP CRS v4.0.0 and improved verification
  • v1.3: Simplified configuration structure for CRS v4.0.0 compatibility
Reference in New Issue View Git Blame Copy Permalink