cronupdate OWAS Core Rule Set (CRS)
40 views
Skip to first unread message
Max Mustermann
Dec 19, 2021, 10:52:48 AM12/19/21
to ModSecurity Core Rule Set project
Hi
I have downloaded latest OWASP CRS from GitHub (wget https://github.com/coreruleset/coreruleset/archive/v3.3.0.tar.gz).
What kind of possibilities are available to keep the rules up-to-date?
Where to check if a new version is available OR download automated via cron periodically updates?
What kind of possibilities are available to keep the rules up-to-date?
Where to check if a new version is available OR download automated via cron periodically updates?
I saw the possiblility to update ("sudo python
/etc/apache2/owasp-modsecurity-crs/util/upgrade.py --crs") but seems not
to work: sudo /usr/share/modsecurity-crs/util/upgrade.py --crs => crs: Not a git repository: /usr/share/modsecurity-crs. I do have /etc/apache2/modsecurity-crs/coreruleset-3.3.0 installed ....?
Thanks in advance.
BR,
Mike
Christian Folini
Dec 19, 2021, 11:06:19 AM12/19/21
to 'Max Mustermann' via ModSecurity Core Rule Set project
Hey Mike,
Updates with CRS are very rare. Like 1-2 per year.
We do not do just in time rule updates for new vulnerabilities.
Updates are meant to go by hand or via the Linux distro.
On Sun, Dec 19, 2021 at 07:52:48AM -0800, 'Max Mustermann' via ModSecurity Core Rule Set project wrote:
> I saw the possiblility to update ("sudo python
> /etc/apache2/owasp-modsecurity-crs/util/upgrade.py --crs") but seems not to
> work: sudo /usr/share/modsecurity-crs/util/upgrade.py --crs => *crs: Not a
> git repository: /usr/share/modsecurity-crs*. I do have
> /etc/apache2/modsecurity-crs/coreruleset-3.3.0 installed ....?
I was never a fan of the script, but it probably ceased to work when we moved
the repo away from Trustwave.
Cheers,
Christian
> Thanks in advance.
>
> BR,
> Mike
>
> --
> You received this message because you are subscribed to the Google Groups "ModSecurity Core Rule Set project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to modsecurity-core-rule-...@owasp.org.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/modsecurity-core-rule-set-project/c8cc1a0d-c2e9-4d39-b994-35ca40b925d0n%40owasp.org.
Updates with CRS are very rare. Like 1-2 per year.
We do not do just in time rule updates for new vulnerabilities.
Updates are meant to go by hand or via the Linux distro.
On Sun, Dec 19, 2021 at 07:52:48AM -0800, 'Max Mustermann' via ModSecurity Core Rule Set project wrote:
> I saw the possiblility to update ("sudo python
> /etc/apache2/owasp-modsecurity-crs/util/upgrade.py --crs") but seems not to
> git repository: /usr/share/modsecurity-crs*. I do have
> /etc/apache2/modsecurity-crs/coreruleset-3.3.0 installed ....?
I was never a fan of the script, but it probably ceased to work when we moved
the repo away from Trustwave.
Cheers,
Christian
> Thanks in advance.
>
> BR,
> Mike
>
> You received this message because you are subscribed to the Google Groups "ModSecurity Core Rule Set project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to modsecurity-core-rule-...@owasp.org.
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/modsecurity-core-rule-set-project/c8cc1a0d-c2e9-4d39-b994-35ca40b925d0n%40owasp.org.
Ervin Hegedüs
Dec 19, 2021, 11:15:31 AM12/19/21
to Max Mustermann, ModSecurity Core Rule Set project
Hi Mike,
On Sun, Dec 19, 2021 at 07:52:48AM -0800, 'Max Mustermann' via ModSecurity Core Rule Set project wrote:
https://github.com/SpiderLabs/ModSecurity/issues/2655
Well, this is the better platform for this question, I think you
should close that issue.
Do you know the `update.py` where comes from? Coreruleset tar.gz
does not contain it. Perhaps you have some really old copy of the
CRS in that directory.
Based on the message: "Not a git repository" I assume this is a
git wrapper, which is looking for a local git repository. But if
you downloaded the source tree as tar.gz, then that's not a git
repository.
You should try the upgrade via git:
sudo mkdir /usr/share/coreruleset
cd /usr/share/coreruleset
sudo git clone https://github.com/coreruleset/coreruleset.git --branch v3.3/master --single-branch
Then you *MUST* reconfigure the Apache configuration file that
the engine use this new path isntead of the existing one. (Please
note, that the project has a new name: "Coreruleset"). Don't
forget to set the existing settings, eg. PL, exlusions...
Then you will get the updates if you run the command
sudo git pull origin
in that directory.
I think this is the best way what you can do now.
Regards,
a.
On Sun, Dec 19, 2021 at 07:52:48AM -0800, 'Max Mustermann' via ModSecurity Core Rule Set project wrote:
> I have downloaded latest OWASP CRS from GitHub (wget
> https://github.com/coreruleset/coreruleset/archive/v3.3.0.tar.gz).
> What kind of possibilities are available to keep the rules up-to-date?
> Where to check if a new version is available *OR* download automated via
> https://github.com/coreruleset/coreruleset/archive/v3.3.0.tar.gz).
> What kind of possibilities are available to keep the rules up-to-date?
> cron periodically updates?
>
> I saw the possiblility to update ("sudo python
> /etc/apache2/owasp-modsecurity-crs/util/upgrade.py --crs") but seems not to
>
> I saw the possiblility to update ("sudo python
> /etc/apache2/owasp-modsecurity-crs/util/upgrade.py --crs") but seems not to
> work: sudo /usr/share/modsecurity-crs/util/upgrade.py --crs => *crs: Not a
> git repository: /usr/share/modsecurity-crs*. I do have
> /etc/apache2/modsecurity-crs/coreruleset-3.3.0 installed ....?
> Thanks in advance.
I assume you opened a GH issue here:
> Thanks in advance.
https://github.com/SpiderLabs/ModSecurity/issues/2655
Well, this is the better platform for this question, I think you
should close that issue.
Do you know the `update.py` where comes from? Coreruleset tar.gz
does not contain it. Perhaps you have some really old copy of the
CRS in that directory.
Based on the message: "Not a git repository" I assume this is a
git wrapper, which is looking for a local git repository. But if
you downloaded the source tree as tar.gz, then that's not a git
repository.
You should try the upgrade via git:
sudo mkdir /usr/share/coreruleset
cd /usr/share/coreruleset
sudo git clone https://github.com/coreruleset/coreruleset.git --branch v3.3/master --single-branch
Then you *MUST* reconfigure the Apache configuration file that
the engine use this new path isntead of the existing one. (Please
note, that the project has a new name: "Coreruleset"). Don't
forget to set the existing settings, eg. PL, exlusions...
Then you will get the updates if you run the command
sudo git pull origin
in that directory.
I think this is the best way what you can do now.
Regards,
a.
Reply all
Reply to author
Forward
0 new messages