How do I update the rules?
54 views
Skip to first unread message
Blason R
Nov 4, 2022, 1:57:17 PM11/4/22
to ModSecurity Core Rule Set project
Hi Team,
Is there an automated script by which rules will be automatically updated? or does the administrator have to manually clone from git and then copy the rules to config directory?
TIA
Blason R
Ervin Hegedüs
Nov 4, 2022, 4:43:29 PM11/4/22
to Blason R, ModSecurity Core Rule Set project
Hi Blason,
sorry to ask you, but could you specify your question more exactly?
On what operation system you use ModSecurity with CRS?
Does that system have any packaging system?
Btw, I think in production env, you shold use only the last
stable release - it's your decision, which version (3.3, 3.2).
You can download any of them from project's Github page:
https://github.com/coreruleset/coreruleset/releases
Regards,
a.
On what operation system you use ModSecurity with CRS?
Does that system have any packaging system?
Btw, I think in production env, you shold use only the last
stable release - it's your decision, which version (3.3, 3.2).
You can download any of them from project's Github page:
https://github.com/coreruleset/coreruleset/releases
Regards,
a.
Blason R
Nov 4, 2022, 9:24:37 PM11/4/22
to Ervin Hegedüs, ModSecurity Core Rule Set project
Hi Ervin,
This is on Ubuntu 20.04 and yes it's with packaged system. The intention behind asking the question is let's suppose any one rule is updated on git how crs administrator will come to know about it? Does he need to keep following got updates or is there is automated mechanism to update the rules? Or it's a complete manual procedure?
Ervin Hegedüs
Nov 5, 2022, 7:53:34 AM11/5/22
to Blason R, ModSecurity Core Rule Set project
Hi Blason,
On Sat, Nov 05, 2022 at 06:54:24AM +0530, Blason R wrote:
> Hi Ervin,
> The intention behind asking the question is let's suppose any one rule
> is updated on git how crs administrator will come to know about it? Does
> he need to keep following got updates or is there is automated mechanism
> to update the rules? Or it's a complete manual procedure?
I thought that the reason was what you've explained here.
But I'm not sure the CRS admin needs to care, which rule had
updated and why. Try to think about CRS like any other package:
all necessary info is in the CHANGELOG, and you don't know about
every details.
I think CRS has a very good structure, I mean things which does
dot correlate strictly to the rule set are out of the rule set
(eg. custom settings).
If a rule had changed, you can be sure it has an important
reason.
And CRS is a "SET", an independent individual entity, therefore
if you use it, then you have to use it all (except you know what
you are doing).
If a new CRS version released, you can replace the old one with
it in place. The necessary modifications will be in the CHANGELOG
(eg. if you have a custom crs-setup.conf).
I think this is the only file (crs-setup.conf) what you have to
care - but always need to read the CHANGELOG.
Hope I could help to clarify the situation. If you have any
question, let me know!
a.
On Sat, Nov 05, 2022 at 06:54:24AM +0530, Blason R wrote:
> Hi Ervin,
>
> This is on Ubuntu 20.04 and yes it's with packaged system.
thanks,
> This is on Ubuntu 20.04 and yes it's with packaged system.
> The intention behind asking the question is let's suppose any one rule
> is updated on git how crs administrator will come to know about it? Does
> he need to keep following got updates or is there is automated mechanism
> to update the rules? Or it's a complete manual procedure?
But I'm not sure the CRS admin needs to care, which rule had
updated and why. Try to think about CRS like any other package:
all necessary info is in the CHANGELOG, and you don't know about
every details.
I think CRS has a very good structure, I mean things which does
dot correlate strictly to the rule set are out of the rule set
(eg. custom settings).
If a rule had changed, you can be sure it has an important
reason.
And CRS is a "SET", an independent individual entity, therefore
if you use it, then you have to use it all (except you know what
you are doing).
If a new CRS version released, you can replace the old one with
it in place. The necessary modifications will be in the CHANGELOG
(eg. if you have a custom crs-setup.conf).
I think this is the only file (crs-setup.conf) what you have to
care - but always need to read the CHANGELOG.
Hope I could help to clarify the situation. If you have any
question, let me know!
a.
Blason R
Nov 6, 2022, 1:33:03 AM11/6/22
to Ervin Hegedüs, ModSecurity Core Rule Set project
That sounds good and thanks for the clarification.
Reply all
Reply to author
Forward
0 new messages