Change SecRuleEngine and SetDefaultAction config

Updating SecRuleEngine to On and SetDefaultAction to deny,status:403. Recommended modsecurity.conf and default crs-setup.conf files neither process rules nor set the status code. Logging changed to stderr only.
jcmoraisjr · May 28, 2018 · 58a466d · 58a466d
1 parent 12b0c14
commit 58a466d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -20,7 +20,9 @@ will be used, included in the same order as they have been declared. If no confi
 declared, the following will be used:
 
 * `/etc/modsecurity/modsecurity.conf`: ModSecurity recommended config, from ModSecurity [repository](https://github.com/SpiderLabs/ModSecurity/tree/v2/master)
+    * Changes: `SecRuleEngine`, changed from `DetectionOnly` to `On`
 * `/etc/modsecurity/owasp-modsecurity-crs.conf`: Generic attack detection rules for ModSecurity, from OWASP ModSecurity CRS [repository](https://github.com/SpiderLabs/owasp-modsecurity-crs)
+    * Changes: `SecDefaultAction`, `phase:1` and `phase:2`, changed from `log,auditlog,pass` to `log,noauditlog,deny,status:403`
 
 Options are: (from modsecurity agent -h)
 

diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile
@@ -69,6 +69,12 @@ RUN mkdir -p /etc/modsecurity/owasp-modsecurity-crs \
             /etc/modsecurity/owasp-modsecurity-crs \
             -type f -name '*.example' \
         | while read -r f; do cp -p "$f" "${f%.example}"; done \
+    && sed -i.example \
+        's/^SecRuleEngine .*/SecRuleEngine On/' \
+        /etc/modsecurity/modsecurity.conf \
+    && sed -i.example \
+        's/^\(SecDefaultAction "phase:[12]\),log,auditlog,pass"/\1,log,noauditlog,deny,status:403"/' \
+        /etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf \
     && find \
             /etc/modsecurity/owasp-modsecurity-crs \
             -type f -maxdepth 1 -name '*.conf' \