search

coreruleset / documentation

CRS Documentation
https://coreruleset.org/docs/
3 stars 20 forks source link

chore: update naming and use crs-version where needed #112

Closed fzipi closed 6 months ago

fzipi commented 6 months ago
dune73 commented 6 months ago

Why do you do a folder coreruleset instead of crs?

fzipi commented 6 months ago

That's how we provide our tarballs. If we want to rename everything, we can, but not before tomorrow, right?

We need to rename our main repo from coreruleset/coreruleset to coreruleset/crs, basically. And change everything around (docs, wiki, installer, links).

dune73 commented 6 months ago

No, that's not what I am talking about. I'm talking about

tar -zxvf v{{< param crs_latest_release >}}.tar.gz -C /etc/httpd/modsecurity.d/coreruleset

If you do this to mirror the repo name, then cool. But it's obviously an arbitrary choice (and better than owasp-modsecurity-crs.

fzipi commented 6 months ago

What about now?

dune73 commented 6 months ago

Very good thanks.

What I see still missing is the plugins includes. Going to comment in code.

dune73 commented 6 months ago

Ah, no, need to comment here, since you did not touch those lines:


Include modsecurity.d/crs/crs-setup.conf

Include modsecurity.d/crs/plugins/*-config.conf
Include modsecurity.d/crs/plugins/*-before.conf

Include modsecurity.d/crs/rules/*.conf

Include modsecurity.d/crs/plugins/*-after.conf
fzipi commented 6 months ago

What about the nginx version?

fzipi commented 6 months ago

ping @dune73

dune73 commented 6 months ago

Sorry, I do not get the question. What's with nginx? Same layout, I think.

fzipi commented 6 months ago

So include works the same way in nginx?

dune73 commented 6 months ago

@airween could you please confirm?

dune73 commented 6 months ago

There is a problem with the tar now:

tar -zxvf v{{< param crs_latest_release >}}.tar.gz -C /etc/httpd/modsecurity.d/crs

We're likely ending up with something along modsecurity.d/crs/coreruleset-nightly.

Not sure how we want to deal with this.

dune73 commented 6 months ago

The extended install lacks the extraction step.

I suggest to fix the tar above and then to copy that over to the extended install.

dune73 commented 6 months ago

Please update gpg --verify coreruleset-3.3.2.tar.gz.asc v3.3.2.tar.gz to v4. (can't comment in the file since you did not touch this).

airween commented 6 months ago

Ah, no, need to comment here, since you did not touch those lines:


Include modsecurity.d/crs/crs-setup.conf

Include modsecurity.d/crs/plugins/*-config.conf
Include modsecurity.d/crs/plugins/*-before.conf

Include modsecurity.d/crs/rules/*.conf

Include modsecurity.d/crs/plugins/*-after.conf

This works for me with Nginx (with different directory name) - but everything is the same.

Include /PATH/TO/CRS/crs-setup.conf

Include /PATH/TO/CRS/plugins/*-config.conf
Include /PATH/TO/CRS/plugins/*-before.conf

Include /PATH/TO/CRS/rules/*.conf

Include /PATH/TO/CRS/plugins/*-after.conf
fzipi commented 6 months ago

Then this Include simplifies everything. But there is no IncludeOptional... right? So it may fail if you don't have plugins.

airween commented 6 months ago

Then this Include simplifies everything. But there is no IncludeOptional... right? So it may fail if you don't have plugins.

Yes, Nginx does not support IncludeOptional at all.

dune73 commented 6 months ago

That's why we ship with

dune73@leander plugins>l
total 12K
drwxr-xr-x  2 dune73 dune73 4.0K Nov 23 09:38 .
drwxr-xr-x 10 dune73 dune73 4.0K Feb 14 14:41 ..
-rw-r--r--  1 dune73 dune73    0 Nov 23 09:38 empty-after.conf
-rw-r--r--  1 dune73 dune73    0 Nov 23 09:38 empty-before.conf
-rw-r--r--  1 dune73 dune73    0 Nov 23 09:38 empty-config.conf
fzipi commented 6 months ago

All reviews addressed now.

dune73 commented 6 months ago

OK, then let's go. We can always update again for the website.