From 613f77c538864a5e3c46ae7e64bf569140a5fc50 Mon Sep 17 00:00:00 2001 From: Seb Date: Sat, 21 Dec 2024 22:43:34 +0800 Subject: [PATCH 1/4] Fixed astrix not being passed to shell Initially tried to add all files ending in .conf in correct dir to a string in {a,b,c,d} form for cp, but ran into a char limit for cp so sadly went with the slower for loop method --- import_apache_waf.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/import_apache_waf.py b/import_apache_waf.py index f05c90e..1cde70f 100644 --- a/import_apache_waf.py +++ b/import_apache_waf.py @@ -5,14 +5,29 @@ import logging logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s") WAF_DIR = "waf_patterns/apache" -APACHE_WAF_DIR = "/etc/modsecurity.d/" +# APACHE_WAF_DIR = "/etc/modsecurity.d/" # remember to change this back to this +APACHE_WAF_DIR = "testing/" # remember to change this back to this + APACHE_CONF = "/etc/apache2/apache2.conf" INCLUDE_STATEMENT = "IncludeOptional /etc/modsecurity.d/*.conf" + + def copy_waf_files(): logging.info("Copying Apache WAF patterns...") os.makedirs(APACHE_WAF_DIR, exist_ok=True) - subprocess.run(["cp", "-R", f"{WAF_DIR}/*", APACHE_WAF_DIR], check=True) + list_of_files = os.listdir(WAF_DIR) + workaround = "{" + for conf_file in list_of_files: + # print(conf_file) + if conf_file.endswith('.conf'): + subprocess.run(["cp", f"{WAF_DIR}/{conf_file}", APACHE_WAF_DIR], check=True) + # print("Match") + workaround = workaround[:-1] # removes the last comma + workaround += "}" + print(workaround) + + def update_apache_conf(): logging.info("Ensuring WAF patterns are included in apache2.conf...") @@ -33,6 +48,7 @@ def reload_apache(): subprocess.run(["systemctl", "reload", "apache2"], check=True) if __name__ == "__main__": + copy_waf_files() update_apache_conf() reload_apache() From d34ec3ecf51feb7f6ec302e184abb86101983ca8 Mon Sep 17 00:00:00 2001 From: Sebastian Gazey Date: Sat, 21 Dec 2024 22:51:02 +0800 Subject: [PATCH 2/4] seems to work --- import_apache_waf.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/import_apache_waf.py b/import_apache_waf.py index 1cde70f..119407f 100644 --- a/import_apache_waf.py +++ b/import_apache_waf.py @@ -5,8 +5,7 @@ import logging logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s") WAF_DIR = "waf_patterns/apache" -# APACHE_WAF_DIR = "/etc/modsecurity.d/" # remember to change this back to this -APACHE_WAF_DIR = "testing/" # remember to change this back to this +APACHE_WAF_DIR = "/etc/modsecurity.d/" APACHE_CONF = "/etc/apache2/apache2.conf" INCLUDE_STATEMENT = "IncludeOptional /etc/modsecurity.d/*.conf" From 6c267fbb63a04e092246ff3b9d44629a38bb8786 Mon Sep 17 00:00:00 2001 From: Seb Date: Sat, 21 Dec 2024 22:59:50 +0800 Subject: [PATCH 3/4] Tidied the code a bit Whoops, forgot to actually clean the code in my haste, apologies --- import_apache_waf.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/import_apache_waf.py b/import_apache_waf.py index 119407f..50b294b 100644 --- a/import_apache_waf.py +++ b/import_apache_waf.py @@ -6,7 +6,6 @@ logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(levelname)s - %( WAF_DIR = "waf_patterns/apache" APACHE_WAF_DIR = "/etc/modsecurity.d/" - APACHE_CONF = "/etc/apache2/apache2.conf" INCLUDE_STATEMENT = "IncludeOptional /etc/modsecurity.d/*.conf" @@ -18,13 +17,8 @@ def copy_waf_files(): list_of_files = os.listdir(WAF_DIR) workaround = "{" for conf_file in list_of_files: - # print(conf_file) if conf_file.endswith('.conf'): subprocess.run(["cp", f"{WAF_DIR}/{conf_file}", APACHE_WAF_DIR], check=True) - # print("Match") - workaround = workaround[:-1] # removes the last comma - workaround += "}" - print(workaround) @@ -47,7 +41,6 @@ def reload_apache(): subprocess.run(["systemctl", "reload", "apache2"], check=True) if __name__ == "__main__": - copy_waf_files() update_apache_conf() reload_apache() From c58a1b486fc25e51cc32d86704f58077d030f642 Mon Sep 17 00:00:00 2001 From: Seb Date: Sat, 21 Dec 2024 23:03:25 +0800 Subject: [PATCH 4/4] Added fixes to Caddy and Ngnix Did the same fixes that have been done to Apache to Caddy and Nginx --- import_apache_waf.py | 1 - import_caddy_waf.py | 5 ++++- import_nginx_waf.py | 5 ++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/import_apache_waf.py b/import_apache_waf.py index 50b294b..6f6d060 100644 --- a/import_apache_waf.py +++ b/import_apache_waf.py @@ -15,7 +15,6 @@ def copy_waf_files(): logging.info("Copying Apache WAF patterns...") os.makedirs(APACHE_WAF_DIR, exist_ok=True) list_of_files = os.listdir(WAF_DIR) - workaround = "{" for conf_file in list_of_files: if conf_file.endswith('.conf'): subprocess.run(["cp", f"{WAF_DIR}/{conf_file}", APACHE_WAF_DIR], check=True) diff --git a/import_caddy_waf.py b/import_caddy_waf.py index e099862..65e0b7e 100644 --- a/import_caddy_waf.py +++ b/import_caddy_waf.py @@ -12,7 +12,10 @@ INCLUDE_STATEMENT = "import waf/*.conf" def copy_waf_files(): logging.info("Copying Caddy WAF patterns...") os.makedirs(CADDY_WAF_DIR, exist_ok=True) - subprocess.run(["cp", "-R", f"{WAF_DIR}/*", CADDY_WAF_DIR], check=True) + list_of_files = os.listdir(WAF_DIR) + for conf_file in list_of_files: + if conf_file.endswith('.conf'): + subprocess.run(["cp", f"{WAF_DIR}/{conf_file}", CADDY_WAF_DIR], check=True) def update_caddyfile(): logging.info("Ensuring WAF patterns are imported in Caddyfile...") diff --git a/import_nginx_waf.py b/import_nginx_waf.py index 4fa42d9..8d99954 100644 --- a/import_nginx_waf.py +++ b/import_nginx_waf.py @@ -12,7 +12,10 @@ INCLUDE_STATEMENT = "include /etc/nginx/waf/*.conf;" def copy_waf_files(): logging.info("Copying Nginx WAF patterns...") os.makedirs(NGINX_WAF_DIR, exist_ok=True) - subprocess.run(["cp", "-R", f"{WAF_DIR}/*", NGINX_WAF_DIR], check=True) + list_of_files = os.listdir(WAF_DIR) + for conf_file in list_of_files: + if conf_file.endswith('.conf'): + subprocess.run(["cp", f"{WAF_DIR}/{conf_file}", NGINX_WAF_DIR], check=True) def update_nginx_conf(): logging.info("Ensuring WAF patterns are included in nginx.conf...")