[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Mod Security 2.1.x

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Mod Security 2.1.x
From: ossec@xxxxxxxxxx
Date: Thu, 12 Apr 2007 13:57:22 +0200
Content-transfer-encoding: 7bit

Hi !

I've adjusted the rule for mod security as in 2.1.x the message changed
a little in error logs (mod_security was replaced by ModSecurity) :

  <rule id="30118" level="6">
    <if_sid>30101</if_sid>
    <match>mod_security: Access denied|ModSecurity: Access denied</match>
    <description>Access attempt blocked by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

Sioban

BTW, did you see this message ?? :

---------------------------------8<-----------------------------------

Hi !

I've just installed SUHOSIN with my php install.

I've got some logs I'd like to submit :

Apr  1 11:44:40 localhost suhosin[24239]: ALERT - configured request
variable value length limit exceeded - dropped variable 'introtext'
(attacker '192.168.1.2', file '/var/www/site/administrator/index2.php')
Apr  1 11:47:20 localhost suhosin[23611]: ALERT - configured request
variable value length limit exceeded - dropped variable 'content'
(attacker '192.168.1.2', file '/var/www/site/index.php')
Apr  1 12:06:38 localhost suhosin[24241]: ALERT - configured request
variable value length limit exceeded - dropped variable 'introtext'
(attacker '192.168.1.2', file '/var/www/site/administrator/index2.php')
Apr  1 12:06:41 localhost suhosin[24240]: ALERT - configured request
variable value length limit exceeded - dropped variable 'content'
(attacker '192.168.1.2', file '/var/www/site/index.php')
Apr  1 12:18:01 localhost suhosin[23606]: ALERT - configured request
variable value length limit exceeded - dropped variable 'introtext'
(attacker '192.168.1.2', file '/var/www/site/administrator/index2.php')
Apr  1 12:18:26 localhost suhosin[23609]: ALERT - configured request
variable value length limit exceeded - dropped variable 'content'
(attacker '192.168.1.2', file '/var/www/site/index.php')
Apr  1 12:24:34 localhost suhosin[3729]: ALERT - configured request
variable value length limit exceeded - dropped variable 'introtext'
(attacker '192.168.1.2', file '/var/www/site/administrator/index2.php')
Apr  1 12:40:24 localhost suhosin[23610]: ALERT - configured request
variable value length limit exceeded - dropped variable 'content'
(attacker '192.168.1.2', file '/var/www/site/index.php')

That way you'll be able to add rules/decoder.

You can find informations about suhosin here :
http://www.hardened-php.net/suhosin.127.html

Thanks

Sioban.

Prev by Date: [ossec-list] Re: ossec startup
Next by Date: [ossec-list] Re: ossec startup
Previous by thread: [ossec-list] Re: bastille linux
Next by thread: [ossec-list] Re: Mod Security 2.1.x
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.