Providing convenient commands for ModSecurity management
jwall-tools is a Java package, which basically contains a set of simple commands, all related to ModSecurity or ModSecurity audit-logs.
A small list of currently provided features contains:
- sending audit-logs (serial and concurrent) to a remote console
- updating an AuditConsole to the latest revision
- viewing ModSecurity collections' contents
- gathering statistics of audit-log data
- viewing Apache config trees (inclusion tree)
- archiving Apache configurations (by following include directives)
There also exists a variety of other commands as well, which are currently in a beta-state.
The jwall-tools can be used by executing the self-contained Java archive. To achieve a more convenient usage, there exists a wrapper shell-script called
jwall. This is included in the RPM- and Debian packages.
The simplest way to install the
jwall-tools is by installing the appropriate package for your OS system. There are RPM and Debian packages available:
All packages are signed with my GPG key, with key ID
C5C3953C. The key's fingerprint is:
pub 1024D/C5C3953C 2009-11-11 Key fingerprint = 4324 5FA1 EA37 1C3E EFE3 0730 A5CE 7F45 C5C3 953C
As noted above, the prepare packages contain a wrapper script, which can be used to conveniently start the commands. Simply issuing
jwall at the command prompt will provide you with a list of available sub-commands (see below).
In addition to that, there exists some documentation of the
jwall-tools as part of the AuditConsole User Guide.
[chris@jwall] $ jwall jwall-tools ------------ The jwall-tools consists of an executable jar file that can be run by issuing java -jar jwall-tools.jar COMMAND ARGS where COMMAND specifies the tool you want to execute and ARGS is the list of parameters required for this tool. The following tools (commands) are available: send Allows for sending event-log-files to the AuditConsole or the ModSecurity Community Console send-dir Sends all events found in files within a specified directory to the AuditConsole count Simply counting the number of events in a serial ModSecurity audit-log file stats Count/aggregate attack statistics of a given ModSecurity audit-log file mstats Count/aggregate attack statistics from a series of 'Message:' lines apache2html Creates a HTML page from Apache configurations crs2html Create a HTML page for the core-rules set collections console-update Allows for easily upgrading the AuditConsole config-tree Shows the inclusion-tree of an Apache configuration config-zip This command allows for storing all files referenced by the httpd.conf in a ZIP archive To see a list of options and help for the different commands, simply invoke the command without any parameters.