Skip to content

Instantly share code, notes, and snippets.

View zimmerle's full-sized avatar
☠️
Doing something cool :)

Felipe Zimmerle zimmerle

☠️
Doing something cool :)
321 followers · 66 following
View GitHub Profile
@zimmerle
zimmerle / Auditlog JSON in v2.9.1
Created January 27, 2016 13:02
Auditlog JSON in v2.9.1
{
"transaction":{
"time":"13/Jan/2016:08:15:45 --0300",
"transaction_id":"VpYx4X8AAQEAAGXSB@EAAAAA",
"remote_address":"127.0.0.1",
"remote_port":37098,
"local_address":"127.0.0.1",
"local_port":80
},
"request":{
@zimmerle
zimmerle / gist:60cee54cef49603b1310
Created January 27, 2016 16:37
ModSec fancy configure summary
ModSecurity - v3.0.0+b9b3e82 for Linux
Mandatory dependencies
+ libInjection ....v2.9.0-420-gb9b3e82
+ SecLang tests ....b9b3e82
Optional dependencies
+ GeoIP ....found v1.6.6
-lGeoIP , -I/usr/include/
+ LibCURL ....found v7.43.0
@zimmerle
zimmerle / 0d90c84a7a89d26b9cffb4f987342185fe482118.patch
Created January 29, 2016 17:00
ModSecurity 2.x rpm package generation
From 0d90c84a7a89d26b9cffb4f987342185fe482118 Mon Sep 17 00:00:00 2001
From: Antony Hutchison <[email protected]>
Date: Tue, 12 Jan 2016 22:43:35 +0000
Subject: [PATCH] Adds a spec file for building an RPM package
---
rpmbuild/mod_security.spec | 45 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
create mode 100644 rpmbuild/mod_security.spec
@zimmerle
zimmerle / 0001-Added-possibility-to-specify-a-data-file-with-a-name.patch
Last active February 1, 2016 13:41
Pull request #745
From a71daf274085f907ac40a4804fafdfb1d3e5bc34 Mon Sep 17 00:00:00 2001
From: Marc Stern <[email protected]>
Date: Fri, 20 Jun 2014 08:16:49 +0200
Subject: [PATCH 1/7] Added possibility to specify a data file with a name
relative to httpd root (as include files).
Logic to look for data file:
- try given filename (absolute or relative to current dir)
- if not absolute, try
- from the rule directory
@zimmerle
zimmerle / nginx 1.9.11 modsecurity as shared object - compilation log.
Created February 16, 2016 16:07
nginx 1.9.11 modsecurity as shared object
make -f objs/Makefile
make[1]: Entering directory '/home/zimmerle/core/nginx-1.9.11'
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/modsecurity/include -I objs \
-o objs/src/core/nginx.o \
src/core/nginx.c
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/modsecurity/include -I objs \
-o objs/src/core/ngx_log.o \
src/core/ngx_log.c
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/modsecurity/include -I objs \
-o objs/src/core/ngx_palloc.o \
@zimmerle
zimmerle / out of `make check-valgrind-memcheck'
Created June 16, 2016 16:38
This file has been truncated, but you can view the full file.
================================================
modsecurity 3.0: ./test-suite-memcheck.log
================================================
# TOTAL: 4553
# PASS: 4549
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
@zimmerle
zimmerle / libinjection-issue116-test.patch
Created December 29, 2016 01:50
libinjection-issue116-test.patch
diff --git a/src/libinjection_html5.c b/src/libinjection_html5.c
index 379bb99..8960dbf 100644
--- a/src/libinjection_html5.c
+++ b/src/libinjection_html5.c
@@ -180,7 +180,17 @@ static int h5_state_tag_open(h5_state_t* hs)
char ch;
TRACE();
+
+#if 0
@zimmerle
zimmerle / gist:bef703e5f57c42d5d958fe20a59e8971
Created April 24, 2017 20:03
Logs for an empty JSON
[24/Apr/2017:17:01:57 --0300] [localhost/sid#1ac33d0][rid#1d6dfc0][/][4] Initialising transaction (txid AAAAAH8AAAEAAEU@q0wAAAAC).
[24/Apr/2017:17:01:57 --0300] [localhost/sid#1ac33d0][rid#1d6dfc0][/][4] Transaction context created (dcfg 1b224f8).
[24/Apr/2017:17:01:57 --0300] [localhost/sid#1ac33d0][rid#1d6dfc0][/][4] Starting phase REQUEST_HEADERS.
[24/Apr/2017:17:01:57 --0300] [localhost/sid#1ac33d0][rid#1d6dfc0][/][4] Recipe: Invoking rule 1be06f8; [file "/home/zimmerle/core-trustwave/ModSecurity/modsecurity.conf-recommended"] [line "23"] [id "200000"].
[24/Apr/2017:17:01:57 --0300] [localhost/sid#1ac33d0][rid#1d6dfc0][/][5] Rule 1be06f8: SecRule "REQUEST_HEADERS:Content-Type" "@rx (?:application(?:/soap\\+|/)|text/)xml" "phase:1,auditlog,id:200000,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
[24/Apr/2017:17:01:57 --0300] [localhost/sid#1ac33d0][rid#1d6dfc0][/][4] Transformation completed in 2 usec.
[24/Apr/2017:17:01:57 --0300] [localhost/sid#1ac33d0][rid#1d6dfc0][/][4] Executing operator
@zimmerle
zimmerle / gist:bfb90562471fe6a1ca6e284c525e3ae6
Created April 27, 2017 20:53
My GPG Public Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org
mQGiBDz30JsRBAD9JBKTbo5O1jj56svRNhZ+4/hz9ANp1ovEMCe7ZmYmm4RSJ5u+
vWjhjvmNKHWfBfc2y94pZXj+cPobdDqPrjNibfkjC073THLWNBRmGzMi86HdlAfG
ycXw1bG0nJ/o6sDGyPG1koezpz4eXkm3Sezrf7JsTjvPWRB+7yq0nHxsWwCgstdR
bZzV2wd+Qkclvi/Hw3FVUR8EANSzKQHw5A1JFKnBnjLE4ZaV1qbet8rr92ppy2uT
ujgWgslPd60NNSWp+I7nG1MJBxG4G5Yw7kzB5U5p+VdlusldJKR49ZwnQMHGQFEn
yDkxV+i6Y6GwMQt9OQakqeXb/ngYkWZ3//+qo0oDeYdy3A/14tBbJ3MWRrOKCmLy
6tQDA/9ThsRO8gejxUqIP01h7eZQTaEUb9RuTTA6t7RT3q7U7XiHQr9zSVyEIfr2
@zimmerle
zimmerle / gist:41ccae419386f5164cea95ac7f78e02b
Created November 14, 2017 17:52
Nginx configuration example #1
http {
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
error_page 404 /40x.html;
location = /40x.html {