Tag: python

Auto updating Atomicorp Mod Security Rules

Posted on by admin

Hello!

If any of you use mod_security as a web application firewall, you might have enlisted the services of Atomicorp for regularly updating your mod_security ruleset with signatures to protect against constantly changing threats to web applications in general.

One of the initial challenges, in a managed hosting environment, was to implement a system that utilizes the Atomicorp mod_security rules and update them regularly on an automated schedule.

When you subscribe to their service, they provide access credentials in order to pull the rules. You then need to integrate the rule files into your mod_security implementation and gracefully restart apache or nginx to ensure all the updated rules are loaded.

We developed a very simple python script, intended to run as a cron scheduled task, in order to accomplish this. We thought we would share it here in case anyone else may find it useful at all to accomplish the same thing. This script could easily be modified to download rules from any similar service, alternatively. This script was written for nginx, but can be changed to be integrated with apache.

Find the code below. Enjoy!

#!/usr/bin/python
import urllib2,re,requests,tarfile,os,time

username = 'yourusername'
password = 'yourpassword'
# create a password manager
password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
top_level_url = "http://updates.atomicorp.com/channels/rules/subscription/"
password_mgr.add_password(None, top_level_url, username, password)
handler = urllib2.HTTPBasicAuthHandler(password_mgr)
opener = urllib2.build_opener(handler)
urllib2.install_opener(opener)
#data = urllib2.urlopen('http://updates.atomicorp.com/channels/rules/subscription/VERSION')

for line in urllib2.urlopen('http://updates.atomicorp.com/channels/rules/subscription/VERSION'):
    if 'MODSEC_VERSION' in line:
        var = line.split('=',1)
        version = var[1].replace('n', '')

# they throttle connection requests
time.sleep(10)

atomicdl = 'http://updates.atomicorp.com/channels/rules/subscription/modsec-' + version + '.tar.gz'
atomicfile = urllib2.urlopen(atomicdl)
output = open('/etc/nginx/modsecurity.d/modsecrules.tar.gz', 'wb')
output.write(atomicfile.read())
output.close()

tar = tarfile.open('/etc/nginx/modsecurity.d/modsecrules.tar.gz', 'r:gz')
tar.extractall('/etc/nginx/modsecurity.d/')
tar.close()

os.system("rsync -ravzp /etc/nginx/modsecurity.d/modsec/ /etc/nginx/modsecurity.d")
os.system("rm -rf /etc/nginx/modsecurity.d/modsec /etc/nginx/modsecurity.d/modsecrules.tar.gz")
os.system("sed -i '//d' /etc/nginx/modsecurity.d/*.conf")
Menu