Package Details: owasp-core-ruleset 4.9.0-1

Git Clone URL: https://aur.archlinux.org/owasp-core-ruleset.git (read-only, click to copy)
Package Base: owasp-core-ruleset
Description: OWASP ModSecurity Core Rule Set
Upstream URL: https://github.com/coreruleset/coreruleset/
Licenses: Apache-2.0
Submitter: marcool04
Maintainer: marcool04
Last Packager: marcool04
Votes: 2
Popularity: 0.000271
First Submitted: 2023-02-24 21:55 (UTC)
Last Updated: 2024-12-07 15:41 (UTC)

Dependencies (2)

Required by (0)

Sources (2)

Latest Comments

marcool04 commented on 2023-12-06 07:53 (UTC)

Hi @MarsSeed.

You are right, we have something of a duplicate here.

There is a small difference however (albeit unrelated to the naming): this PKGBUILD depends on apache, and installs the CRS into its config directory in /etc/httpd/conf/ whereas the modsecurity-crs PKGBUILD depends on nginx and provides a .install file with instructions for setting up that webserver.

The reason why I named this PKGBUILD like this is that: "The OWASP® ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls" (on https://coreruleset.org/). I agree, that is a bit disingenuous as I don't think there are any "compatible WAF" that are not ModSecurity itself. Since at the moment there is a bit of tossing and turning around TrustWave's end of support for Modsecurity, it is not inconceivable that in the future another WAF will be developed, or that a fork and name change may occur, and having the CRS technically and nominally be independent seems to make sense in that regard. Also, another detail I notice about the modsecurity-crs PKGBUILD is that it actually pulls config files from the ModSecurity's Github page (https://github.com/SpiderLabs/ModSecurity) which further ties it into that WAF rather than another (but that's nothing that couldn't be changed should the need arise).

Maybe in a way this should be owasp-coreruleset-apache and the other owasp-coreruleset-nginx, or we should work with AlphaJack, the maintainer of modsecurity-crs, to sort out a common owasp-coreruleset for both apache and nginx...

MarsSeed commented on 2023-12-05 14:37 (UTC)

Hi,

It seems that the owasp-core-ruleset package has been resubmitted to AUR as modsecurity-crs.

The latter already depends on Arch repo's libmodsecurity.

It might be good to consider merging AUR/owasp-core-ruleset into AUR/modsecurity-crs.

By having the 'modsecurity-' name prefix, the latter might be a bit more helpful to users by making it clear that this is an addon for (lib)modsecurity.

(Albeit upstream's repo and release tar name is 'coreruleset', upstream's website frequently refers to this package by its acronym, CRS.)

marcool04 commented on 2023-10-31 08:07 (UTC)

Hi @MarsSeed. Well, modsecurity has been announced as EOL (see [1] and [2]) by its current caretaker Trustwave, and although they say they will "hand the project over to the open source community", it's not looking like there is a very shiny future for the engine according to OWASP, who are moving towards newer, better maintained alternatives [3]. That being said, for the time being, there is not yet a stable alternative, and I think there will be sufficient support for the engine, so we should keep this packet alive for sure. Adopted!

[1] https://www.modsecurity.org/

[2] https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/

[3] https://coreruleset.org/20211222/talking-about-modsecurity-and-the-new-coraza-waf/

MarsSeed commented on 2023-10-31 03:40 (UTC)

Hi,

Dependency modsecurity is an orphan now and needs update. Would you consider adopting it and taking care of it?