How to Create a ModSecurity Vendor in WHM

How to Create a ModSecurity Vendor in WHM

Overview

This document describes how to create a custom ModSecurity™ vendor.

Note:

WHM’s ModSecurity™ Vendors interface (Home >> Security Center >> ModSecurity™ Vendors) provides the ability to install third-party ModSecurity rules as a vendor.

How to create the vendor metadata file

Each vendor requires a metadata file that provides the information for the WHM API to identify its rules and where to download them. This file allows the WHM API to accept a single URL that contains all information necessary to install a new vendor rule set.

Notes:

  • The metadata file uses the YAML format.
  • The filename must use the prefix “meta_".
  • The filename must match you vendor’s unique short name (vendor_id).
  • The filename must end with the . yaml file extension.
  • You must make the file available for the system to download file over a secure (HTTPS) connection.

Attributes

A vendor’s metadata file contains the following attributes:

Name
Type
Description
Example
#.#.#

(ModSecurity version)

 

hashA hash that contains the information that identifies the archive.

Notes:

  • This key changes based on the ModSecurirty version for which this rule set applies.
  • This attribute allows you to provide multiple versions of rule sets for backwards compatibility.
  • You should keep a separate entry for each version of ModSecurity that you intend to support.
  • If you only intend to support a single version of ModSecurity, keep a single entry for that version.
This hash includes the md5, SHA512, distribution and url attributes.
MD5stringThe download’s MD5 checksum.

Note:

The MD5 attribute is required for compatibility with cPanel & WHM version 11.48 and earlier.

SHA512stringThe SHA512 checksum of the download.

Note:

The SHA512 attribute is required for compatibility with cPanel & WHM version 11.50 and later.

 
distributionstringThe distribution’s unique identifier.

Note:

  • Two different versions of the same rule set cannot share the same distributionidentifier.
  • You must use a different unique identifier for each version of the ruleset.
distribution: myvendor-1
urlstringThe URL to the archive that contains the rules.

Notes:

  • The URL must point to a .zip file.
  • The .zip file must extract as a single directory whose name matches your vendor’s vendor_id short name.
https://www.example.com/myvendor000.zip
attributeshashA hash of vendor identity informationThis hash contains the description, name, vendor_url, and reportattributes.
descriptionstringThe description of the vendor rule set.This setting allows you to define the match limit of the PCRE library.
namestringThe vendor’s name.My Vendor
vendor_urlstringThe URL of the vendor’s website.https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secpcrematchlimit
report_urlstringoptional

The URL to a Report Receiver API endpoint.

 

https://server.example.com/report

File examples

Note:

The WHM API 1 – WHM API 1 Functions – modsec_add_vendor API function accepts a single URL that contains all the information necessary to install a new vendor rule set.

File
Example
Single versionmeta_myvendor.yaml

---
2.8.0:
  MD5: 3f4d0cc23dd1146c1c29772b70500276
  distribution: myvendor-1
  url: https://www.example.com/myvendor001.zip
attributes:
  description: 'Here is an extended description of the vendor rule set called YourVendor.'
  name: 'Example ModSecurity Rule Set'
  vendor_url: http://www.example.com/
  report_url: http://www.example.com/report
Multiple versionsmeta_myvendor.yaml

---
2.8.0:
  MD5: b7aaafc6d138a5bb62117a7844c75554
  distribution: myvendor-1
  url: https://www.example.com/myvendor001.zip
2.7.7:
  MD5: 1f9ab3b68b9d87283e0bc33d16663459
  distribution: myvendor-0
  url: https://www.example.com/myvendor000.zip
attributes:
  description: 'Here is an extended description of the vendor rule set called YourVendor.'
  name: 'Example ModSecurity Rule Set'
  vendor_url: http://www.example.com/
  report_url: http://www.example.com/report

Create the vendor rule set package

When you create the vendor rule set package, the package must meet the following requirements of WHM’s ModSecurity API:

  1. The rule set package must exist as a .zip file.
  2. The rule set package must unzip as a directory. The name directory must match your vendor’s vendor_id short name.

Create the rule set package

To create the vender’s rule set package, run the following commands as the root user:

zip -r myvendor001.zip myvendor001 
llh myvendor001.zip

The output from these commands will resemble the following example:

[root@server:~]#zip -r myvendor001.zip myvendor001 
  adding: myvendor001/ (stored 0%)
  adding: myvendor001/myvendor001.conf (stored 0%)
[root@server:~]#llh myvendor001.zip  
-rw-r--r--. 1 root root 342 Sep 24 14:57 myvendor001.zip

Identify your rule set package’s MD5 checksum

To identify the .zip file’s MD5 checksum, run the following command:

[root@server:~]#md5sum myvendor001.zip 
02e20c3e46431cff58b84137d801d4f0 myvendor001.zip

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.