lp:~sam-hobbs/ams-whitelisting-tools/trunk
- Get this branch:
- bzr branch lp:~sam-hobbs/ams-whitelisting-tools/trunk
Branch information
Import details
This branch is an import of the HEAD branch of the Git repository at https://github.com/sam-hobbs/ams-whitelisting-tools.git.
Last successful import was .
Recent revisions
- 29. By Sam Hobbs
-
Modified http referer header regex to account for "official" misspelling
Added more views - 28. By Sam Hobbs
-
Fixed a bug in message splitting process where message IDs with 7
digits were not treated as separate rules - 27. By Sam Hobbs
-
Added checking so error messages about rules not in the rule data configuration file are only printed once per rule ID
Split messages into parts related to each rule data configuration file and store them separately in table H.
- 26. By Sam Hobbs
-
All rule ID tables are now created based on user input in rulesdata.conf
Fixed a bug where internal dummy connections where the IP address is ::1 weren't matching the regex for extracting unique id, ports and ip addresses
Added views.sql file, which can be run to create views for whitelisting - 25. By Sam Hobbs
-
Added new data structure for user input to improve code readability and make it easier to remove hard-coded rule ID data in the future.
Improved crs_to_rulesdata.pl perl script to more reliably extract data for SecRule statements by inspecting whether they start a chain or not.
script now extracts different data about rules: instead of severity, all scores including anomaly score, sql score etc. are extractedPrevious version of auditlog2db incorrectly calculated total severity of all rules matched, should have been counting anomaly scores since
this is how the CRS decides which requests to block.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)