github.com/rvaralda/deis@v1.4.1/router/firewall/README.md

github.com/rvaralda/deis@v1.4.1/router/firewall/README.md (about)

     1  
     2  
     3  # README.rulesets for doxi / dogtown-naxi-rules
     4  
     5  - Readme-Version: 2014-04-04
     6  - [latest ruleset-commits](https://bitbucket.org/lazy_dogtown/doxi-rules/src)
     7  - [Doxi-News Blog](http://blog.dorvakt.org/)
     8  
     9  these rulesets are now available as independent git-repo @ 
    10  [bitbucket.org/lazy_dogtown/doxi-rules](https://bitbucket.org/lazy_dogtown/doxi-rules)
    11  
    12  for tools to manage your doxi-rules you might want to install doxi-tools
    13  [bitbucket.org/lazy_dogtown/doxi](https://bitbucket.org/lazy_dogtown/doxi)
    14  
    15  to keep track of changes and ruleset-updates you could either 
    16  subscribe to the [doxi-news - blog](http://blog.dorvakt.org/) ([rss-feed](http://blog.dorvakt.org/feeds/posts/default)), 
    17  subscribe to the naxsi-mailinglist 
    18  https://groups.google.com/forum/?fromgroups#!forum/naxsi-discuss or
    19  subscribe to the [ruleset-commit-feed](https://bitbucket.org/lazy_dogtown/doxi-rules/rss)
    20  or follow that project on Bitbucket
    21  
    22  License: see License.txt
    23  
    24  
    25  
    26  all not-mentioned files here are part of naxsi/nginx - default-configuration
    27  
    28  
    29  # configuration rules 
    30  
    31  please note: due to changes in naxsi after 0.49 this file-layout might get 
    32  obsolete. 
    33  
    34  ### rules.conf
    35  
    36  - your global includes-file; you might setup different rules.con - files,
    37  - maybe tuned for each virtualhost.
    38  
    39  
    40  ### learning-mode.rules 
    41  
    42  - rules to configure/enable learning-mode 
    43      
    44  ### active-mode.rules 
    45  
    46  - rules to configure active-mode (block)
    47  
    48  
    49  # detection rules
    50  
    51  ### app_server.rules
    52  
    53  - rules you might want to enable when running nginx as lb/proxy 
    54  for app-servers like tomcat / rails etc and you're shure to
    55  have no php/asp/cgi - files lying around
    56  
    57  ### malware.rules
    58  
    59  **NOTE: for a better coverage you might want to try a real ids
    60  like snort or suricata  with et-rulesets rules to detect malicious
    61  content in- and outbound. **
    62      
    63  - this ruleset is designed to detect malicious request that give a 
    64  hint for hacked / misused / C&C-servers and tries to detect
    65  web-backdoors, webshells and other malicious access to unwanted
    66  files/services.
    67      
    68  - **CAUTION:** these rules are quite noise, so if included you might want to
    69  tune and create whitelists for your applications
    70      
    71  ### scanner.rules
    72      
    73  - detect scanners (WebAppScanners/Testing-Tools
    74  - detetc vuln-scanning-bots or attack-tools) by UA or by certain requests.
    75  - some of these rules could be included into web_[app|server].rules,
    76  like scanners for certain webapp/server-vulns, but when there's a 
    77  clear sign for an automated scanning-process the sigs are include here
    78  - **CAUTION:** these rules are quite noise, so if included you might want to
    79  tune and create whitelists for your applications
    80      
    81  
    82  ### web_app.rules
    83  
    84  - detect exploit/misuse-attempts againts web-applications; please see 
    85  scanner.rules for some details on webapp-based scanners
    86  
    87  ### web_server.rules
    88      
    89  - generic rules to protect a webserver from misconfiguration 
    90  and known mistakes / exploit-vectors 
    91  
    92  
    93  # misc. rules (obsolete, not maintained after jan 2014)
    94  
    95  # misc_whitelisting.rules 
    96  
    97  - whitelistings for different webapps/actions that are known to fail
    98  on certain parameters 
    99