The jwall-tools ModSecurity Toolbox

Providing convenient commands for ModSecurity management

The jwall-tools is a Java package, which basically contains a set of simple commands, all related to ModSecurity or ModSecurity audit-logs.

A small list of currently provided features contains:

  1. sending audit-logs (serial and concurrent) to a remote console
  2. updating an AuditConsole to the latest revision
  3. viewing ModSecurity collections' contents
  4. gathering statistics of audit-log data
  5. viewing Apache config trees (inclusion tree)
  6. archiving Apache configurations (by following include directives)

There also exists a variety of other commands as well, which are currently in a beta-state.

The jwall-tools can be used by executing the self-contained Java archive. To achieve a more convenient usage, there exists a wrapper shell-script called jwall. This is included in the RPM- and Debian packages.

Download

The simplest way to install the jwall-tools is by installing the appropriate package for your OS system. There are RPM and Debian packages available:

All packages are signed with my GPG key, with key ID C5C3953C. The key's fingerprint is:

pub   1024D/C5C3953C 2009-11-11
      Key fingerprint = 4324 5FA1 EA37 1C3E EFE3  0730 A5CE 7F45 C5C3 953C

Usage

As noted above, the prepare packages contain a wrapper script, which can be used to conveniently start the commands. Simply issuing jwall at the command prompt will provide you with a list of available sub-commands (see below).

In addition to that, there exists some documentation of the jwall-tools as part of the AuditConsole User Guide.

[chris@jwall] $  jwall

  jwall-tools 
  ------------

  The jwall-tools consists of an executable jar file that can be run by issuing

         java -jar jwall-tools.jar  COMMAND  ARGS 

  where COMMAND specifies the tool you want to execute and ARGS is the list
  of parameters required for this tool.

  The following tools (commands) are available:

     send              Allows for sending event-log-files to the AuditConsole
                       or the ModSecurity Community Console

     send-dir          Sends all events found in files within a specified
                       directory to the AuditConsole

     count             Simply counting the number of events in a serial
                       ModSecurity audit-log file

     stats             Count/aggregate attack statistics of a given ModSecurity
                       audit-log file

     mstats            Count/aggregate attack statistics from a series
                       of 'Message:' lines

     apache2html       Creates a HTML page from Apache configurations

     crs2html          Create a HTML page for the core-rules set

     collections       

     console-update    Allows for easily upgrading the AuditConsole

     config-tree       Shows the inclusion-tree of an Apache configuration

     config-zip        This command allows for storing all files referenced
                       by the httpd.conf in a ZIP archive


  To see a list of options and help for the different commands, simply
  invoke the command without any parameters.