Incorporate WAF-FLE ModSecurity Console for clustering
One big issue for clusters of cPanel servers is mod_security configurations and rules. Right now, "every" server still has to be touched by hand to update these rules. So, mod_security rules need to be added to the master cluster config which can then be copied to all the nodes.
Another HUGE step forward is inclusion of WAF-FLE as a mod security monitoring console so that you can watch a cluster of servers with mod_security. http://waf-fle.org
This is one of those "must haves" for multi-server hosting environments.
WAF-FLE is a OpenSource ModSecurity Console, allows modsecurity admin to store, view and search events sent by sensors using a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful and easy to use filter, with almost all fields clickable to use on filter.
The inicial resources required to run WAF-FLE are normaly low (check Deployment Guide in Documentation page). It is supported in virtual machines, and is supported in Linux and FreeBSD, but should run with other OS that support PHP and MySQL.
- Central event console
- Support Modsecurity in “traditional” and “Anomaly Scoring”
- Brings mlog2waffle as a replacement to mlogc
- Receive events using mlog2waffle or mlogcmlog2waffle: in real-time, following log tail, or batch scheduled in crontabmlogc: in real-time, piped with ModSecurity log, in batch scheduled in crontab
- No sensor limit
- Drill down of events with filter
- Dashboard with recent events information
- Almost every event data and charts are “clickable” deepening the drill down filter
- Inverted filter (to filter for “all but this item”)
- Filter for network (in CIDR format, x.x.x.x/22)
- Original format (Raw) to event download
- Use Mysql as database
- Wizard to help configure log feed between ModSecurity sensors and WAF-FLE
- Open Source released under GPL v2