WAF Tool

Helper tool to generate ModSecurity rule exclusions and create merge request to Gitlab repositories.

Usage

To generate rule exclusions for all alerts of a request and create a merge request:

1. Authenticate to the OpenShift cluster

   oc login

2. Find a request with false positives to tune. For example by using this Kibana dashboard.

3. Run the waf-tool tuning command with a repository, token and the request’s unique ID:

   waf-tool tune -k -m -r <local-path/https-url> -t <gitlab-token> <unique-id>

4. Use the generated exclusion rules and adapt them as required in your the merge request.

Elasticsearch TLS Connection

Elasticsearch runs by default with a TLS certificate signed by a custom CA. You need to get the CA certificate in order to trust it. Either provide it in the WAF_ES_CUSTOM_CA env variable or with the --es-custom-ca flag.

To ignore the certificate and don’t verify it (possibly insecure), run the tune command with the -k flag.

See waf-tool tune --help for more information.

Gitlab Merge Request

Currently the software supports cloned filesystem repository and https URL. Repositories cloned via ssh is not supported yet.

Development

1. Install Go version 1.13

2. Run tests:

   go test -cover ./...

3. Run tool

   go run main.go