A Proof-of-Concept project started to turn ModSecurity into sniffer mode and with Snort Inline capability to drop packet once the packet matches with the attack signatures.
Status: Discontinued (temporarily) for GSoC 2016. However, this repo can be use as a boilerplate for simple Snort + Modsecurity preprocessor. I tried to directly port the Modsecurity into the HttpInspect preprocessor for Snort3 and basically it works (roughly), the code can be found in the commits history.
The installation procedure is the usual one:
$ sudo snort -c snort.conf- Utilize libmodsecurity (Modsecurity-Pcap Connector).
- Logging (e.g /var/log/snort/modsecurity.log).
BSDv3 License. Copyright (c) 2016 Fakhri Zulkifli. See License.
mohdfakhrizulkifli at gmail dot com