Felipe Zimmerle zimmerle

## utf8toUnicode
(zimmerle@zlinux)-(~/core/spider-modsec/tests)$ ./run-unit-tests.pl tfn/utf8toUnicode.t

Loaded 7 tests from tfn/utf8toUnicode.t
     1) tfn "utf8toUnicode": passed
Length 2893 (expected 2898)
 Input: ' \xd0\x80 \xd0\x81 \xd0\x82 \xd0\x83 \xd0\x84 \xd0\x85 \xd0\x86 \xd0\x87 \xd0\x88 \xd0\x89 \xd0\x8a \xd0\x8b \xd0\x8c \xd0\x8d \xd0\x8e \xd0\x8f \xd0\x90 \xd0\x91 \xd0\x92 \xd0\x93 \xd0\x94 \xd0\x95 \xd0\x96 \xd0\x97 \xd0\x98 \xd0\x99 \xd0\x9a \xd0\x9b \xd0\x9c \xd0\x9d \xd0\x9e \xd0\x9f \xd0\xa0 \xd0\xa1 \xd0\xa2 \xd0\xa3 \xd0\xa4 \xd0\xa5 \xd0\xa6 \xd0\xa7 \xd0\xa8 \xd0\xa9 \xd0\xaa \xd0\xab \xd0\xac \xd0\xad \xd0\xae \xd0\xaf \xd0\xb0 \xd0\xb1 \xd0\xb2 \xd0\xb3 \xd0\xb4 \xd0\xb5 \xd0\xb6 \xd0\xb7 \xd0\xb8 \xd0\xb9 \xd0\xba \xd0\xbb \xd0\xbc \xd0\xbd \xd0\xbe \xd0\xbf \xd1\x80 \xd1\x81 \xd1\x82 \xd1\x83 \xd1\x84 \xd1\x85 \xd1\x86 \xd1\x87 \xd1\x88 \xd1\x89 \xd1\x8a \xd1\x8b \xd1\x8c \xd1\x8d \xd1\x8e \xd1\x8f \xd1\x90 \xd1\x91 \xd1\x92 \xd1\x93 \xd1\x94 \xd1\x95 \xd1\x96 \xd1\x97 \xd1\x98 \xd1\x99 \xd1\x9a \x

## gist:10480840
17164 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
17164 open("/usr/lib64/libpcre.so.1", O_RDONLY|O_CLOEXEC) = 3
17164 open("/usr/lib64/libsystemd-daemon.so.0", O_RDONLY|O_CLOEXEC) = 3
17164 open("/usr/lib64/libaprutil-1.so.0", O_RDONLY|O_CLOEXEC) = 3
17164 open("/usr/lib64/libapr-1.so.0", O_RDONLY|O_CLOEXEC) = 3
17164 open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
17164 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
17164 open("/lib64/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
17164 open("/lib64/libcrypt.so.1", O_RDONLY|O_CLOEXEC) = 3
17164 open("/usr/lib64/libexpat.so.1", O_RDONLY|O_CLOEXEC) = 3

## gist:1a6c5ab851c496fc13fe
#!/bin/bash

HOST="127.0.0.1"
PORT=80

declare -a file_size=(1 2 3 5 8 13 21 34 55 89 144 233 377 610 987 1597 2584 4181 6765);
declare -a threads=('10' '20' '30' '50' '80' '100');

for s in "${file_size[@]}"
do

## gist:dc830bcaa2f325e12b56
set title "ModSecurity Performance: Throughput"
set grid lt 1 lw 1
set surface
set parametric
set xtics
set ytics
set logscale x 2
set logscale y 2
set xlabel "Content size (kB) [log]"
set ylabel "Concurrent requests [log]"

## cleanup semaphores
#!/usr/bin/env bash

export me=`whoami`

echo "Username: $me"

echo "Listing...";
ipcs -s

echo "Cleaning...";

## msc_pregcomp utilization....
apache2/apache2_config.c:    dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE_DOTALL, NULL, NULL);
apache2/apache2_config.c:    re->param_data = msc_pregcomp(cmd->pool, p1, 0, NULL, NULL);
apache2/apache2_config.c:    re->param_data = msc_pregcomp(cmd->pool, p1, 0, NULL, NULL);
apache2/apache2_config.c:    re->param_data = msc_pregcomp(cmd->pool, p1, 0, NULL, NULL);
apache2/apache2_config.c:    re->param_data = msc_pregcomp(cmd->pool, p1, 0, NULL, NULL);
apache2/apache2_config.c:        re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
apache2/apache2_config.c:        re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
apache2/apache2_config.c:        re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
apache2/apache2_config.c:        re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
apache2/apache2_config.c:        re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);

## 0001-mlogc-Changes-the-default-SSL-algo-to-TLS-1.2.patch
From 84f2299f6b3b56cf5342ad378c3641be548bf79c Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Mon, 3 Nov 2014 10:13:21 -0800
Subject: [PATCH] mlogc: Changes the default SSL algo to TLS 1.2

As reported by Josh Amishav-Zlatin, mlogc was making usage of SSLv3 instead of
TLS 1.2. Servers should not answer SSLv3 after poodle.
---
 mlogc/mlogc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

## Aduditlog Original format
--89a3fd2c-A--
[13/Jan/2016:08:04:36 --0300] VpYvRH8AAQEAAF-yfRIAAAAA 127.0.0.1 34506 127.0.0.1 80
--89a3fd2c-B--
GET /index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid=1&GLOBALS=&mosConfig_absolute_path=http://cirt.net/rfiinc.txt? HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:005057)
Host: localhost

--89a3fd2c-F--
HTTP/1.1 200 OK

## Auditlog JSON in v3
{
    "transaction": {
        "client_ip": "127.0.0.1",
        "time_stamp": "Thu Jan 21 18:52:52 2016",
        "server_id": "a8c4ef34e653442d3968e7368748b81a9a6fa4c1",
        "client_port": 52026,
        "host_ip": "127.0.0.1",
        "host_port": 80,
        "id": "145341317239.923407",
        "request": {

## Auditlog JSON in v2.9.1
{
  "transaction":{
    "time":"13/Jan/2016:08:15:45 --0300",
    "transaction_id":"VpYx4X8AAQEAAGXSB@EAAAAA",
    "remote_address":"127.0.0.1",
    "remote_port":37098,
    "local_address":"127.0.0.1",
    "local_port":80
  },
  "request":{
	(zimmerle@zlinux)-(~/core/spider-modsec/tests)$ ./run-unit-tests.pl tfn/utf8toUnicode.t

	Loaded 7 tests from tfn/utf8toUnicode.t
	1) tfn "utf8toUnicode": passed
	Length 2893 (expected 2898)
	Input: ' \xd0\x80 \xd0\x81 \xd0\x82 \xd0\x83 \xd0\x84 \xd0\x85 \xd0\x86 \xd0\x87 \xd0\x88 \xd0\x89 \xd0\x8a \xd0\x8b \xd0\x8c \xd0\x8d \xd0\x8e \xd0\x8f \xd0\x90 \xd0\x91 \xd0\x92 \xd0\x93 \xd0\x94 \xd0\x95 \xd0\x96 \xd0\x97 \xd0\x98 \xd0\x99 \xd0\x9a \xd0\x9b \xd0\x9c \xd0\x9d \xd0\x9e \xd0\x9f \xd0\xa0 \xd0\xa1 \xd0\xa2 \xd0\xa3 \xd0\xa4 \xd0\xa5 \xd0\xa6 \xd0\xa7 \xd0\xa8 \xd0\xa9 \xd0\xaa \xd0\xab \xd0\xac \xd0\xad \xd0\xae \xd0\xaf \xd0\xb0 \xd0\xb1 \xd0\xb2 \xd0\xb3 \xd0\xb4 \xd0\xb5 \xd0\xb6 \xd0\xb7 \xd0\xb8 \xd0\xb9 \xd0\xba \xd0\xbb \xd0\xbc \xd0\xbd \xd0\xbe \xd0\xbf \xd1\x80 \xd1\x81 \xd1\x82 \xd1\x83 \xd1\x84 \xd1\x85 \xd1\x86 \xd1\x87 \xd1\x88 \xd1\x89 \xd1\x8a \xd1\x8b \xd1\x8c \xd1\x8d \xd1\x8e \xd1\x8f \xd1\x90 \xd1\x91 \xd1\x92 \xd1\x93 \xd1\x94 \xd1\x95 \xd1\x96 \xd1\x97 \xd1\x98 \xd1\x99 \xd1\x9a \x
	17164 open("/etc/ld.so.cache", O_RDONLY\|O_CLOEXEC) = 3
	17164 open("/usr/lib64/libpcre.so.1", O_RDONLY\|O_CLOEXEC) = 3
	17164 open("/usr/lib64/libsystemd-daemon.so.0", O_RDONLY\|O_CLOEXEC) = 3
	17164 open("/usr/lib64/libaprutil-1.so.0", O_RDONLY\|O_CLOEXEC) = 3
	17164 open("/usr/lib64/libapr-1.so.0", O_RDONLY\|O_CLOEXEC) = 3
	17164 open("/lib64/libpthread.so.0", O_RDONLY\|O_CLOEXEC) = 3
	17164 open("/lib64/libc.so.6", O_RDONLY\|O_CLOEXEC) = 3
	17164 open("/lib64/librt.so.1", O_RDONLY\|O_CLOEXEC) = 3
	17164 open("/lib64/libcrypt.so.1", O_RDONLY\|O_CLOEXEC) = 3
	17164 open("/usr/lib64/libexpat.so.1", O_RDONLY\|O_CLOEXEC) = 3
	#!/bin/bash

	HOST="127.0.0.1"
	PORT=80

	declare -a file_size=(1 2 3 5 8 13 21 34 55 89 144 233 377 610 987 1597 2584 4181 6765);
	declare -a threads=('10' '20' '30' '50' '80' '100');

	for s in "${file_size[@]}"
	do
	set title "ModSecurity Performance: Throughput"
	set grid lt 1 lw 1
	set surface
	set parametric
	set xtics
	set ytics
	set logscale x 2
	set logscale y 2
	set xlabel "Content size (kB) [log]"
	set ylabel "Concurrent requests [log]"
	#!/usr/bin/env bash

	export me=`whoami`

	echo "Username: $me"

	echo "Listing...";
	ipcs -s

	echo "Cleaning...";
	apache2/apache2_config.c: dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE_DOTALL, NULL, NULL);
	apache2/apache2_config.c: re->param_data = msc_pregcomp(cmd->pool, p1, 0, NULL, NULL);
	apache2/apache2_config.c: re->param_data = msc_pregcomp(cmd->pool, p1, 0, NULL, NULL);
	apache2/apache2_config.c: re->param_data = msc_pregcomp(cmd->pool, p1, 0, NULL, NULL);
	apache2/apache2_config.c: re->param_data = msc_pregcomp(cmd->pool, p1, 0, NULL, NULL);
	apache2/apache2_config.c: re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
	apache2/apache2_config.c: re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
	apache2/apache2_config.c: re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
	apache2/apache2_config.c: re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
	apache2/apache2_config.c: re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
	From 84f2299f6b3b56cf5342ad378c3641be548bf79c Mon Sep 17 00:00:00 2001
	From: Felipe Zimmerle <fcosta@trustwave.com>
	Date: Mon, 3 Nov 2014 10:13:21 -0800
	Subject: [PATCH] mlogc: Changes the default SSL algo to TLS 1.2

	As reported by Josh Amishav-Zlatin, mlogc was making usage of SSLv3 instead of
	TLS 1.2. Servers should not answer SSLv3 after poodle.
	---
	mlogc/mlogc.c \| 4 ++--
	1 file changed, 2 insertions(+), 2 deletions(-)
	--89a3fd2c-A--
	[13/Jan/2016:08:04:36 --0300] VpYvRH8AAQEAAF-yfRIAAAAA 127.0.0.1 34506 127.0.0.1 80
	--89a3fd2c-B--
	GET /index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid=1&GLOBALS=&mosConfig_absolute_path=http://cirt.net/rfiinc.txt? HTTP/1.1
	Connection: Keep-Alive
	User-Agent: Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:005057)
	Host: localhost

	--89a3fd2c-F--
	HTTP/1.1 200 OK
	{
	"transaction": {
	"client_ip": "127.0.0.1",
	"time_stamp": "Thu Jan 21 18:52:52 2016",
	"server_id": "a8c4ef34e653442d3968e7368748b81a9a6fa4c1",
	"client_port": 52026,
	"host_ip": "127.0.0.1",
	"host_port": 80,
	"id": "145341317239.923407",
	"request": {
	{
	"transaction":{
	"time":"13/Jan/2016:08:15:45 --0300",
	"transaction_id":"VpYx4X8AAQEAAGXSB@EAAAAA",
	"remote_address":"127.0.0.1",
	"remote_port":37098,
	"local_address":"127.0.0.1",
	"local_port":80
	},
	"request":{