Merge pull request #87 from vimusov/disabled_rules

annkots · web-flow · commit 8db5f76ed02f · 2024-11-18T10:28:27.000+02:00
DEF-30246: Centralized Rules Management
diff --git a/docs/config_file_description/README.md b/docs/config_file_description/README.md
@@ -320,6 +320,8 @@ to request Anti-bot Challenge again</td></tr>
 <td width="250px;"><span class="notranslate">user_override_malware_actions: False</span></td><td># <span class="notranslate">"True"</span> allows overriding of actions applied to malware by a regular user. E.g., users will be able to disable automatic cleanup for their own files even if it was enabled by the admin.</td></tr>
 <tr>
 <td width="250px;"><span class="notranslate">user_override_proactive_defense: False</span></td><td># <span class="notranslate">"True"</span> allows overriding of Proactive Defense work mode by a regular user. E.g., users will be able to switch Proactive Defense mode to <span class="notranslate">LOG</span> for their websites even if the admin has set it to <span class="notranslate">KILL</span>.</td></tr>
+<tr>
+<td width="250px;"><span class="notranslate">allow_local_rules_management: True</span></td><td># enable (<span class="notranslate">True</span> - the default value) or disable (<span class="notranslate">False</span>) managing the <a href="/dashboard/#disabled-rules">Disabled Rules</a> in the Imunify360 UI.</td></tr>
 <tr><th colspan="2" align="left"><span class="notranslate">STOP_MANAGING:</span></th></tr>
 <tr><td><span class="notranslate">modsec_directives: False</span></td>
 <td># for internal usage, do not edit</td></tr>
diff --git a/docs/dashboard/README.md b/docs/dashboard/README.md
@@ -1754,6 +1754,8 @@ You can configure the automatic restore. Please find more details [here](/dashbo
 
 ### Disabled Rules
 
+#### Editing in UI
+
 Go to <span class="notranslate">_Settings_</span> page and choose <span class="notranslate">_Disabled rules_</span>. This page allows users to manage disabled rules which have already been added.
 
 ::: tip Note
@@ -1793,6 +1795,43 @@ To remove the rule from the disabled list click <span class="notranslate">_Enabl
 
 ![](/images/disabledrulesenablepopup_zoom60.png)
 
+:::tip Note
+To prevent managing the rules there's an option [allow_local_rules_management](/config_file_description/).
+:::
+
+#### Config file
+
+An alternative way to disable rules is to use the config file `/etc/imunify360/rules/disabled-rules`. It's especially usable with provisioning tools like Ansible, Puppet, Chef, etc.
+
+:::tip Note
+Please note that all rules in the config file are not visible in the UI above.
+:::
+
+The config file contains lines in the following format:
+
+`MODULE_ID:RULE_ID:Description`
+
+Where:
+
+- `MODULE_ID` can have one of the following values:
+
+  - `modsec` for ModSecurity rules
+  - `ossec` for OSSEC rules
+  - `cphulk` for cpHulkd rules
+  - `lfd` for Login Failuer daemon rules
+
+- `RULE_ID` is the rule id for the module and it is mandatory.
+
+- `Description` - text string without specialized symbols.
+
+Example:
+
+```text
+modsec:1010:
+ossec:1008
+modsec:1001:this is why
+```
+
 ### Features Management
 
 **Overview**
