Modsecuritty left me confused – i thought i had the basic rules but had the extended crs rules as well and so it did not need configuring. Debian (my blog) wiki keeps mum on the subject as well.
I know its working although its reporting via ruby, upgrades via python make it a multidisciplinary tool.
From what i read outside of Debian it seems to work with our stuff so it remains on. Mystery software that sounds like a future problem for me.to disable.
Its log messages are also hard to grep and awk.
I guess i shall be writing about mod-security rules at some point in the future…