The purpose of these files is to turn your current ModSecurity host into a pseudo-honeypot sensor by doing the following:
- Instructs Apache to listen for traffic on multiple unused ports
- 8000
- 8080
- 8888
- Creates Apache virtual host containers to bind to these ports.
- If any traffic is received on these ports, then ModSecurity will inspect the traffic by inheriting any rules specified in the main Apache configuration.
- ModSecurity's Audit Engine will use the mlogc program to forward the audit log entry onto the ModSecurity Project's central logging server.