demus/mod_security-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Sync with devel

Browse Source 
- Fix CVE-2007-1359 (bz #231728)
- Automagically configure correct library path for libxml2 library.
- Add LoadModule for mod_unique_id as the logging wants this at runtime
This commit is contained in:
Michael Fleming 2007-04-02 10:33:48 +00:00
parent 6ca7e797b0
commit 3a3819e6ac
4 changed files with 76 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.cvsignore
View File

@ -1 +1,3 @@
modsecurity-apache_1.9.4.tar.gz modsecurity-apache_2.1.0.tar.gz
mod_security.conf
modsecurity_localrules.conf

132
mod_security.conf
View File

@ -1,107 +1,41 @@
# Example configuration file for the mod_security Apache module # Example configuration file for the mod_security Apache module
LoadModule security_module modules/mod_security.so LoadFile LIBDIR/libxml2.so.2
<IfModule mod_security.c> LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
# Turn the filtering engine On or Off <IfModule mod_security2.c>
SecFilterEngine On # This is the ModSecurity Core Rules Set.
# Basic configuration goes in here
Include modsecurity.d/modsecurity_crs_10_config.conf
# Protocol violation and anomalies.
# These are disabled as there's a bug in REQUEST_FILENAME handling
# causing the "+" character to be incorrectly handled.
# Include modsecurity.d/modsecurity_crs_20_protocol_violations.conf
# Include modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
# HTTP policy rules
Include modsecurity.d/modsecurity_crs_30_http_policy.conf
# The audit engine works independently and # Here comes the Bad Stuff...
# can be turned On of Off on the per-server or
# on the per-directory basis Include modsecurity.d/modsecurity_crs_35_bad_robots.conf
SecAuditEngine RelevantOnly Include modsecurity.d/modsecurity_crs_40_generic_attacks.conf
Include modsecurity.d/modsecurity_crs_45_trojans.conf
Include modsecurity.d/modsecurity_crs_50_outbound.conf
# Make sure that URL encoding is valid # Search engines and other crawlers. Only useful if you want to track
SecFilterCheckURLEncoding On # Google / Yahoo et. al.
# Unicode encoding check # Include modsecurity.d/modsecurity_crs_55_marketing.conf
SecFilterCheckUnicodeEncoding On
# Put your local rules in here.
# Only allow bytes from this range # The existing example is for the CVE-2007-1359 vulnerability
SecFilterForceByteRange 1 255
# Cookie format checks. Include modsecurity.d/modsecurity_localrules.conf
SecFilterCheckCookieFormat On
# The name of the audit log file
SecAuditLog logs/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Default action set
SecFilterDefaultAction "deny,log,status:406"
# Simple example filter
# SecFilter 111
# Prevent path traversal (..) attacks
# SecFilter "\.\./"
# Weaker XSS protection but allows common HTML tags
# SecFilter "<( |\n)*script"
# Prevent XSS atacks (HTML/Javascript injection)
# SecFilter "<(.|\n)+>"
# Very crude filters to prevent SQL injection attacks
# SecFilter "delete[[:space:]]+from"
# SecFilter "insert[[:space:]]+into"
# SecFilter "select.+from"
# Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^GET$" chain
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded|^multipart/form-data)"
# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"
# Some common application-related rules from
# http://modsecrules.monkeydev.org/rules.php?safety=safe
#Nuke Bookmarks XSS
SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)"
#Nuke Bookmarks Marks.php SQL Injection Vulnerability
SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)"
#PHPNuke general XSS attempt
#/modules.php?name=News&file=article&sid=1&optionbox=
SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script"
# PHPNuke SQL injection attempt
SecFilterSelective THE_REQUEST "/modules\.php\?*name=Search*instory="
#phpnuke sql insertion
SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/"
# WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
SecFilter "phpbb_root_path="
#Topic Calendar Mod for phpBB Cross-Site Scripting Attack
SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)"
# phpMyAdmin: Safe
#phpMyAdmin Export.PHP File Disclosure Vulnerability
SecFilterSelective SCRIPT_FILENAME "export\.php$" chain
SecFilterSelective ARG_what "\.\."
#phpMyAdmin path vln
SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"
</IfModule> </IfModule>

50
mod_security.spec
View File

@ -1,15 +1,16 @@
Summary: Security module for the Apache HTTP Server Summary: Security module for the Apache HTTP Server
Name: mod_security Name: mod_security
Version: 1.9.4 Version: 2.1.0
Release: 2%{?dist} Release: 3%{?dist}
License: GPL License: GPL
URL: http://www.modsecurity.org/ URL: http://www.modsecurity.org/
Group: System Environment/Daemons Group: System Environment/Daemons
Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz
Source1: mod_security.conf Source1: mod_security.conf
Source2: modsecurity_localrules.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing) Requires: libxml2 pcre httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)
BuildRequires: httpd-devel BuildRequires: httpd-devel libxml2-devel pcre-devel
%description %description
ModSecurity is an open source intrusion detection and prevention engine ModSecurity is an open source intrusion detection and prevention engine
@ -18,28 +19,51 @@ as a powerful umbrella - shielding web applications from attacks.
%prep %prep
%setup -q -n modsecurity-apache_%{version} %setup -n modsecurity-apache_%{version}
%build %build
/usr/sbin/apxs -Wc,"%{optflags}" -c apache2/mod_security.c make -C apache2 CFLAGS="%{optflags}" top_dir="%{_libdir}/httpd"
perl -pi.orig -e 's|LIBDIR|%{_libdir}|;' %{SOURCE1}
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
mkdir -p %{buildroot}%{_libdir}/httpd/modules/ install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{_libdir}/httpd/modules/mod_security2.so
mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/ install -D -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/mod_security.conf
install -p apache2/.libs/mod_security.so %{buildroot}/%{_libdir}/httpd/modules/ install -d %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/blocking/
install -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/ cp -r rules/*.conf %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
cp -r rules/blocking/*.conf %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/blocking/
install -D -m644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/modsecurity_localrules.conf
%clean %clean
rm -rf %{buildroot} rm -rf %{buildroot}
%files %files
%defattr (-,root,root) %defattr (-,root,root)
%doc CHANGES LICENSE INSTALL README httpd* util doc %doc CHANGES LICENSE README.* modsecurity* doc
%{_libdir}/httpd/modules/mod_security.so %{_libdir}/httpd/modules/mod_security2.so
%config(noreplace) %{_sysconfdir}/httpd/conf.d/mod_security.conf %config %{_sysconfdir}/httpd/conf.d/mod_security.conf
%dir %{_sysconfdir}/httpd/modsecurity.d
%dir %{_sysconfdir}/httpd/modsecurity.d/blocking
%config %{_sysconfdir}/httpd/modsecurity.d/*.conf
%config %{_sysconfdir}/httpd/modsecurity.d/blocking/*.conf
%changelog %changelog
* Mon Apr 2 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-3
- Sync with devel
- Fix CVE-2007-1359 (bz #231728)
- Automagically configure correct library path for libxml2 library.
- Add LoadModule for mod_unique_id as the logging wants this at runtime
* Mon Mar 26 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-2
- Fix DSO permissions (bz#233733)
* Tue Mar 13 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-1
- New major release - 2.1.0
- Fix CVE-2007-1359 with a local rule courtesy of Ivan Ristic
- Addition of core ruleset
- (Build)Requires libxml2 and pcre added.
* Sun Sep 3 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.4-2 * Sun Sep 3 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.4-2
- Rebuild - Rebuild
- Fix minor longstanding braino in included sample configuration (bz #203972) - Fix minor longstanding braino in included sample configuration (bz #203972)

4
sources
View File

@ -1 +1,3 @@
74d2317781bab619cd7b6b376b978107 modsecurity-apache_1.9.4.tar.gz 2e919766f2878c4ee46334816004dd15 modsecurity-apache_2.1.0.tar.gz
ca0529cce7b56675e5f319c75cbb7398 mod_security.conf
cbd1dbca89666a85fe9d703de26444c6 modsecurity_localrules.conf