From 9cbab86cebe5ee9fd429b52e503b4f41ab18b16d Mon Sep 17 00:00:00 2001 From: Michael Fleming Date: Fri, 6 Nov 2009 09:39:42 +0000 Subject: [PATCH] - Fix rules and Apache configuration (bz#533124) --- mod_security.conf | 27 ++------------------------- mod_security.spec | 12 ++++++++---- 2 files changed, 10 insertions(+), 29 deletions(-) diff --git a/mod_security.conf b/mod_security.conf index 5df0af7..cebcdf3 100644 --- a/mod_security.conf +++ b/mod_security.conf @@ -7,30 +7,7 @@ LoadModule unique_id_module modules/mod_unique_id.so # This is the ModSecurity Core Rules Set. # Basic configuration goes in here - Include modsecurity.d/modsecurity_crs_10_config.conf - - # Protocol violation and anomalies. - - Include modsecurity.d/modsecurity_crs_20_protocol_violations.conf - Include modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf - - # HTTP policy rules - - Include modsecurity.d/modsecurity_crs_30_http_policy.conf - - # Here comes the Bad Stuff... - - Include modsecurity.d/modsecurity_crs_35_bad_robots.conf - Include modsecurity.d/modsecurity_crs_40_generic_attacks.conf - Include modsecurity.d/modsecurity_crs_45_trojans.conf - Include modsecurity.d/modsecurity_crs_50_outbound.conf - - # Search engines and other crawlers. Only useful if you want to track - # Google / Yahoo et. al. - - # Include modsecurity.d/modsecurity_crs_55_marketing.conf - - # Put your local rules in here. - + Include modsecurity.d/*.conf + Include modsecurity.d/base_rules/*.conf Include modsecurity.d/modsecurity_localrules.conf diff --git a/mod_security.spec b/mod_security.spec index dc4194b..6cf7ed3 100644 --- a/mod_security.spec +++ b/mod_security.spec @@ -1,7 +1,7 @@ Summary: Security module for the Apache HTTP Server Name: mod_security Version: 2.5.10 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: http://www.modsecurity.org/ Group: System Environment/Daemons @@ -31,9 +31,8 @@ make %{_smp_mflags} mlogc rm -rf %{buildroot} install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{_libdir}/httpd/modules/mod_security2.so install -D -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/mod_security.conf -install -d %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/optional_rules/ -cp -r rules/*.conf %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ -cp -r rules/optional_rules/*.conf %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/optional_rules/ +install -d %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ +cp -r rules/ %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ install -D -m644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/modsecurity_localrules.conf install -Dp tools/mlogc %{buildroot}/%{_bindir}/mlogc install -D -m644 apache2/mlogc-src/mlogc-default.conf %{buildroot}/%{_sysconfdir}/mlogc.conf @@ -50,10 +49,15 @@ rm -rf %{buildroot} %config(noreplace) %{_sysconfdir}/httpd/conf.d/mod_security.conf %dir %{_sysconfdir}/httpd/modsecurity.d %dir %{_sysconfdir}/httpd/modsecurity.d/optional_rules +%dir %{_sysconfdir}/httpd/modsecurity.d/base_rules %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/*.conf %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/optional_rules/*.conf +%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/base_rules/*.conf %changelog +* Fri Nov 6 2009 Michael Fleming - 2.5.10-2 +- Fix rules and Apache configuration (bz#533124) + * Thu Oct 8 2009 Michael Fleming - 2.5.10-1 - Upgrade to 2.5.10 (with Core Rules v2)