demus/mod_security-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upgrade

Browse Source
This commit is contained in:
Peter Vrabec 2012-05-07 11:40:10 +02:00
parent b6be9fdc62
commit d206ef54fb
4 changed files with 63 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
modsecurity-apache_2.5.12.tar.gz modsecurity-apache_2.5.12.tar.gz
/modsecurity-apache_2.5.13.tar.gz /modsecurity-apache_2.5.13.tar.gz
/modsecurity-apache_2.6.5.tar.gz

21
mod_security.conf
View File

@ -1,4 +1,3 @@
# Example configuration file for the mod_security Apache module
LoadModule security2_module modules/mod_security2.so LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so LoadModule unique_id_module modules/mod_unique_id.so
@ -8,7 +7,7 @@ LoadModule unique_id_module modules/mod_unique_id.so
# Basic configuration goes in here # Basic configuration goes in here
Include modsecurity.d/*.conf Include modsecurity.d/*.conf
Include modsecurity.d/base_rules/*.conf Include modsecurity.d/activated_rules/*.conf
# Additional items taken from new minimal modsecurity conf # Additional items taken from new minimal modsecurity conf
# Basic configuration options # Basic configuration options
@ -16,10 +15,6 @@ LoadModule unique_id_module modules/mod_unique_id.so
SecRequestBodyAccess On SecRequestBodyAccess On
SecResponseBodyAccess Off SecResponseBodyAccess Off
# PCRE Tuning
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
# Handling of file uploads # Handling of file uploads
# TODO Choose a folder private to Apache. # TODO Choose a folder private to Apache.
# SecUploadDir /opt/apache-frontend/tmp/ # SecUploadDir /opt/apache-frontend/tmp/
@ -30,13 +25,19 @@ LoadModule unique_id_module modules/mod_unique_id.so
SecDebugLog /var/log/httpd/modsec_debug.log SecDebugLog /var/log/httpd/modsec_debug.log
SecDebugLogLevel 0 SecDebugLogLevel 0
# Serial audit log # Audit log
SecAuditEngine RelevantOnly SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus ^5 SecAuditLogRelevantStatus ^5
SecAuditLogParts ABIFHZ
SecAuditLogType Serial SecAuditLogType Serial
SecAuditLogParts ABIFHZ
SecAuditLog /var/log/httpd/modsec_audit.log SecAuditLog /var/log/httpd/modsec_audit.log
# Alternative mlogc configuration
#SecAuditLogType Concurrent
#SecAuditLogParts ABIDEFGHZ
#SecAuditLogStorageDir /var/log/mlogc/data
#SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"
# Set Data Directory # Set Data Directory
SecDataDir /var/log/httpd/ SecDataDir /var/log/httpd/
@ -88,8 +89,4 @@ LoadModule unique_id_module modules/mod_unique_id.so
# #
SecRule TX:/^MSC_/ "!@streq 0" \ SecRule TX:/^MSC_/ "!@streq 0" \
"phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
# Local rules
Include modsecurity.d/modsecurity_localrules.conf
</IfModule> </IfModule>

78
mod_security.spec
View File

@ -1,14 +1,12 @@
Summary: Security module for the Apache HTTP Server Summary: Security module for the Apache HTTP Server
Name: mod_security Name: mod_security
Version: 2.5.13 Version: 2.6.5
Release: 3%{?dist} Release: 2%{?dist}
License: GPLv2 License: ASL 2.0
URL: http://www.modsecurity.org/ URL: http://www.modsecurity.org/
Group: System Environment/Daemons Group: System Environment/Daemons
Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz
Source1: mod_security.conf Source1: mod_security.conf
Source2: modsecurity_localrules.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing) Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)
BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
@ -17,45 +15,71 @@ ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting for web applications. It operates embedded into the web server, acting
as a powerful umbrella - shielding web applications from attacks. as a powerful umbrella - shielding web applications from attacks.
%prep %package -n mlogc
Summary: ModSecurity Audit Log Collector
Group: System Environment/Daemons
Requires: mod_security
%setup -n modsecurity-apache_%{version} %description -n mlogc
This package contains the ModSecurity Audit Log Collector.
%prep
%setup -q -n modsecurity-apache_%{version}
%build %build
cd apache2 %configure --enable-pcre-match-limit=1000000 --enable-pcre-match-limit-recursion=1000000
%configure # remove rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{_smp_mflags} make %{_smp_mflags}
make %{_smp_mflags} mlogc
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{_libdir}/httpd/modules/mod_security2.so
install -D -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/mod_security.conf install -d %{buildroot}%{_sbindir}
install -d %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ install -d %{buildroot}%{_bindir}
test -e rules/*.conf && install -D -m644 rules/*.conf \ install -d %{buildroot}%{_libdir}/httpd/modules
%{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ install -d %{buildroot}%{_sysconfdir}/httpd/conf.d/
cp -R rules/base_rules %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
cp -R rules/optional_rules %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
install -D -m644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/modsecurity_localrules.conf
install -Dp tools/mlogc %{buildroot}/%{_bindir}/mlogc install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_libdir}/httpd/modules/mod_security2.so
install -D -m644 apache2/mlogc-src/mlogc-default.conf %{buildroot}/%{_sysconfdir}/mlogc.conf install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/httpd/conf.d/mod_security.conf
# mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
%clean %clean
rm -rf %{buildroot} rm -rf %{buildroot}
%files %files
%defattr (-,root,root) %doc CHANGES LICENSE README.TXT NOTICE
%doc rules/util CHANGES LICENSE README.* modsecurity* doc MODSECURITY_LICENSING_EXCEPTION
%{_libdir}/httpd/modules/mod_security2.so %{_libdir}/httpd/modules/mod_security2.so
%{_bindir}/mlogc
%config(noreplace) %{_sysconfdir}/mlogc.conf
%config(noreplace) %{_sysconfdir}/httpd/conf.d/mod_security.conf %config(noreplace) %{_sysconfdir}/httpd/conf.d/mod_security.conf
%dir %{_sysconfdir}/httpd/modsecurity.d %dir %{_sysconfdir}/httpd/modsecurity.d
%{_sysconfdir}/httpd/modsecurity.d/optional_rules %dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
%{_sysconfdir}/httpd/modsecurity.d/base_rules
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/*.conf %files -n mlogc
%doc mlogc/INSTALL
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
%attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
%attr(0755,root,root) %{_bindir}/mlogc
%attr(0755,root,root) %{_bindir}/mlogc-batch-load
%changelog %changelog
* Fri Apr 27 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-2
- fix license tag
* Thu Apr 05 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-1
- upgrade & move rules into new package mod_security_crs
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.5.13-3 * Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.5.13-3
- Rebuild against PCRE 8.30 - Rebuild against PCRE 8.30
- Do not install non-existing files - Do not install non-existing files

2
sources
View File

@ -1 +1 @@
92b0ed7dec188650ea9d78dfc326e8ec modsecurity-apache_2.5.13.tar.gz 2e1c6456f0dacae7206021d0ae8674e1 modsecurity-apache_2.6.5.tar.gz