- Spec cleanup (from Oliver Falk)

- Updated config with some safe-but-useful rulesets

mod_security.conf

@@ -1,5 +1,4 @@
 # Example configuration file for the mod_security Apache module
-# This is a minimal setup. You should add some extra entries here.
 
 LoadModule security_module modules/mod_security.so
 
@@ -69,4 +68,40 @@ LoadModule security_module modules/mod_security.so
     # (and you don't need it anyway)
     SecFilterSelective HTTP_Transfer-Encoding "!^$"
 
-    </IfModule>
+    # Some common application-related rules from
+    # http://modsecrules.monkeydev.org/rules.php?safety=safe
+
+    #Nuke Bookmarks XSS
+    SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)"
+
+    #Nuke Bookmarks Marks.php SQL Injection Vulnerability
+    SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)"
+
+    #PHPNuke general XSS attempt
+    #/modules.php?name=News&file=article&sid=1&optionbox=
+    SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script"
+
+    # PHPNuke SQL injection attempt
+    SecFilterSelective THE_REQUEST "/modules\.php\?*name=Search*instory="
+
+    #phpnuke sql insertion
+    SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/"
+
+    # WEB-PHP phpbb quick-reply.php arbitrary command attempt
+
+    SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
+    SecFilter "phpbb_root_path="
+
+    #Topic Calendar Mod for phpBB Cross-Site Scripting Attack
+    SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)"
+    
+    # phpMyAdmin: Safe
+
+    #phpMyAdmin Export.PHP File Disclosure Vulnerability
+    SecFilterSelective SCRIPT_FILENAME "export\.php$" chain
+    SecFilterSelective ARG_what "\.\."
+
+    #phpMyAdmin path vln
+    SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"
+    	
+</IfModule>

mod_security.spec

@@ -1,20 +1,20 @@
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 1.8.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPL
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
-Source: http://www.modsecurity.org/download/modsecurity-1.8.7.tar.gz
+Source: http://www.modsecurity.org/download/modsecurity-%{version}.tar.gz
 Source1: mod_security.conf
-BuildRoot: %{_tmppath}/%{name}-root/
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: httpd >= 2.0.38
+Requires: httpd
-BuildRequires: httpd-devel >= 2.0.38
+BuildRequires: httpd-devel
 
 %description
-ModSecurity is an open source intrusion detection and prevention engine for web
+ModSecurity is an open source intrusion detection and prevention engine
-applications. It operates embedded into the web server, acting as a powerful
+for web applications. It operates embedded into the web server, acting
-umbrella - shielding web applications from attacks.
+as a powerful umbrella - shielding web applications from attacks.
 
 %prep
 
@@ -40,6 +40,10 @@ rm -rf %{buildroot}
 %config(noreplace) /etc/httpd/conf.d/mod_security.conf
 
 %changelog
+* Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-3
+- Correct Buildroot
+- Some sensible and safe rules for common apps in mod_security.conf
+
 * Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-2
 - Don't strip the module (so we can get a useful debuginfo package)