Add support for user-provided configurations and rules (rhbz #1129843)

2014-08-15 18:15:30 +01:00 · 2014-08-15 18:15:30 +01:00 · f262c30fba
commit f262c30fba
parent 478bbbb4e8
3 changed files with 25 additions and 6 deletions
--- a/mod_security.conf
+++ b/mod_security.conf
@ -1,8 +1,4 @@
 <IfModule mod_security2.c>
    # ModSecurity Core Rules Set configuration
 	Include modsecurity.d/*.conf
 	Include modsecurity.d/activated_rules/*.conf
    # Default recommended configuration
    SecRuleEngine On
    SecRequestBodyAccess On
@ -51,4 +47,10 @@
    SecCookieFormat 0
    SecTmpDir /var/lib/mod_security
    SecDataDir /var/lib/mod_security
    # ModSecurity Core Rules Set and Local configuration
 	Include modsecurity.d/*.conf
 	Include modsecurity.d/activated_rules/*.conf
 	Include modsecurity.d/local_rules/*.conf
 </IfModule>
--- a/mod_security.spec
+++ b/mod_security.spec
@ -10,13 +10,14 @@
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 2.8.0
-Release: 2%{?dist}
+Release: 4%{?dist}
 License: ASL 2.0
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
 Source: https://www.modsecurity.org/tarball/%{version}/modsecurity-%{version}.tar.gz
 Source1: mod_security.conf
 Source2: 10-mod_security.conf
 Source3: modsecurity_localrules.conf
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
@ -62,6 +63,7 @@ install -d %{buildroot}%{_bindir}
 install -d %{buildroot}%{_httpd_moddir}
 install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
 install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
 install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules
 install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so
@ -77,6 +79,9 @@ cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
 %endif
 install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
 # Local rules example
 install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
 # mlogc
 %if %with_mlogc
 install -d %{buildroot}%{_localstatedir}/log/mlogc
@ -99,6 +104,8 @@ rm -rf %{buildroot}
 %endif
 %dir %{_sysconfdir}/httpd/modsecurity.d
 %dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
 %dir %{_sysconfdir}/httpd/modsecurity.d/local_rules
 %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
 %attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
 %if %with_mlogc
@ -113,6 +120,9 @@ rm -rf %{buildroot}
 %endif
 %changelog
 * Fri Aug 15 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-4
 - Add support for user-provided configurations and rules (rhbz #1129843)
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--- a/modsecurity_localrules.conf
+++ b/modsecurity_localrules.conf
@ -1,2 +1,9 @@
-# Drop your local rules in here.
+# User defined rules and settings .
 #
 # You can use this file/directory to drop your local rules or
 # to remove some rules provided by mod_security_crs package with SecRuleRemoveById
 #
 # You can also disable mod_security for some incompatible web applications (eg. phpMyAdmin).
 #
 #