demus/mod_security_crs-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable CRS 4.0.0+ plugins

Browse Source 
See https://coreruleset.org/20220112/crs-plugin-mechanism/
This commit is contained in:
Daniel Demus 2024-06-30 17:36:30 +02:00
parent a69be13cdd
commit 9c8ec6950b
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
mod_security_crs.spec
View File

@ -1,7 +1,9 @@
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
Summary: ModSecurity Rules Summary: ModSecurity Rules
Name: mod_security_crs Name: mod_security_crs
Version: 4.2.0 Version: 4.2.0
Release: 1%{?dist} Release: 2%{?dist}
License: Apache-2.0 License: Apache-2.0
URL: https://coreruleset.org/ URL: https://coreruleset.org/
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
@ -23,7 +25,9 @@ This package provides the base rules for mod_security.
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/ install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins
install -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules install -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
install -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/plugins
# To exclude rules (pre/post) # To exclude rules (pre/post)
mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@ -31,6 +35,7 @@ mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysc
install -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/ install -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
install -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/ install -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
install -m0644 plugins/* %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins/
mv crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf mv crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
# activate base_rules # activate base_rules
@ -38,15 +43,26 @@ for f in `ls %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/` ; do
ln -s %{_datarootdir}/mod_modsecurity_crs/rules/$f %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f; ln -s %{_datarootdir}/mod_modsecurity_crs/rules/$f %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
done done
%post
sed '/Include(Optional)? modsecurity.d\/\*\.conf/a\tInclude$1 modsecurity.d/plugins/*-config.conf\n\tInclude$1 modsecurity.d/plugins/*-before.conf' %{_httpd_confdir}/mod_security.conf
sed '/Include(Optional)? modsecurity.d\/local_rules\/\*\.conf/a\tInclude$1 modsecurity.d/plugins/*-after.conf' %{_httpd_confdir}/mod_security.conf
%postun
sed '/Include(Optional)? modsecurity.d\/plugins/d' %{_httpd_confdir}/mod_security.conf
%files %files
%license LICENSE %license LICENSE
%doc CHANGES.md README.md %doc CHANGES.md README.md
%{_datarootdir}/mod_modsecurity_crs
%{_sysconfdir}/httpd/modsecurity.d/plugins
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/* %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
%{_datarootdir}/mod_modsecurity_crs %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/plugins/*
%changelog %changelog
* Tue Jul 9 2024 Daniel Demus <daniel-fedoauth@demus.dk> - 4.2.0-2
- Prepare for plugins (see https://coreruleset.org/20220112/crs-plugin-mechanism/)
* Thu May 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 4.2.0-1 * Thu May 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 4.2.0-1
- new version 4.2.0 - new version 4.2.0
- switch to autosetup - switch to autosetup