Compare commits
25 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
7e8f668bbb | ||
|
|
d953c282f2 | ||
|
|
1668f8e992 | ||
|
|
9c8ec6950b | ||
|
a69be13cdd | ||
|
|
06f7580443 | ||
|
7a0a642ba8 | ||
|
|
b2c066a836 | ||
|
|
d32be27132 | ||
|
|
7ec7235ce8 | ||
|
9f6e43f22c | ||
|
|
4b561f8a81 | ||
|
|
9aac7e3ee5 | ||
|
|
b4a46dc2c3 | ||
|
|
131bc8aba2 | ||
|
|
ae552e25f2 | ||
|
|
2efa528160 | ||
|
|
e7acaf76fe | ||
|
|
2eb8a6c55f | ||
|
|
306be9dcf9 | ||
|
|
4f7c60943f | ||
|
|
d66edf4568 | ||
|
|
ce7a3b6b62 | ||
|
|
64499b9d7a | ||
|
|
a2e126ca12 |
4
.gitignore
vendored
4
.gitignore
vendored
@ -6,3 +6,7 @@
|
||||
/SpiderLabs-owasp-modsecurity-crs-2.2.9-19-ga57031b.tar.gz
|
||||
/owasp-modsecurity-crs-f16e0b1.tar.gz
|
||||
/owasp-modsecurity-crs-3.0.0.tar.gz
|
||||
/owasp-modsecurity-crs-3.2.0.tar.gz
|
||||
/v3.3.0.tar.gz
|
||||
/v3.3.4.tar.gz
|
||||
/v4.2.0.tar.gz
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,49 +1,135 @@
|
||||
Summary: ModSecurity Rules
|
||||
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
|
||||
|
||||
Summary: ModSecurity Core Ruleset
|
||||
Name: mod_security_crs
|
||||
Version: 3.0.0
|
||||
Release: 8%{?dist}
|
||||
License: ASL 2.0
|
||||
URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
|
||||
Source: https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v%{version}/owasp-modsecurity-crs-%{version}.tar.gz
|
||||
Version: 4.2.0
|
||||
Release: 2%{?dist}
|
||||
License: Apache-2.0
|
||||
URL: https://coreruleset.org/
|
||||
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
|
||||
BuildArch: noarch
|
||||
Requires: mod_security >= 2.8.0
|
||||
Requires: mod_security >= 2.9.6
|
||||
Obsoletes: mod_security_crs-extras < 3.0.0
|
||||
|
||||
# Patch0: mod_security_crs-XXX.patch
|
||||
|
||||
%description
|
||||
This package provides the base rules for mod_security.
|
||||
|
||||
%prep
|
||||
%setup -q -n owasp-modsecurity-crs-%{version}
|
||||
%autosetup -p1 -S gendiff -n coreruleset-%{version}
|
||||
|
||||
%build
|
||||
|
||||
%install
|
||||
|
||||
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
|
||||
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
||||
install -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
|
||||
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
|
||||
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
||||
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins
|
||||
%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
|
||||
%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/plugins
|
||||
|
||||
# To exclude rules (pre/post)
|
||||
mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
|
||||
mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
|
||||
%{__mv} rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
|
||||
%{__mv} rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
|
||||
|
||||
install -m0644 rules/* %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
|
||||
mv crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
||||
%{__install} -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
|
||||
%{__install} -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
|
||||
%{__install} -m0644 plugins/* %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins/
|
||||
%{__mv} crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
||||
|
||||
# activate base_rules
|
||||
for f in `ls %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/` ; do
|
||||
ln -s %{_datarootdir}/mod_modsecurity_crs/rules/$f %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
|
||||
done
|
||||
%post
|
||||
if [ $1 == 1 ]; then
|
||||
# activate base_rules
|
||||
for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do
|
||||
%{__ln_s} %{_datarootdir}/mod_modsecurity_crs/rules/$f %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
|
||||
done
|
||||
%{__sed} -i '/IncludeOptional modsecurity\.d\/\*\.conf/ a\ IncludeOptional modsecurity.d\/plugins\/*-config.conf\n IncludeOptional modsecurity.d\/plugins\/*-before.conf' %{_httpd_confdir}/mod_security.conf
|
||||
%{__sed} -i '/Include modsecurity\.d\/\*\.conf/a\ Include modsecurity.d/plugins/*-config.conf\n Include modsecurity.d/plugins/*-before.conf' %{_httpd_confdir}/mod_security.conf
|
||||
%{__sed} -i '/IncludeOptional modsecurity\.d\/local_rules\/\*\.conf/a\ IncludeOptional modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
|
||||
%{__sed} -i '/Include modsecurity\.d\/local_rules\/\*\.conf/a\ Include modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%preun
|
||||
if [ $1 == 0 ]; then
|
||||
%{__sed} -i -E '/Include(Optional)? modsecurity\.d\/plugins/d' %{_httpd_confdir}/mod_security.conf
|
||||
for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do
|
||||
%{__rm} %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
|
||||
done
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc CHANGES README.md
|
||||
%doc CHANGES.md README.md
|
||||
%{_datarootdir}/mod_modsecurity_crs
|
||||
%{_sysconfdir}/httpd/modsecurity.d/plugins
|
||||
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
|
||||
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
||||
%{_datarootdir}/mod_modsecurity_crs
|
||||
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/plugins/*
|
||||
|
||||
%changelog
|
||||
* Tue Jul 9 2024 Daniel Demus <daniel-fedoauth@demus.dk> - 4.2.0-2
|
||||
- Prepare for plugins (see https://coreruleset.org/20220112/crs-plugin-mechanism/)
|
||||
|
||||
* Thu May 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 4.2.0-1
|
||||
- new version 4.2.0
|
||||
- switch to autosetup
|
||||
|
||||
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Tue Jun 06 2023 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-5
|
||||
- SPDX migration
|
||||
|
||||
* Mon Mar 20 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 3.3.4-4
|
||||
- Change URL to new official homepage
|
||||
|
||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-2
|
||||
- Add Early blocking feature patch again
|
||||
|
||||
* Fri Sep 30 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-1
|
||||
- new version 3.3.4
|
||||
|
||||
* Wed Sep 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.0-6
|
||||
- Fix application of early blocking patch
|
||||
|
||||
* Wed Aug 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.0-5
|
||||
- Backport early blocking feature
|
||||
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Fri Mar 05 2021 Lubos Uhliarik <luhliari@redhat.com> - 3.2.0-1
|
||||
- new version 3.2.0
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (owasp-modsecurity-crs-3.0.0.tar.gz) = 14a5a231d20dcfebe3e2d5344fe07db56d50ef87d22dd07f22cf2539b1988a5511a514503c9896e857e08f19b8b30f489c9f8b0b6c33b7013f94e36cfa719471
|
||||
SHA512 (v4.2.0.tar.gz) = 041556b2071385c10a4b4a29ad4f926ee86f819f8b9c95f849e76b3d2724d5fc29c21a69f9eba6fd62e7f5709a109a95feca67a19d8c8d1f0410ee2987ac7a6b
|
||||
|
||||
Loading…
Reference in New Issue
Block a user