Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
7e8f668bbb | ||
|
|
d953c282f2 | ||
|
|
1668f8e992 | ||
|
|
9c8ec6950b |
@ -1,7 +1,9 @@
|
|||||||
Summary: ModSecurity Rules
|
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
|
||||||
|
|
||||||
|
Summary: ModSecurity Core Ruleset
|
||||||
Name: mod_security_crs
|
Name: mod_security_crs
|
||||||
Version: 4.2.0
|
Version: 4.2.0
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
URL: https://coreruleset.org/
|
URL: https://coreruleset.org/
|
||||||
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
|
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
|
||||||
@ -20,33 +22,56 @@ This package provides the base rules for mod_security.
|
|||||||
%build
|
%build
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
|
||||||
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
|
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
||||||
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins
|
||||||
install -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
|
%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
|
||||||
|
%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/plugins
|
||||||
|
|
||||||
# To exclude rules (pre/post)
|
# To exclude rules (pre/post)
|
||||||
mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
|
%{__mv} rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
|
||||||
mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
|
%{__mv} rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
|
||||||
|
|
||||||
install -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
|
%{__install} -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
|
||||||
install -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
|
%{__install} -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
|
||||||
mv crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
%{__install} -m0644 plugins/* %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins/
|
||||||
|
%{__mv} crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
||||||
|
|
||||||
# activate base_rules
|
%post
|
||||||
for f in `ls %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/` ; do
|
if [ $1 == 1 ]; then
|
||||||
ln -s %{_datarootdir}/mod_modsecurity_crs/rules/$f %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
|
# activate base_rules
|
||||||
done
|
for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do
|
||||||
|
%{__ln_s} %{_datarootdir}/mod_modsecurity_crs/rules/$f %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
|
||||||
|
done
|
||||||
|
%{__sed} -i '/IncludeOptional modsecurity\.d\/\*\.conf/ a\ IncludeOptional modsecurity.d\/plugins\/*-config.conf\n IncludeOptional modsecurity.d\/plugins\/*-before.conf' %{_httpd_confdir}/mod_security.conf
|
||||||
|
%{__sed} -i '/Include modsecurity\.d\/\*\.conf/a\ Include modsecurity.d/plugins/*-config.conf\n Include modsecurity.d/plugins/*-before.conf' %{_httpd_confdir}/mod_security.conf
|
||||||
|
%{__sed} -i '/IncludeOptional modsecurity\.d\/local_rules\/\*\.conf/a\ IncludeOptional modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
|
||||||
|
%{__sed} -i '/Include modsecurity\.d\/local_rules\/\*\.conf/a\ Include modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
|
||||||
|
fi
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%preun
|
||||||
|
if [ $1 == 0 ]; then
|
||||||
|
%{__sed} -i -E '/Include(Optional)? modsecurity\.d\/plugins/d' %{_httpd_confdir}/mod_security.conf
|
||||||
|
for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do
|
||||||
|
%{__rm} %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
exit 0
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%license LICENSE
|
%license LICENSE
|
||||||
%doc CHANGES.md README.md
|
%doc CHANGES.md README.md
|
||||||
|
%{_datarootdir}/mod_modsecurity_crs
|
||||||
|
%{_sysconfdir}/httpd/modsecurity.d/plugins
|
||||||
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
|
||||||
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
||||||
%{_datarootdir}/mod_modsecurity_crs
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/plugins/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 9 2024 Daniel Demus <daniel-fedoauth@demus.dk> - 4.2.0-2
|
||||||
|
- Prepare for plugins (see https://coreruleset.org/20220112/crs-plugin-mechanism/)
|
||||||
|
|
||||||
* Thu May 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 4.2.0-1
|
* Thu May 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 4.2.0-1
|
||||||
- new version 4.2.0
|
- new version 4.2.0
|
||||||
- switch to autosetup
|
- switch to autosetup
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user