demus/mod_security_crs-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: demus:rawhide
Branches Tags
demus:main
demus:copr-test
demus:copr
demus:f40
demus:rawhide
demus:f39
demus:f38
demus:f37
demus:f35
demus:f36
demus:f34
demus:f33
demus:f32
demus:f31
demus:f30
demus:f29
demus:f28
demus:f27
demus:f26
demus:f25
demus:f24
demus:f23
demus:f21
demus:f22
demus:f20
demus:f19
demus:f18
demus:el5
demus:el6
demus:f17
...
pull from: demus:main
Branches Tags
demus:copr-test
demus:copr
demus:main
demus:f40
demus:rawhide
demus:f39
demus:f38
demus:f37
demus:f35
demus:f36
demus:f34
demus:f33
demus:f32
demus:f31
demus:f30
demus:f29
demus:f28
demus:f27
demus:f26
demus:f25
demus:f24
demus:f23
demus:f21
demus:f22
demus:f20
demus:f19
demus:f18
demus:el5
demus:el6
demus:f17

4 Commits
rawhide ... main

Author SHA1 Message Date
Daniel Demus
7e8f668bbb Fix post and preun to not run on upgrade 2024-07-15 17:14:47 +02:00
Daniel Demus
d953c282f2 Fix sed regexes 2024-07-15 17:14:32 +02:00
Daniel Demus
1668f8e992 Move softlinking to %post to remove a lot of rpmbuild warnings 2024-07-15 16:12:38 +02:00
Daniel Demus
9c8ec6950b Enable CRS 4.0.0+ plugins 
See https://coreruleset.org/20220112/crs-plugin-mechanism/
 2024-07-15 16:12:38 +02:00
1 changed files with 41 additions and 16 deletions
Show Stats Expand all files Collapse all files

57
mod_security_crs.spec
View File

@ -1,7 +1,9 @@
Summary: ModSecurity Rules
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
Summary: ModSecurity Core Ruleset
Name: mod_security_crs
Version: 4.2.0
Release: 1%{?dist}
Release: 2%{?dist}
License: Apache-2.0
URL: https://coreruleset.org/
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
@ -20,33 +22,56 @@ This package provides the base rules for mod_security.
%build
%install
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
install -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins
%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/plugins
# To exclude rules (pre/post)
mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
%{__mv} rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
%{__mv} rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
install -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
install -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
mv crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
%{__install} -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
%{__install} -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
%{__install} -m0644 plugins/* %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins/
%{__mv} crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
# activate base_rules
for f in `ls %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/` ; do
ln -s %{_datarootdir}/mod_modsecurity_crs/rules/$f %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
done
%post
if [ $1 == 1 ]; then
# activate base_rules
for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do
%{__ln_s} %{_datarootdir}/mod_modsecurity_crs/rules/$f %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
done
%{__sed} -i '/IncludeOptional modsecurity\.d\/\*\.conf/ a\ IncludeOptional modsecurity.d\/plugins\/*-config.conf\n IncludeOptional modsecurity.d\/plugins\/*-before.conf' %{_httpd_confdir}/mod_security.conf
%{__sed} -i '/Include modsecurity\.d\/\*\.conf/a\ Include modsecurity.d/plugins/*-config.conf\n Include modsecurity.d/plugins/*-before.conf' %{_httpd_confdir}/mod_security.conf
%{__sed} -i '/IncludeOptional modsecurity\.d\/local_rules\/\*\.conf/a\ IncludeOptional modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
%{__sed} -i '/Include modsecurity\.d\/local_rules\/\*\.conf/a\ Include modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
fi
exit 0
%preun
if [ $1 == 0 ]; then
%{__sed} -i -E '/Include(Optional)? modsecurity\.d\/plugins/d' %{_httpd_confdir}/mod_security.conf
for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do
%{__rm} %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
done
fi
exit 0
%files
%license LICENSE
%doc CHANGES.md README.md
%{_datarootdir}/mod_modsecurity_crs
%{_sysconfdir}/httpd/modsecurity.d/plugins
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
%{_datarootdir}/mod_modsecurity_crs
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/plugins/*
%changelog
* Tue Jul 9 2024 Daniel Demus <daniel-fedoauth@demus.dk> - 4.2.0-2
- Prepare for plugins (see https://coreruleset.org/20220112/crs-plugin-mechanism/)
* Thu May 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 4.2.0-1
- new version 4.2.0
- switch to autosetup