OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Christoph Schug
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 30-Jul-2007 14:29:39
Branch: HEAD Handle: 2007073013293800
Modified files:
openpkg-src/apache-security
apache-security.conf apache-security.spec
Log:
install core rule sets actually
Summary:
Revision Changes Path
1.2 +26 -0 openpkg-src/apache-security/apache-security.conf
1.4 +23 -3 openpkg-src/apache-security/apache-security.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/apache-security/apache-security.conf
============================================================================
$ cvs diff -u -r1.1 -r1.2 apache-security.conf
--- openpkg-src/apache-security/apache-security.conf 22 Jun 2007 12:24:25
-0000 1.1
+++ openpkg-src/apache-security/apache-security.conf 30 Jul 2007 12:29:38
-0000 1.2
@@ -4,6 +4,23 @@
LoadModule security2_module
@l_prefix@/libexec/apache/mod_security.so
+#
+# core rule sets
+#
+
+# include core rule sets
+Include
@l_prefix@/etc/apache-security/modsecurity_crs_*.conf
+
+# remove rules of the core rule set which have been proven to trigger
+# false positives, mostly because they are definied in an too generic
+# way
+SecRuleRemoveById 950907 \
+ 960015
+
+#
+# general configuration parameters
+#
+
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off
@@ -21,3 +38,12 @@
SecRequestBodyInMemoryLimit 131072
SecResponseBodyLimit 524288
+#
+# data storages
+#
+
+SecDataDir @l_prefix@/var/apache-security/data
+SecTmpDir @l_prefix@/var/apache-security/tmp
+SecUploadDir @l_prefix@/var/apache-security/upload
+SecUploadKeepFiles off
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/apache-security/apache-security.spec
============================================================================
$ cvs diff -u -r1.3 -r1.4 apache-security.spec
--- openpkg-src/apache-security/apache-security.spec 30 Jul 2007 11:50:29
-0000 1.3
+++ openpkg-src/apache-security/apache-security.spec 30 Jul 2007 12:29:38
-0000 1.4
@@ -71,7 +71,12 @@
%prep
%setup -q -n modsecurity-apache_%{V_module}
( cd rules
- %{l_gzip} -d -c %{SOURCE modsecurity-core-rules_%{V_rules}.tar.gz} |
%{l_tar} xf -
+ %{l_gzip} -dc %{SOURCE modsecurity-core-rules_%{V_rules}.tar.gz} |
%{l_tar} xf -
+
+ # remove config rule set of the ModSecurity core rule set as
+ # we handle those setting in our default configuration file
+ # 'apache-security.conf' already
+ rm -f modsecurity_crs_10_config.conf
) || exit $?
%patch -p0
@@ -94,14 +99,29 @@
%{l_shtool} install -c -m 755 \
apache2/.libs/mod_security2.so \
$RPM_BUILD_ROOT%{l_prefix}/libexec/apache/mod_security.so
- %{l_shtool} install -c -m 755 \
+ %{l_shtool} install -c -m 755 %{l_value -s -a} \
%{SOURCE apache-security.conf} \
$RPM_BUILD_ROOT%{l_prefix}/etc/apache/apache.d/
+ # install core rule sets
+ %{l_shtool} mkdir -f -p -m 755 \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/apache-security
+ %{l_shtool} install -c -m 644 %{l_value -s -a} \
+ rules/modsecurity_crs_*.conf \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/apache-security/
+
+ # create directories for logs and data storages
+ %{l_shtool} mkdir -f -p -m 755 \
+ $RPM_BUILD_ROOT%{l_prefix}/var/apache-security/{data,log,tmp,upload}
+
# determine installation files
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
%{l_files_std} \
- '%config %{l_prefix}/etc/apache/apache.d/apache-security.conf'
+ '%config %{l_prefix}/etc/apache/apache.d/apache-security.conf' \
+ '%config %{l_prefix}/etc/apache-security/*' \
+ '%dir %attr(0770,%{l_susr},%{l_ngrp})
%{l_prefix}/var/apache-security/data' \
+ '%dir %attr(0770,%{l_susr},%{l_ngrp})
%{l_prefix}/var/apache-security/tmp' \
+ '%dir %attr(0770,%{l_susr},%{l_ngrp})
%{l_prefix}/var/apache-security/upload'
%files -f files
@@ .
______________________________________________________________________
OpenPKG http://openpkg.org
CVS Repository Commit List [email protected]
