File mod_security-ix.spec of Package mod_security

File mod_security-ix.spec of Package mod_security (Revision 10)

Currently displaying revision 10, show latest

Summary:	Security module for the Apache HTTP Server
Name:		mod_security 
Version:	2.6.1
Release:	23
License:	GPLv2
URL:		http://www.modsecurity.org/
Group:		System Environment/Daemons
Source:		http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.bz2
Source1:	00_mod_security.conf
Source2:	modsecurity_crs_10_config-default.conf 
Source3:	zzz_asl_custom_exclude.conf
Source4:	zzz_asl_custom_local_exclude.conf
Patch1:		waf-label.patch
BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if 0%{?rhel_version} || 0%{?centos_version} || 0%{?sl_version} || 0%{?redhat_version}
Requires:	httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)
BuildRequires:	httpd-devel pkgconfig lua-devel
Requires:	lua
%define		apxs			%{_sbindir}/apxs
%define		apache_libexecdir	%(%{apxs} -q LIBEXECDIR)                                       
##%define		apache_sysconfdir	%(%{apxs} -q SYSCONFDIR)
%define		apache_sysconfdir	/etc/httpd
%define		apache_usr	apache
%define		apache_grp	apache
%endif
%if 0%{?suse_version}
BuildRequires:	apache2-devel apache2-prefork pkg-config openldap2-devel
BuildRequires:	-post-build-checks
%if 0%{?suse_version} >= 1100
BuildRequires:	lua-devel
%endif
%define		apxs			%{_sbindir}/apxs2
%define		apache_libexecdir	%(%{apxs} -q LIBEXECDIR)                                       
%define		apache_sysconfdir	%(%{apxs} -q SYSCONFDIR)
%define		apache_mmn		%(MMN=$(%{apxs} -q LIBEXECDIR)/MMN; test -x $MMN && $MMN)
%define		apache_usr	wwwrun
%define		apache_grp	www
Requires:	apache2 %{apache_mmn}
Conflicts:	apach2-mod_security2
%endif

BuildRequires:	libxml2-devel pcre-devel libtool curl-devel 
BuildRequires:	curl

Requires:	libxml2 pcre
Provides:	ix-mod_security = %{version}

%description
ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting
as a powerful umbrella - shielding web applications from attacks.

%prep
%setup -n modsecurity-apache_%{version}
%patch1 -p1

%build
CFLAGS="%{optflags}"
export CFLAGS

%configure \
	--disable-pcre-match-limit \
	--disable-pcre-match-limit-recursion

# Legacy from LoadFile
#perl -pi.orig -e 's|LIBDIR|%{_libdir}|;' %{SOURCE1}

make  %{_smp_mflags}

cd mlogc
make %{_smp_mflags}

%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/%{apache_sysconfdir}/modsecurity.d/
mkdir -p %{buildroot}/%{apache_sysconfdir}/conf.d/
mkdir -p %{buildroot}/var/asl/data/suspicious
mkdir -p %{buildroot}/var/asl/data/msa
mkdir -p %{buildroot}/var/asl/data/audit
install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{apache_libexecdir}/mod_security2.so
install -D -m644 %{SOURCE1} %{buildroot}/%{apache_sysconfdir}/conf.d/00_mod_security.conf
install -D -m644 %{SOURCE2} %{buildroot}/%{apache_sysconfdir}/modsecurity.d/modsecurity_crs_10_config.conf
install -D -m644 %{SOURCE3} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_exclude.conf
install -D -m644 %{SOURCE4} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf
#install -D -m755 rules/util/modsec-clamscan.pl %{buildroot}%{_bindir}/modsec-clamscan.pl
mkdir -p %{buildroot}/var/log/mlogc/data
install -D -m755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
install -m755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load.pl
install -m644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
install -m644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc-default.conf
%if 0%{?suse_version}
sed -i s@"^LoadModule"@"#LoadModule"@g %{buildroot}/%{apache_sysconfdir}/conf.d/00_mod_security.conf
%endif

%clean
rm -rf %{buildroot}

%post
[ -x /usr/local/bin/modsec-permissions ] && /usr/local/bin/modsec-permissions || :

%files
%defattr (-,root,root)
%doc CHANGES LICENSE README.* modsecurity* doc
%{apache_libexecdir}/mod_security2.so
#%{_bindir}/modsec-clamscan.pl
%{_bindir}/mlogc
%{_bindir}/mlogc-batch-load.pl
%config %{apache_sysconfdir}/conf.d/00_mod_security.conf
%dir %{apache_sysconfdir}/modsecurity.d
%config(noreplace) %{apache_sysconfdir}/modsecurity.d/modsecurity_crs_10_config.conf
%dir %{apache_sysconfdir}/modsec
%config %{apache_sysconfdir}/modsec/zzz_asl_custom_exclude.conf
%config(noreplace) %{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf
%config(noreplace) %{_sysconfdir}/mlogc.conf
%config %{_sysconfdir}/mlogc-default.conf
%defattr(-,%{apache_usr},%{apache_grp})
%dir /var/asl
%dir /var/asl/data
%dir /var/asl/data/suspicious
%dir /var/asl/data/msa
%dir /var/asl/data/audit
%dir /var/log/mlogc
%dir /var/log/mlogc/data

%changelog
* Mon Jun 27 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-23
- rename 999_asl_custom_exclude.conf to zzz_asl_custom_exclude.conf
- rename 999_asl_custom_local_exclude.conf to zzz_asl_custom_local_exclude.conf

* Mon Jun 06 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-21
- added 999_asl_custom_local_exclude.conf with noreplace
- set 999_asl_custom_exclude.conf to replace

* Mon Jun 06 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-20
- added rules to excludelist:
 - 350147
 - 350148
 - 340162

* Fri May 06 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-19
- rename exclude config file from 00_asl_custom_exclude.conf to 999_asl_custom_exclude.conf

* Thu May 05 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-18
- disable clamav check rule 351000 by default

* Tue May 03 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-17
- add 00_asl_custom_exclude.conf and disable RBL rule 350000 by default

* Fri Apr 01 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-16
- update to release 2.5.13

* Wed Nov 24 2010 Carsten Schoene <cs@linux-administrator.com> - 2.5.12-15
- initial InterNetX GmbH specific mod_security build