File mod_security-ix.spec of Package mod_security

File mod_security-ix.spec of Package mod_security (Revision 2)

Currently displaying revision 2, show latest

Summary:	Security module for the Apache HTTP Server
Name:		mod_security 
Version:	2.5.13
Release:	22
License:	GPLv2
URL:		http://www.modsecurity.org/
Group:		System Environment/Daemons
Source:		http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz
Source1:	00_mod_security.conf
Source2:	modsecurity_crs_10_config-default.conf 
Source3:	999_asl_custom_exclude.conf
Source4:	999_asl_custom_local_exclude.conf
Patch1:		waf-label.patch
BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires:	httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)
BuildRequires:	httpd-devel libxml2-devel pcre-devel libtool pkgconfig curl-devel 
BuildRequires:	curl
BuildRequires:  lua-devel

Requires:	libxml2 pcre lua
Provides:	ix-mod_security = %{version}
Provides:	ix-mod_security-project = %{version}

%description
ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting
as a powerful umbrella - shielding web applications from attacks.

%prep
%setup -n modsecurity-apache_%{version}
%patch1 -p1

%build
CFLAGS="%{optflags}"
export CFLAGS

cd apache2
%configure \
	--disable-pcre-match-limit \
	--disable-pcre-match-limit-recursion

# Legacy from LoadFile
#perl -pi.orig -e 's|LIBDIR|%{_libdir}|;' %{SOURCE1}

make  %{_smp_mflags}

%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/
mkdir -p %{buildroot}/var/asl/data/suspicious
mkdir -p %{buildroot}/var/asl/data/msa
mkdir -p %{buildroot}/var/asl/data/audit
install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{_libdir}/httpd/modules/mod_security2.so
install -D -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/00_mod_security.conf
install -D -m644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/modsecurity_crs_10_config.conf
install -D -m644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/httpd/modsec/999_asl_custom_exclude.conf
install -D -m644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/httpd/modsec/999_asl_custom_local_exclude.conf
install -D -m755 rules/util/modsec-clamscan.pl %{buildroot}%{_bindir}/modsec-clamscan.pl

%clean
rm -rf %{buildroot}

%post
[ -x /usr/local/bin/modsec-permissions ] && /usr/local/bin/modsec-permissions || :

%files
%defattr (-,root,root)
%doc CHANGES LICENSE README.* modsecurity* doc
%{_libdir}/httpd/modules/mod_security2.so
%{_bindir}/modsec-clamscan.pl
%config %{_sysconfdir}/httpd/conf.d/00_mod_security.conf
%dir %{_sysconfdir}/httpd/modsecurity.d
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/modsecurity_crs_10_config.conf
%config %{_sysconfdir}/httpd/modsec/999_asl_custom_exclude.conf
%config(noreplace) %{_sysconfdir}/httpd/modsec/999_asl_custom_local_exclude.conf

%defattr(-,apache,apache)
%dir /var/asl
%dir /var/asl/data
%dir /var/asl/data/suspicious
%dir /var/asl/data/msa
%dir /var/asl/data/audit

%changelog
* Fri Jun 10 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-22
- build extra mod_security package for managed projects

* Mon Jun 06 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-21
- added 999_asl_custom_local_exclude.conf with noreplace
- set 999_asl_custom_exclude.conf to replace

* Mon Jun 06 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-20
- added rules to excludelist:
 - 350147
 - 350148
 - 340162

* Fri May 06 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-19
- rename exclude config file from 00_asl_custom_exclude.conf to 999_asl_custom_exclude.conf

* Thu May 05 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-18
- disable clamav check rule 351000 by default

* Tue May 03 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-17
- add 00_asl_custom_exclude.conf and disable RBL rule 350000 by default

* Fri Apr 01 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-16
- update to release 2.5.13

* Wed Nov 24 2010 Carsten Schoene <cs@linux-administrator.com> - 2.5.12-15
- initial InterNetX GmbH specific mod_security build