install core rule sets actually

18 years ago · 6b2f33c6a4
2 changed files with 49 additions and 3 deletions
--- a/apache-security/apache-security.conf
+++ b/apache-security/apache-security.conf
@ -4,6 +4,23 @@

 LoadModule                  security2_module  @l_prefix@/libexec/apache/mod_security.so

+#
+#   core rule sets
+#
+
+#   include core rule sets
+Include                     @l_prefix@/etc/apache-security/modsecurity_crs_*.conf
+
+#   remove rules of the core rule set which have been proven to trigger
+#   false positives, mostly because they are definied in an too generic
+#   way
+SecRuleRemoveById           950907 \
+                            960015
+
+#
+#   general configuration parameters
+#
+
 SecRuleEngine               On
 SecRequestBodyAccess        On
 SecResponseBodyAccess       Off
@ -21,3 +38,12 @@ SecRequestBodyLimit         131072
 SecRequestBodyInMemoryLimit 131072
 SecResponseBodyLimit        524288

+#
+#   data storages
+#
+
+SecDataDir                  @l_prefix@/var/apache-security/data
+SecTmpDir                   @l_prefix@/var/apache-security/tmp
+SecUploadDir                @l_prefix@/var/apache-security/upload
+SecUploadKeepFiles          off
+
--- a/apache-security/apache-security.spec
+++ b/apache-security/apache-security.spec
@ -71,7 +71,12 @@ AutoReqProv:  no
 %prep
    %setup -q -n modsecurity-apache_%{V_module}
    ( cd rules
-      %{l_gzip} -d -c %{SOURCE modsecurity-core-rules_%{V_rules}.tar.gz} | %{l_tar} xf -
+      %{l_gzip} -dc %{SOURCE modsecurity-core-rules_%{V_rules}.tar.gz} | %{l_tar} xf -
+
+      #   remove config rule set of the ModSecurity core rule set as
+      #   we handle those setting in our default configuration file
+      #   'apache-security.conf' already
+      rm -f modsecurity_crs_10_config.conf
    ) || exit $?
    %patch -p0

@ -94,14 +99,29 @@ AutoReqProv:  no
    %{l_shtool} install -c -m 755 \
        apache2/.libs/mod_security2.so \
        $RPM_BUILD_ROOT%{l_prefix}/libexec/apache/mod_security.so
-    %{l_shtool} install -c -m 755 \
+    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        %{SOURCE apache-security.conf} \
        $RPM_BUILD_ROOT%{l_prefix}/etc/apache/apache.d/

+    #   install core rule sets
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/apache-security
+    %{l_shtool} install -c -m 644 %{l_value -s -a} \
+        rules/modsecurity_crs_*.conf \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/apache-security/
+
+    #   create directories for logs and data storages
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/var/apache-security/{data,log,tmp,upload}
+
    #   determine installation files
    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
        %{l_files_std} \
-        '%config %{l_prefix}/etc/apache/apache.d/apache-security.conf'
+        '%config %{l_prefix}/etc/apache/apache.d/apache-security.conf' \
+        '%config %{l_prefix}/etc/apache-security/*' \
+        '%dir %attr(0770,%{l_susr},%{l_ngrp}) %{l_prefix}/var/apache-security/data' \
+        '%dir %attr(0770,%{l_susr},%{l_ngrp}) %{l_prefix}/var/apache-security/tmp' \
+        '%dir %attr(0770,%{l_susr},%{l_ngrp}) %{l_prefix}/var/apache-security/upload'

 %files -f files