From: Tomasz Pala <gotar@pld-linux.org>
Date: Thu, 15 Apr 2010 18:47:04 +0000 (+0000)
Subject: - use modsecurity.conf-minimal by default with the rest of base rules,
X-Git-Tag: auto/th/apache-mod_security-2_5_12-3
X-Git-Url: http://git.pld-linux.org/?p=packages%2Fapache-mod_security.git;a=commitdiff_plain;h=6daedeb1f3d57a3d00afddab454b9b69dfc2eee4

- use modsecurity.conf-minimal by default with the rest of base rules,
- set SecDataDir to /var/run/httpd, package *.data files,
- S: apache-mod_headers for crs_49_header_tagging, rel. 3

Changed files:
    apache-mod_security.conf -> 1.5
    apache-mod_security.spec -> 1.32
---

diff --git a/apache-mod_security.conf b/apache-mod_security.conf
index a958747..84332fa 100644
--- a/apache-mod_security.conf
+++ b/apache-mod_security.conf
@@ -8,6 +8,7 @@ LoadModule security2_module modules/mod_security2.so
 	# This is the ModSecurity Core Rules Set.
 
 	# Basic configuration goes in here
+	Include conf.d/modsecurity.d/modsecurity.conf-minimal
 	Include conf.d/modsecurity.d/modsecurity_crs_10_config.conf
 
 	# Protocol violation and anomalies.
@@ -31,7 +32,32 @@ LoadModule security2_module modules/mod_security2.so
 
 	# Include modsecurity.d/modsecurity_crs_55_marketing.conf
 
+	Include conf.d/modsecurity.d/modsecurity_crs_23_request_limits.conf
+	Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_converter.conf
+	Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_filters.conf
+	Include conf.d/modsecurity.d/modsecurity_crs_41_sql_injection_attacks.conf
+	Include conf.d/modsecurity.d/modsecurity_crs_41_xss_attacks.conf
+	Include conf.d/modsecurity.d/modsecurity_crs_42_tight_security.conf
+	Include conf.d/modsecurity.d/modsecurity_crs_47_common_exceptions.conf
+	Include conf.d/modsecurity.d/modsecurity_crs_48_local_exceptions.conf
+	Include conf.d/modsecurity.d/modsecurity_crs_49_enforcement.conf
+	Include conf.d/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf
+
+	# Optional rules
+
+	# Include conf.d/modsecurity.d/modsecurity_crs_40_experimental.conf
+	# Include conf.d/modsecurity.d/modsecurity_crs_42_comment_spam.conf
+	# Include conf.d/modsecurity.d/modsecurity_crs_46_et_sql_injection.conf
+	# Include conf.d/modsecurity.d/modsecurity_crs_46_et_web_rules.conf
+	# <IfModule mod_headers.c>
+	#	Include conf.d/modsecurity.d/modsecurity_crs_49_header_tagging.conf
+	# </IfModule>
+	# Include conf.d/modsecurity.d/modsecurity_crs_59_outbound_blocking.conf
+	# Include conf.d/modsecurity.d/modsecurity_crs_60_correlation.conf
+
 	# Put your local rules in here.
 
 	Include conf.d/modsecurity.d/modsecurity_localrules.conf
+
+	SecDataDir	/var/run/httpd
 </IfModule>
diff --git a/apache-mod_security.spec b/apache-mod_security.spec
index 5fe8ac1..b625440 100644
--- a/apache-mod_security.spec
+++ b/apache-mod_security.spec
@@ -4,7 +4,7 @@ Summary:	Apache module: securing web applications
 Summary(pl.UTF-8):	ModuÅ do apache: ochrona aplikacji WWW
 Name:		apache-mod_%{mod_name}
 Version:	2.5.12
-Release:	2
+Release:	3
 License:	GPL v2
 Group:		Networking/Daemons/HTTP
 Source0:	http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz
@@ -15,6 +15,7 @@ BuildRequires:	apache-devel
 BuildRequires:	rpmbuild(macros) >= 1.268
 Requires:	apache(modules-api) = %apache_modules_api
 Requires:	apache-mod_unique_id
+Suggests:	apache-mod_headers
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define		apacheconfdir	%(%{apxs} -q SYSCONFDIR 2>/dev/null)/conf.d
@@ -56,7 +57,7 @@ install apache2/.libs/mod_%{mod_name}2.so $RPM_BUILD_ROOT%{apachelibdir}
 cp -a %{SOURCE1} $RPM_BUILD_ROOT%{apacheconfdir}/90_mod_%{mod_name}.conf
 
 install -d $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d/blocking
-cp -a rules/*.conf rules/base_rules/* $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d
+cp -a modsecurity.conf-minimal rules/*.conf rules/base_rules/* $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d
 #cp -a rules/blocking/*.conf $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d/blocking
 echo '# Drop your local rules in here.' > $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d/modsecurity_localrules.conf
 
@@ -73,10 +74,10 @@ fi
 
 %files
 %defattr(644,root,root,755)
-%doc CHANGES MODSECURITY_LICENSING_EXCEPTION README.* modsecurity* doc/* rules/optional_rules rules/README.rules rules/CHANGELOG.rules
+%doc CHANGES MODSECURITY_LICENSING_EXCEPTION README.* modsecurity* doc/* rules/optional_rules rules/README.rules rules/CHANGELOG.rules tools
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{apacheconfdir}/*_mod_%{mod_name}.conf
 %dir %{apacheconfdir}/modsecurity.d
 %dir %{apacheconfdir}/modsecurity.d/blocking
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{apacheconfdir}/modsecurity.d/*.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{apacheconfdir}/modsecurity.d/*.*
 #%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{apacheconfdir}/modsecurity.d/blocking/*.conf
 %attr(755,root,root) %{apachelibdir}/*.so
