From 8c29b7459dc13614ce453e86c36b8a3061c7648a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20R=C4=99korajski?= Date: Tue, 7 May 2013 19:56:23 +0200 Subject: [PATCH] - updated config - package private state dir - rel 2 --- apache-mod_security.conf | 108 +++++++++++++++++++-------------------- apache-mod_security.spec | 9 ++-- 2 files changed, 58 insertions(+), 59 deletions(-) diff --git a/apache-mod_security.conf b/apache-mod_security.conf index 84332fa..3a905a6 100644 --- a/apache-mod_security.conf +++ b/apache-mod_security.conf @@ -5,59 +5,57 @@ LoadModule security2_module modules/mod_security2.so - # This is the ModSecurity Core Rules Set. - - # Basic configuration goes in here - Include conf.d/modsecurity.d/modsecurity.conf-minimal - Include conf.d/modsecurity.d/modsecurity_crs_10_config.conf - - # Protocol violation and anomalies. - - Include conf.d/modsecurity.d/modsecurity_crs_20_protocol_violations.conf - Include conf.d/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf - - # HTTP policy rules - - Include conf.d/modsecurity.d/modsecurity_crs_30_http_policy.conf - - # Here comes the Bad Stuff... - - Include conf.d/modsecurity.d/modsecurity_crs_35_bad_robots.conf - Include conf.d/modsecurity.d/modsecurity_crs_40_generic_attacks.conf - Include conf.d/modsecurity.d/modsecurity_crs_45_trojans.conf - Include conf.d/modsecurity.d/modsecurity_crs_50_outbound.conf - - # Search engines and other crawlers. Only useful if you want to track - # Google / Yahoo et. al. - - # Include modsecurity.d/modsecurity_crs_55_marketing.conf - - Include conf.d/modsecurity.d/modsecurity_crs_23_request_limits.conf - Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_converter.conf - Include conf.d/modsecurity.d/modsecurity_crs_41_phpids_filters.conf - Include conf.d/modsecurity.d/modsecurity_crs_41_sql_injection_attacks.conf - Include conf.d/modsecurity.d/modsecurity_crs_41_xss_attacks.conf - Include conf.d/modsecurity.d/modsecurity_crs_42_tight_security.conf - Include conf.d/modsecurity.d/modsecurity_crs_47_common_exceptions.conf - Include conf.d/modsecurity.d/modsecurity_crs_48_local_exceptions.conf - Include conf.d/modsecurity.d/modsecurity_crs_49_enforcement.conf - Include conf.d/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf - - # Optional rules - - # Include conf.d/modsecurity.d/modsecurity_crs_40_experimental.conf - # Include conf.d/modsecurity.d/modsecurity_crs_42_comment_spam.conf - # Include conf.d/modsecurity.d/modsecurity_crs_46_et_sql_injection.conf - # Include conf.d/modsecurity.d/modsecurity_crs_46_et_web_rules.conf - # - # Include conf.d/modsecurity.d/modsecurity_crs_49_header_tagging.conf - # - # Include conf.d/modsecurity.d/modsecurity_crs_59_outbound_blocking.conf - # Include conf.d/modsecurity.d/modsecurity_crs_60_correlation.conf - - # Put your local rules in here. - - Include conf.d/modsecurity.d/modsecurity_localrules.conf - - SecDataDir /var/run/httpd + # ModSecurity Core Rules Set configuration + + Include conf.d/modsecurity.d/*.conf + Include conf.d/modsecurity.d/activated_rules/*.conf + + # Default recommended configuration + SecRuleEngine On + SecRequestBodyAccess On + SecRule REQUEST_HEADERS:Content-Type "text/xml" \ + "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" + SecRequestBodyLimit 13107200 + SecRequestBodyNoFilesLimit 131072 + SecRequestBodyInMemoryLimit 131072 + SecRequestBodyLimitAction Reject + SecRule REQBODY_ERROR "!@eq 0" \ + "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" + SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ + "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \ + failed strict validation: \ + PE %{REQBODY_PROCESSOR_ERROR}, \ + BQ %{MULTIPART_BOUNDARY_QUOTED}, \ + BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ + DB %{MULTIPART_DATA_BEFORE}, \ + DA %{MULTIPART_DATA_AFTER}, \ + HF %{MULTIPART_HEADER_FOLDING}, \ + LF %{MULTIPART_LF_LINE}, \ + SM %{MULTIPART_MISSING_SEMICOLON}, \ + IQ %{MULTIPART_INVALID_QUOTING}, \ + IP %{MULTIPART_INVALID_PART}, \ + IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ + FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" + + SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ + "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" + + SecPcreMatchLimit 1000 + SecPcreMatchLimitRecursion 1000 + + SecRule TX:/^MSC_/ "!@streq 0" \ + "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + + SecResponseBodyAccess Off + SecDebugLog /var/log/httpd/modsec_debug.log + SecDebugLogLevel 0 + SecAuditEngine RelevantOnly + SecAuditLogRelevantStatus "^(?:5|4(?!04))" + SecAuditLogParts ABIJDEFHZ + SecAuditLogType Serial + SecAuditLog /var/log/httpd/modsec_audit.log + SecArgumentSeparator & + SecCookieFormat 0 + SecTmpDir /var/lib/mod_security + SecDataDir /var/lib/mod_security diff --git a/apache-mod_security.spec b/apache-mod_security.spec index 3b2f486..e0c50f1 100644 --- a/apache-mod_security.spec +++ b/apache-mod_security.spec @@ -4,7 +4,7 @@ Summary: Apache module: securing web applications Summary(pl.UTF-8): Moduł do apache: ochrona aplikacji WWW Name: apache-mod_%{mod_name} Version: 2.7.3 -Release: 1 +Release: 2 License: GPL v2 Group: Networking/Daemons/HTTP Source0: http://www.modsecurity.org/tarball/%{version}//modsecurity-apache_%{version}.tar.gz @@ -57,13 +57,13 @@ This package contains the ModSecurity Audit Log Collector. %install rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT{%{apachelibdir},%{apacheconfdir}} \ - install -d $RPM_BUILD_ROOT{/var/log/mlogc/data,%{_bindir},%{_sysconfdir}} +install -d $RPM_BUILD_ROOT{%{apachelibdir},%{apacheconfdir}/modsecurity.d} \ + $RPM_BUILD_ROOT{/var/log/mlogc/data,%{_bindir},%{_sysconfdir}} \ + $RPM_BUILD_ROOT/var/lib/%{name} install apache2/.libs/mod_%{mod_name}2.so $RPM_BUILD_ROOT%{apachelibdir} cp -a %{SOURCE1} $RPM_BUILD_ROOT%{apacheconfdir}/90_mod_%{mod_name}.conf -install -d $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d/blocking cp -a modsecurity.conf-recommended $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d echo '# Drop your local rules in here.' > $RPM_BUILD_ROOT%{apacheconfdir}/modsecurity.d/modsecurity_localrules.conf @@ -89,6 +89,7 @@ fi %dir %{apacheconfdir}/modsecurity.d %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{apacheconfdir}/modsecurity.d/*.* %attr(755,root,root) %{apachelibdir}/*.so +%attr(770,http,root) %dir /var/lib/%{name} %files -n mlogc %defattr(644,root,root,755) -- 2.43.0