%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}} %{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}} %{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}} %{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}} %{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}} %global mod_audit_log_collector 0 Name: mod_security Version: 2.9.5 Release: 1 Summary: Security module for the Apache HTTP Server License: ASL 2.0 URL: http://www.modsecurity.org/ Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz Source1: mod_security.conf Source2: 10-mod_security.conf Source3: modsecurity_localrules.conf Requires: httpd httpd-mmn = %{_httpd_mmn} BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel BuildRequires: pkgconfig(lua) pkgconfig(libcurl) pkgconfig(libxml-2.0) pkgconfig(libpcre) BuildRequires: autoconf automake libtool %description This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more information. %if %mod_audit_log_collector %package -n mlogc Summary: Collect mod_security audit log Requires: mod_security %description -n mlogc This package collects mod_security audit log. %endif %prep %autosetup -p1 -n modsecurity-%{version} %build ./autogen.sh %configure --with-yajl --with-apxs=%{_httpd_apxs} --enable-pcre-match-limit-recursion=1000000 --enable-pcre-match-limit=1000000 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool make %{_smp_mflags} %install install -d %{buildroot}%{_bindir} install -d %{buildroot}%{_sbindir} install -d %{buildroot}%{_httpd_moddir} install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/ install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name} install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/ %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}" install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf sed -i 's/Include/IncludeOptional/' %{buildroot}%{_httpd_confdir}/mod_security.conf install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf %else install -d -m0755 %{buildroot}%{_httpd_confdir} cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf %endif %if %mod_audit_log_collector install -d %{buildroot}%{_localstatedir}/log/mlogc install -d %{buildroot}%{_localstatedir}/log/mlogc/data install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load %endif %files %doc README.* NOTICE LICENSE CHANGES %{_httpd_moddir}/mod_security2.so %config(noreplace) %{_httpd_confdir}/*.conf %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}" %config(noreplace) %{_httpd_modconfdir}/*.conf %endif %dir %{_sysconfdir}/httpd/modsecurity.d %dir %{_sysconfdir}/httpd/modsecurity.d/local_rules %dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules %attr(770,apache,root) %dir %{_localstatedir}/lib/%{name} %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf %if %mod_audit_log_collector %files -n mlogc %doc mlogc/INSTALL %attr(0755,root,root) %dir %{_localstatedir}/log/mlogc %attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf %attr(0755,root,root) %{_bindir}/mlogc-batch-load %attr(0755,root,root) %{_bindir}/mlogc %endif %changelog * Tue Dec 14 2021 yaoxin - 2.9.5-1 - Upgrade mod_security to 2.9.5 for fix CVE-2021-42717 * Wed Nov 20 2019 openEuler Buildteam - 2.9.2-7 - Type:enhancement - Id:NA - SUG:NA - DESC:modify the spec