108 lines
4.3 KiB
RPMSpec
108 lines
4.3 KiB
RPMSpec
%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
|
|
%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}}
|
|
%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
|
|
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
|
|
%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
|
|
%global mod_audit_log_collector 0
|
|
|
|
Name: mod_security
|
|
Version: 2.9.5
|
|
Release: 1
|
|
Summary: Security module for the Apache HTTP Server
|
|
License: ASL 2.0
|
|
URL: http://www.modsecurity.org/
|
|
Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
|
|
Source1: mod_security.conf
|
|
Source2: 10-mod_security.conf
|
|
Source3: modsecurity_localrules.conf
|
|
|
|
Requires: httpd httpd-mmn = %{_httpd_mmn}
|
|
BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel
|
|
BuildRequires: pkgconfig(lua) pkgconfig(libcurl) pkgconfig(libxml-2.0) pkgconfig(libpcre)
|
|
BuildRequires: autoconf automake libtool
|
|
|
|
%description
|
|
This software is also called Modsec,it is an open-source web application firewall.
|
|
It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide
|
|
protections against generic classed of vulnerabilities.The install of this package
|
|
is easy and you can read the README.TXT for more information.
|
|
|
|
%if %mod_audit_log_collector
|
|
%package -n mlogc
|
|
Summary: Collect mod_security audit log
|
|
Requires: mod_security
|
|
|
|
%description -n mlogc
|
|
This package collects mod_security audit log.
|
|
%endif
|
|
|
|
%prep
|
|
%autosetup -p1 -n modsecurity-%{version}
|
|
|
|
%build
|
|
./autogen.sh
|
|
%configure --with-yajl --with-apxs=%{_httpd_apxs} --enable-pcre-match-limit-recursion=1000000 --enable-pcre-match-limit=1000000
|
|
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
|
|
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
|
make %{_smp_mflags}
|
|
|
|
%install
|
|
install -d %{buildroot}%{_bindir}
|
|
install -d %{buildroot}%{_sbindir}
|
|
install -d %{buildroot}%{_httpd_moddir}
|
|
install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so
|
|
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
|
|
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules
|
|
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
|
install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
|
|
install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
|
|
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
|
|
install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
|
|
sed -i 's/Include/IncludeOptional/' %{buildroot}%{_httpd_confdir}/mod_security.conf
|
|
install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
|
|
%else
|
|
install -d -m0755 %{buildroot}%{_httpd_confdir}
|
|
cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
|
|
%endif
|
|
|
|
%if %mod_audit_log_collector
|
|
install -d %{buildroot}%{_localstatedir}/log/mlogc
|
|
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
|
|
install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
|
|
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
|
|
install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
|
|
%endif
|
|
|
|
%files
|
|
%doc README.* NOTICE LICENSE CHANGES
|
|
%{_httpd_moddir}/mod_security2.so
|
|
%config(noreplace) %{_httpd_confdir}/*.conf
|
|
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
|
|
%config(noreplace) %{_httpd_modconfdir}/*.conf
|
|
%endif
|
|
%dir %{_sysconfdir}/httpd/modsecurity.d
|
|
%dir %{_sysconfdir}/httpd/modsecurity.d/local_rules
|
|
%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
|
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
|
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
|
|
|
|
%if %mod_audit_log_collector
|
|
%files -n mlogc
|
|
%doc mlogc/INSTALL
|
|
%attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
|
|
%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
|
|
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
|
|
%attr(0755,root,root) %{_bindir}/mlogc-batch-load
|
|
%attr(0755,root,root) %{_bindir}/mlogc
|
|
%endif
|
|
|
|
%changelog
|
|
* Tue Dec 14 2021 yaoxin <yaoxin30@huawei.com> - 2.9.5-1
|
|
- Upgrade mod_security to 2.9.5 for fix CVE-2021-42717
|
|
|
|
* Wed Nov 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.9.2-7
|
|
- Type:enhancement
|
|
- Id:NA
|
|
- SUG:NA
|
|
- DESC:modify the spec
|