#Module-Specific definitions %define mod_name mod_security %define mod_conf 82_%{mod_name}.conf %define mod_so %{mod_name}.so Summary: Mod_security is a DSO module for the apache web server Name: apache-%{mod_name} Version: 1.9.4 Release: %mkrel 2 Group: System/Servers License: GPL URL: http://www.modsecurity.org/ Source0: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz Source1: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz.asc Source2: http://www.modsecurity.org/download/modsecurity-rules-current.tar.gz Source3: %{mod_conf}.bz2 # (fc) 1.8.7-1mdk fix some snort rules Patch0: modsecurity-apache-1.9.1-web-attacks.rules.diff Patch1: modsecurity-apache-1.9.1-web-php.rules.diff Requires(pre): rpm-helper Requires(postun): rpm-helper Requires(pre): apache-conf >= 2.0.54 Requires(pre): apache >= 2.0.54 Requires: apache-conf >= 2.0.54 Requires: apache >= 2.0.54 BuildRequires: apache-devel >= 2.0.54 BuildRequires: file BuildRequires: snort-rules Provides: apache2-mod_security Obsoletes: apache2-mod_security Epoch: 1 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot %description ModSecurity is an open source intrustion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. %prep %setup -q -n modsecurity-apache_%{version} -a2 cp %{_sysconfdir}/snort/rules/web*.rules . %patch0 -p0 -b .web-attacks %patch1 -p0 -b .web-php cat > mod_security-snortrules.conf << EOF # This file was generated using the %{_sbindir}/snort2modsec.pl perl script like so: # 1. urpmi snort-rules # 2. snort2modsec.pl /etc/snort/rules/web*.rules >> /etc/httpd/conf/mod_security-snortrules.conf EOF perl util/snort2modsec.pl web*.rules >> mod_security-snortrules.conf # strip away annoying ^M find . -type f|xargs file|grep 'CRLF'|cut -d: -f1|xargs perl -p -i -e 's/\r//' find . -type f|xargs file|grep 'text'|cut -d: -f1|xargs perl -p -i -e 's/\r//' # fix attribs find doc -type f -exec chmod 644 {} \; %build cp apache2/%{mod_name}.c . %{_sbindir}/apxs -c %{mod_name}.c %install [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} install -d %{buildroot}%{_libdir}/apache-extramodules install -d %{buildroot}%{_sysconfdir}/httpd/modules.d install -m0755 .libs/*.so %{buildroot}%{_libdir}/apache-extramodules/ bzcat %{SOURCE3} > %{buildroot}%{_sysconfdir}/httpd/modules.d/%{mod_conf} install -d %{buildroot}%{_var}/www/html/addon-modules ln -s ../../../..%{_docdir}/%{name}-%{version} %{buildroot}%{_var}/www/html/addon-modules/%{name}-%{version} install -d %{buildroot}%{_sbindir} install -d %{buildroot}%{_sysconfdir}/httpd/conf install -m0755 util/snort2modsec.pl %{buildroot}%{_sbindir}/ install -m0644 mod_security-snortrules.conf %{buildroot}%{_sysconfdir}/httpd/conf/ install -m0644 modsecurity-experimental.conf %{buildroot}%{_sysconfdir}/httpd/conf/ install -m0644 modsecurity-general.conf %{buildroot}%{_sysconfdir}/httpd/conf/ install -m0644 modsecurity-hardening.conf %{buildroot}%{_sysconfdir}/httpd/conf/ install -m0644 modsecurity-output.conf %{buildroot}%{_sysconfdir}/httpd/conf/ install -m0644 modsecurity-php.conf %{buildroot}%{_sysconfdir}/httpd/conf/ %post if [ -f %{_var}/lock/subsys/httpd ]; then %{_initrddir}/httpd restart 1>&2; fi %postun if [ "$1" = "0" ]; then if [ -f %{_var}/lock/subsys/httpd ]; then %{_initrddir}/httpd restart 1>&2 fi fi %clean [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} %files %defattr(-,root,root) %doc CHANGES INSTALL README httpd.conf* doc/* %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf/mod_security-snortrules.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf/modsecurity-experimental.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf/modsecurity-general.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf/modsecurity-hardening.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf/modsecurity-output.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf/modsecurity-php.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/modules.d/%{mod_conf} %attr(0755,root,root) %{_libdir}/apache-extramodules/%{mod_so} %{_var}/www/html/addon-modules/* %attr(0755,root,root) %{_sbindir}/snort2modsec.pl %changelog * Sun Aug 06 2006 Oden Eriksson <oeriksson@mandriva.com> 1:1.9.4-2mdv2007.0 - rebuild * Mon May 15 2006 Oden Eriksson <oeriksson@mandriva.com> 1:1.9.4-1mdk - 1.9.4 - added the generic rules and use them (S2) * Tue Mar 14 2006 Oden Eriksson <oeriksson@mandriva.com> 1:1.9.2-2mdk - fix deps * Tue Jan 17 2006 Oden Eriksson <oeriksson@mandriva.com> 1:1.9.2-1mdk - 1.9.2 (Minor feature enhancements) * Tue Dec 13 2005 Oden Eriksson <oeriksson@mandriva.com> 1:1.9.1-2mdk - rebuilt against apache-2.2.0 - fix deps * Thu Dec 01 2005 Oden Eriksson <oeriksson@mandriva.com> 1:1.9.1-1mdk - 1.9.1 (Minor bugfixes) - use the common snort-rules package as source * Wed Nov 16 2005 Oden Eriksson <oeriksson@mandriva.com> 1:1.9-1mdk - 1.9 (Major feature enhancements) - fix versioning * Sat Jul 30 2005 Oden Eriksson <oeriksson@mandriva.com> 2.0.54_1.8.7-2mdk - fix deps * Thu Jun 02 2005 Oden Eriksson <oeriksson@mandriva.com> 2.0.54_1.8.7-1mdk - rename the package - the conf.d directory is renamed to modules.d - use new rpm-4.4.x pre,post magic * Sun Mar 20 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53_1.8.7-2mdk - use the %%mkrel macro * Tue Mar 15 2005 Frederic Crozat <fcrozat@mandrakesoft.com> 2.0.53_1.8.7-1mdk - Release 1.8.7 - Fix default config file to have a working server - Patch0: fix some snort rules * Mon Feb 28 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53_1.8.6-3mdk - fix %%post and %%postun to prevent double restarts - fix bug #6574 * Wed Feb 16 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53_1.8.6-2mdk - spec file cleanups, remove the ADVX-build stuff * Tue Feb 8 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.53_1.8.6-1mdk - rebuilt for apache 2.0.53 * Tue Nov 09 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.52_1.8.6-1mdk - rebuilt for apache 2.0.52 * Fri Nov 05 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50_1.8.6-1mdk - 1.8.6 * Wed Oct 27 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50_1.8.5-1mdk - 1.8.5 * Thu Jul 29 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50_1.8.4-1mdk - 1.8.4 * Mon Jul 12 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 2.0.50_1.8.3-1mdk - 1.8.3 - built for apache 2.0.50 - remove redundant provides * Tue Jun 22 2004 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.49_1.8.2-1mdk - 1.8.2 * Mon Jun 14 2004 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.49_1.7.6-1mdk - built for apache 2.0.49 * Tue Mar 23 2004 Michael Scherer <misc@mandrake.org> 2.0.48_1.7.6-1mdk - 1.7.6 - remove auto downloading of the rules * Sun Dec 07 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.48_1.7.4-1mdk - 1.7.4 * Wed Nov 12 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.47_1.7.3-1mdk - 1.7.3 * Wed Nov 05 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.48_1.7.2-1mdk - built for apache 2.0.48 * Sun Nov 02 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.47_1.7.2-1mdk - 1.7.2 * Tue Oct 21 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.47_1.7.1-1mdk - 1.7.1 - drop S2, it's included * Sun Oct 19 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.47_1.7-1mdk - 1.7 - added S2 and some spec file magic * Sun Sep 28 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.47_1.6-1mdk - 1.6 * Thu Jul 10 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.47_1.5.1-1mdk - 1.5.1 - rebuilt against latest apache2, requires and buildrequires - misc spec file fixes - updated S1 * Fri Jun 06 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 2.0.46_1.5-1mdk - initial cooker contrib