%define debug_package %{nil} %define asl 1 %define cvs RC1 %define libxml2_version 2.6.29 %define libxml2_build_path %{_tmppath}/libxml2-%{libxml2_version} #%define rhel 5 Summary: Security module for the Apache HTTP Server Name: tortix-waf Version: 2.9.0 Release: 13 License: ASL 2.0 URL: http://www.modsecurity.org/ Group: System Environment/Daemons Source: http://www.modsecurity.org/download/modsecurity-%{version}.tar.gz #Source: http://www.modsecurity.org/download/modsecurity-apache_2.7.7.tar.gz Source1: 00_mod_security.conf Source2: tortix_waf.conf Source200: libxml2-%{libxml2_version}.tar.gz Patch0: asl3-logging.patch Patch1: waf-label.patch Patch2: modsecurity-2.6.4-collections-logging.patch Patch3: 001-mod_security-concurrent_logging.patch Patch4: mod_security-2.8-bugfix706.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: tortixd #Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing) #Requires: asl BuildRequires: tortixd-devel BuildRequires: libtool pkgconfig Obsoletes: asl-mod_security Provides: asl-mod_security BuildRequires: atomic-curl-curl-devel atomic-curl-libcurl-devel Requires: atomic-curl-libcurl BuildRequires: lua-devel BuildRequires: pcre-devel Requires: pcre %if 0%{?rhel} == 6 BuildRequires: atomic-yajl-yajl-devel %else BuildRequires: yajl-devel %endif %if 0%{?rhel} == 5 BuildRequires: e2fsprogs e2fsprogs-devel BuildRequires: openldap-devel %else BuildRequires: libxml2-devel %endif Requires: lua BuildRequires: yajl-devel BuildRequires: ssdeep-devel %description ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks. %prep %setup -n modsecurity-%{version} #%setup -n modsecurity-apache_2.7.7 %patch0 -p1 %patch1 -p1 %patch3 -p1 #%patch4 -p1 %if 0%{?rhel} == 5 # This is only safe in a mock environment. tar xfvz %{SOURCE200} cd libxml2-%{libxml2_version} ./configure --prefix=%{libxml2_build_path} make make install %endif %build %define _aslhome /var/asl %define _sysconfdir /var/asl/etc/ %define _prefix /var/asl/usr/ %define _bindir /var/asl/usr/bin/ %define _sbindir /var/asl/usr/sbin/ %define _includedir /var/asl/usr/include/ %define _mandir /var/asl/usr/share/man/ %define _libdir /var/asl/usr/lib/ %ifarch x86_64 %define _libdir /var/asl/usr/lib64/ %endif export CC="gcc -Wl,-rpath,/opt/atomic/atomic-yajl/root/usr/lib,-rpath,/opt/atomic/atomic-yajl/root/usr/lib64,-rpath,/opt/atomic/atomic-curl/root/usr/lib,-rpath,/opt/atomic/atomic-curl/root/usr/lib64" export LDFLAGS="-L/opt/atomic/atomic-yajl/root/usr/lib -L/opt/atomic/atomic-yajl/root/usr/lib64 -L/opt/atomic/atomic-curl/root/usr/lib -L/opt/atomic/atomic-curl/root/usr/lib64 -L/lib " export CFLAGS="-I/opt/atomic/atomic-yajl/root/usr/include -I/opt/atomic/atomic-curl/root/usr/include" export PKG_CONFIG_PATH="/opt/atomic/atomic-yajl/root/usr/lib/pkgconfig:/opt/atomic/atomic-yajl/root/usr/lib64/pkgconfig:/opt/atomic/atomic-curl/root/usr/lib/pkgconfig:/opt/atomic/atomic-curl/root/usr/lib64/pkgconfig:/usr/lib/pkgconfig/:/usr/lib64/pkgconfig/" #%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7 # --enable-pcre-jit \ #%endif %configure \ --enable-pcre-match-limit=no \ --enable-pcre-match-limit-recursion=no \ %if 0%{?rhel} == 5 --with-libxml=%{libxml2_build_path} \ %endif --with-apxs=/var/asl/usr/sbin/apxs \ --with-apr=/var/asl/usr/bin/apr-1-config \ --with-apu=/var/asl/usr/bin/apu-1-config \ --disable-mlogc \ --enable-pcre-study \ --with-yajl \ --with-ssdeep \ --with-curl=/opt/atomic/atomic-curl/root/usr/ \ --enable-lua-cache make %{_smp_mflags} %install rm -rf %{buildroot} #mkdir -p %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/ install -D -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/00_mod_security.conf #install -D -m644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/tortix_waf.conf install -D -m755 apache2/.libs/mod_security2.so %{buildroot}%{_libdir}/httpd/modules/mod_security2.so %post if [ ! -d /var/asl/etc/httpd/modsecurity.d ]; then ln -s /etc/httpd/modsecurity.d /var/asl/etc/httpd/modsecurity.d fi %clean rm -rf %{buildroot} %files %defattr (-,root,root) %doc CHANGES LICENSE README.* modsecurity* doc %{_libdir}/httpd/modules/mod_security2.so %config %{_sysconfdir}/httpd/conf.d/00_mod_security.conf #%config /var/asl/etc/httpd/modsecurity.d/tortix_waf.conf %changelog * Wed Feb 24 2016 Support - 2.9.0-13 - Add remote rules support * Thu Oct 22 2015 Support - 2.9.0-12 - JSON support for el6 * Tue Aug 25 2015 Support - 2.9.0-11 - Disable JIT on el7 * Mon Mar 2 2015 Support - 2.9.0-10 - Update to 2.9 * Mon Jun 16 2014 Support - 2.8.0-8 - Update to 2.8 * Thu May 22 2014 Support - 2.8.0-7 - Temporary Revert to 2.7.7 * Tue May 20 2014 Support - 2.8.0-6 - Update to 2.8 * Wed Apr 9 2014 Support - 2.7.7-5 - Add mod_ruid2 concurrent logging patch * Fri Jan 17 2014 Support - 2.7.7-4 - Update to 2.7.7 * Mon Jun 24 2013 Support - 2.7.4-3 - Update to 2.7.4 * Thu Nov 15 2012 Scott R. Shinn - 2.7.1-2 - Update to 2.7.1 * Tue Nov 13 2012 Scott R. Shinn - 2.7.1-1 - Update to 2.7.1-rc1 * Tue Aug 14 2012 Scott R. Shinn - 2.6.7-1 - Update to 2.6.7 * Thu May 3 2012 Scott R. Shinn - 2.6.6-1 - Update to 2.6.6 * Tue Apr 3 2012 Scott R. Shinn - 2.6.5-1 - Update to 2.6.5 - Bugfix #XXX, set alternate MSA path for daemon * Wed Mar 14 2012 Scott R. Shinn - 2.6.4-1 - Update to 2.6.4 * Fri Feb 10 2012 Scott R. Shinn - 2.6.3-1 - Initial build of asl-mod_security