rpms/mod_security/FC-4 mod_security.conf, 1.1, 1.2 mod_security.spec, 1.2, 1.3
Michael G. Fleming (mfleming)
fedora-extras-commits at redhat.com
Thu Jul 21 01:07:44 UTC 2005
Author: mfleming
Update of /cvs/extras/rpms/mod_security/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27149
Modified Files:
mod_security.conf mod_security.spec
Log Message:
Sync with devel
Index: mod_security.conf
===================================================================
RCS file: /cvs/extras/rpms/mod_security/FC-4/mod_security.conf,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mod_security.conf 19 May 2005 01:39:17 -0000 1.1
+++ mod_security.conf 21 Jul 2005 01:07:42 -0000 1.2
@@ -1,5 +1,4 @@
# Example configuration file for the mod_security Apache module
-# This is a minimal setup. You should add some extra entries here.
LoadModule security_module modules/mod_security.so
@@ -38,18 +37,18 @@
# SecFilter 111
# Prevent path traversal (..) attacks
- SecFilter "\.\./"
+ # SecFilter "\.\./"
# Weaker XSS protection but allows common HTML tags
- SecFilter "<( |\n)*script"
+ # SecFilter "<( |\n)*script"
# Prevent XSS atacks (HTML/Javascript injection)
- SecFilter "<(.|\n)+>"
+ # SecFilter "<(.|\n)+>"
# Very crude filters to prevent SQL injection attacks
- SecFilter "delete[[:space:]]+from"
- SecFilter "insert[[:space:]]+into"
- SecFilter "select.+from"
+ # SecFilter "delete[[:space:]]+from"
+ # SecFilter "insert[[:space:]]+into"
+ # SecFilter "select.+from"
# Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
@@ -69,4 +68,40 @@
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"
- </IfModule>
+ # Some common application-related rules from
+ # http://modsecrules.monkeydev.org/rules.php?safety=safe
+
+ #Nuke Bookmarks XSS
+ SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)"
+
+ #Nuke Bookmarks Marks.php SQL Injection Vulnerability
+ SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)"
+
+ #PHPNuke general XSS attempt
+ #/modules.php?name=News&file=article&sid=1&optionbox=
+ SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script"
+
+ # PHPNuke SQL injection attempt
+ SecFilterSelective THE_REQUEST "/modules\.php\?*name=Search*instory="
+
+ #phpnuke sql insertion
+ SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/"
+
+ # WEB-PHP phpbb quick-reply.php arbitrary command attempt
+
+ SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
+ SecFilter "phpbb_root_path="
+
+ #Topic Calendar Mod for phpBB Cross-Site Scripting Attack
+ SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)"
+
+ # phpMyAdmin: Safe
+
+ #phpMyAdmin Export.PHP File Disclosure Vulnerability
+ SecFilterSelective SCRIPT_FILENAME "export\.php$" chain
+ SecFilterSelective ARG_what "\.\."
+
+ #phpMyAdmin path vln
+ SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"
+
+</IfModule>
Index: mod_security.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_security/FC-4/mod_security.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- mod_security.spec 19 May 2005 06:42:01 -0000 1.2
+++ mod_security.spec 21 Jul 2005 01:07:42 -0000 1.3
@@ -1,20 +1,20 @@
Summary: Security module for the Apache HTTP Server
Name: mod_security
Version: 1.8.7
-Release: 2%{?dist}
+Release: 4%{?dist}
License: GPL
URL: http://www.modsecurity.org/
Group: System Environment/Daemons
-Source: http://www.modsecurity.org/download/modsecurity-1.8.7.tar.gz
+Source: http://www.modsecurity.org/download/modsecurity-%{version}.tar.gz
Source1: mod_security.conf
-BuildRoot: %{_tmppath}/%{name}-root/
-Requires: httpd >= 2.0.38
-BuildRequires: httpd-devel >= 2.0.38
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)
+BuildRequires: httpd-devel
%description
-ModSecurity is an open source intrusion detection and prevention engine for web
-applications. It operates embedded into the web server, acting as a powerful
-umbrella - shielding web applications from attacks.
+ModSecurity is an open source intrusion detection and prevention engine
+for web applications. It operates embedded into the web server, acting
+as a powerful umbrella - shielding web applications from attacks.
%prep
@@ -40,6 +40,15 @@
%config(noreplace) /etc/httpd/conf.d/mod_security.conf
%changelog
+* Sat Jul 9 2005 Michael Fleming <mfleming+rpm at enlartenment.com> 1.8.7-4
+- Add Requires: httpd-mmn to get the appropriate "module magic" version
+ (thanks Ville Skyttä)
+- Disabled an overly-agressive rule or two..
+
+* Sat Jul 9 2005 Michael Fleming <mfleming+rpm at enlartenment.com> 1.8.7-3
+- Correct Buildroot
+- Some sensible and safe rules for common apps in mod_security.conf
+
* Thu May 19 2005 Michael Fleming <mfleming+rpm at enlartenment.com> 1.8.7-2
- Don't strip the module (so we can get a useful debuginfo package)
More information about the fedora-extras-commits
mailing list