rpms/mod_security/FC-4 mod_security.conf, 1.1, 1.2 mod_security.spec, 1.2, 1.3

Thu Jul 21 01:07:44 UTC 2005

Author: mfleming

Update of /cvs/extras/rpms/mod_security/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27149

Modified Files:
	mod_security.conf mod_security.spec 
Log Message:
Sync with devel



Index: mod_security.conf
===================================================================
RCS file: /cvs/extras/rpms/mod_security/FC-4/mod_security.conf,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2

--- mod_security.conf	19 May 2005 01:39:17 -0000	1.1
+++ mod_security.conf	21 Jul 2005 01:07:42 -0000	1.2
@@ -1,5 +1,4 @@
 # Example configuration file for the mod_security Apache module
-# This is a minimal setup. You should add some extra entries here.
 
 LoadModule security_module modules/mod_security.so
 
@@ -38,18 +37,18 @@
     # SecFilter 111
    
     # Prevent path traversal (..) attacks
-    SecFilter "\.\./"
+    # SecFilter "\.\./"
 
     # Weaker XSS protection but allows common HTML tags
-    SecFilter "<( |\n)*script"
+    # SecFilter "<( |\n)*script"
 
     # Prevent XSS atacks (HTML/Javascript injection)
-    SecFilter "<(.|\n)+>"
+    # SecFilter "<(.|\n)+>"
 
     # Very crude filters to prevent SQL injection attacks
-    SecFilter "delete[[:space:]]+from"
-    SecFilter "insert[[:space:]]+into"
-    SecFilter "select.+from"
+    # SecFilter "delete[[:space:]]+from"
+    # SecFilter "insert[[:space:]]+into"
+    # SecFilter "select.+from"
 
     # Require HTTP_USER_AGENT and HTTP_HOST headers
     SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
@@ -69,4 +68,40 @@
     # (and you don't need it anyway)
     SecFilterSelective HTTP_Transfer-Encoding "!^$"
 
-    </IfModule>
+    # Some common application-related rules from
+    # http://modsecrules.monkeydev.org/rules.php?safety=safe
+
+    #Nuke Bookmarks XSS
+    SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)"
+
+    #Nuke Bookmarks Marks.php SQL Injection Vulnerability
+    SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)"
+
+    #PHPNuke general XSS attempt
+    #/modules.php?name=News&file=article&sid=1&optionbox=
+    SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script"
+
+    # PHPNuke SQL injection attempt
+    SecFilterSelective THE_REQUEST "/modules\.php\?*name=Search*instory="
+
+    #phpnuke sql insertion
+    SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/"
+
+    # WEB-PHP phpbb quick-reply.php arbitrary command attempt
+
+    SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
+    SecFilter "phpbb_root_path="
+
+    #Topic Calendar Mod for phpBB Cross-Site Scripting Attack
+    SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)"
+    
+    # phpMyAdmin: Safe
+
+    #phpMyAdmin Export.PHP File Disclosure Vulnerability
+    SecFilterSelective SCRIPT_FILENAME "export\.php$" chain
+    SecFilterSelective ARG_what "\.\."
+
+    #phpMyAdmin path vln
+    SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"
+    	
+</IfModule>


Index: mod_security.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_security/FC-4/mod_security.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- mod_security.spec	19 May 2005 06:42:01 -0000	1.2
+++ mod_security.spec	21 Jul 2005 01:07:42 -0000	1.3
@@ -1,20 +1,20 @@
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 1.8.7
-Release: 2%{?dist}
+Release: 4%{?dist}
 License: GPL
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
-Source: http://www.modsecurity.org/download/modsecurity-1.8.7.tar.gz
+Source: http://www.modsecurity.org/download/modsecurity-%{version}.tar.gz
 Source1: mod_security.conf
-BuildRoot: %{_tmppath}/%{name}-root/
-Requires: httpd >= 2.0.38
-BuildRequires: httpd-devel >= 2.0.38
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Requires: httpd  httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)
+BuildRequires: httpd-devel
 
 %description
-ModSecurity is an open source intrusion detection and prevention engine for web
-applications. It operates embedded into the web server, acting as a powerful
-umbrella - shielding web applications from attacks.
+ModSecurity is an open source intrusion detection and prevention engine
+for web applications. It operates embedded into the web server, acting
+as a powerful umbrella - shielding web applications from attacks.
 
 %prep
 
@@ -40,6 +40,15 @@
 %config(noreplace) /etc/httpd/conf.d/mod_security.conf
 
 %changelog
+* Sat Jul 9 2005 Michael Fleming <mfleming+rpm at enlartenment.com> 1.8.7-4
+- Add Requires: httpd-mmn to get the appropriate "module magic" version
+  (thanks Ville Skyttä)
+- Disabled an overly-agressive rule or two..
+
+* Sat Jul 9 2005 Michael Fleming <mfleming+rpm at enlartenment.com> 1.8.7-3
+- Correct Buildroot
+- Some sensible and safe rules for common apps in mod_security.conf
+
 * Thu May 19 2005 Michael Fleming <mfleming+rpm at enlartenment.com> 1.8.7-2
 - Don't strip the module (so we can get a useful debuginfo package)
 


