Allow configuring mod_security's SecAuditLogParts #1392

Merged
merged 6 commits into from Mar 10, 2016

Projects

None yet

3 participants

@stig
Contributor
stig commented Mar 8, 2016

The default configuration for this includes "I" which is not always
always suitable, e.g. if you cannot tolerate POST parameters appearing
in your modsec_audit.log

You may want to omit I if mod_security is protecting a hypothetical
web service that accepts credit card data in a POST request, for
example.

stig added some commits Mar 8, 2016
@stig stig Allow configuring mod_security's SecAuditLogParts
The default configuration for this includes "I" which is not always
always suitable, e.g. if you cannot tolerate POST parameters appearing
in your modsec_audit.log

You may want to omit `I` if mod_security is protecting a hypothetical
web service that accepts credit card data in a POST request, for
example.
7212175
@stig stig Add SecAuditLogParts tests for Debian-based systems
d2699d1
@stig stig Fix parameter name 78ee594
@stig stig Use regular expression rather than exact string match 388ab4b
@stig stig Move default value outside the redhat-specific section
So it is valid for Debian-based systems also.
3d5aa16
@stig
Contributor
stig commented Mar 9, 2016

So many apologies about the many commits here. This is my first encounter with rspec, and I was initially not able to run the tests locally, so was coding blind. I believe it should now pass. I'm happy to squash the commits if desired. (Assuming this change is is accepted at all :-) )

@stig
Contributor
stig commented Mar 9, 2016

It appears that the failure is unrelated to my change:

Finished in 24 minutes 12 seconds (files took 1 minute 29.64 seconds to load)
472 examples, 1 failure, 1 pending

Failed examples:

rspec ./spec/acceptance/vhost_spec.rb:1397 # apache::vhost define fastcgi applies cleanly
@igalic
Member
igalic commented Mar 9, 2016

@stig as far as i know, @hunner is trying to figure this out, as we speak

@stig
Contributor
stig commented Mar 10, 2016

Should I be adding an entry to the README as well, to document this new option?

@igalic igalic added the needs-docs label Mar 10, 2016
@igalic
Member
igalic commented Mar 10, 2016

@stig yes please!

@stig stig Document mod_security's audit_log_parts parameter in README
9ac6064
@hunner hunner commented on the diff Mar 10, 2016
manifests/params.pp
@@ -47,6 +47,8 @@
$vhost_include_pattern = '*'
+ $modsec_audit_log_parts = 'ABIJDEFHZ'
@hunner
hunner Mar 10, 2016 Member

According to the docs the default is ABCFHZ. Why did you choose this instead? It actually says that D isn't even implemented yet.

@hunner hunner commented on the diff Mar 10, 2016
templates/mod/security.conf.erb
@@ -50,7 +50,7 @@
SecDebugLogLevel 0
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
- SecAuditLogParts ABIJDEFHZ
@hunner
hunner Mar 10, 2016 Member

Oh, because this was already the default...

@hunner hunner merged commit 26aecf9 into puppetlabs:master Mar 10, 2016

2 of 3 checks passed

continuous-integration/pcci-trusty PCCI Voting System
Details
continuous-integration/pcci-centos7 PCCI Voting System
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@stig stig deleted the unknown repository branch May 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment