import CS mod_security_crs-3.3.5-1.el9
This commit is contained in:
parent
e41e5285f5
commit
2380a6ab7a
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/v3.3.4.tar.gz
|
SOURCES/v3.3.5.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
821796a48bbedd1a0d962614ef473625da85feae SOURCES/v3.3.4.tar.gz
|
b552005471446a4a2454a6b6ee7e65f864219ce0 SOURCES/v3.3.5.tar.gz
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
diff --git a/crs-setup.conf.example b/crs-setup.conf.example
|
diff --git a/crs-setup.conf.example b/crs-setup.conf.example
|
||||||
index b443e77..0fdd5cb 100644
|
index e0b1d9c..cc2f97c 100644
|
||||||
--- a/crs-setup.conf.example
|
--- a/crs-setup.conf.example
|
||||||
+++ b/crs-setup.conf.example
|
+++ b/crs-setup.conf.example
|
||||||
@@ -234,7 +234,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
|
@@ -234,7 +234,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
|
||||||
@ -57,11 +57,11 @@ index b443e77..0fdd5cb 100644
|
|||||||
#
|
#
|
||||||
# Some well-known applications may undertake actions that appear to be
|
# Some well-known applications may undertake actions that appear to be
|
||||||
diff --git a/rules/REQUEST-901-INITIALIZATION.conf b/rules/REQUEST-901-INITIALIZATION.conf
|
diff --git a/rules/REQUEST-901-INITIALIZATION.conf b/rules/REQUEST-901-INITIALIZATION.conf
|
||||||
index 5044abd..06a1bb3 100644
|
index 27fd54a..2095bf7 100644
|
||||||
--- a/rules/REQUEST-901-INITIALIZATION.conf
|
--- a/rules/REQUEST-901-INITIALIZATION.conf
|
||||||
+++ b/rules/REQUEST-901-INITIALIZATION.conf
|
+++ b/rules/REQUEST-901-INITIALIZATION.conf
|
||||||
@@ -89,6 +89,15 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \
|
@@ -89,6 +89,15 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \
|
||||||
ver:'OWASP_CRS/3.3.4',\
|
ver:'OWASP_CRS/3.3.5',\
|
||||||
setvar:'tx.outbound_anomaly_score_threshold=4'"
|
setvar:'tx.outbound_anomaly_score_threshold=4'"
|
||||||
|
|
||||||
+# Default Blocking Early (rule 900120 in setup.conf)
|
+# Default Blocking Early (rule 900120 in setup.conf)
|
||||||
@ -77,7 +77,7 @@ index 5044abd..06a1bb3 100644
|
|||||||
SecRule &TX:paranoia_level "@eq 0" \
|
SecRule &TX:paranoia_level "@eq 0" \
|
||||||
"id:901120,\
|
"id:901120,\
|
||||||
diff --git a/rules/REQUEST-949-BLOCKING-EVALUATION.conf b/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
diff --git a/rules/REQUEST-949-BLOCKING-EVALUATION.conf b/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
||||||
index 050eb04..755315f 100644
|
index 9ee4a8d..c5e4604 100644
|
||||||
--- a/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
--- a/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
||||||
+++ b/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
+++ b/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
||||||
@@ -12,7 +12,66 @@
|
@@ -12,7 +12,66 @@
|
||||||
@ -171,7 +171,7 @@ index 050eb04..755315f 100644
|
|||||||
|
|
||||||
SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
|
SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
|
||||||
diff --git a/rules/RESPONSE-950-DATA-LEAKAGES.conf b/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
diff --git a/rules/RESPONSE-950-DATA-LEAKAGES.conf b/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
||||||
index 13013de..bf9b03d 100644
|
index 0b6f832..5c61674 100644
|
||||||
--- a/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
--- a/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
||||||
+++ b/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
+++ b/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
||||||
@@ -96,7 +96,7 @@ SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,skipAf
|
@@ -96,7 +96,7 @@ SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,skipAf
|
||||||
@ -184,7 +184,7 @@ index 13013de..bf9b03d 100644
|
|||||||
capture,\
|
capture,\
|
||||||
t:none,\
|
t:none,\
|
||||||
diff --git a/rules/RESPONSE-959-BLOCKING-EVALUATION.conf b/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
diff --git a/rules/RESPONSE-959-BLOCKING-EVALUATION.conf b/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
||||||
index 24130eb..549c07c 100644
|
index 689cc94..e30ce13 100644
|
||||||
--- a/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
--- a/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
||||||
+++ b/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
+++ b/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
||||||
@@ -22,7 +22,67 @@
|
@@ -22,7 +22,67 @@
|
||||||
@ -257,7 +257,7 @@ index 24130eb..549c07c 100644
|
|||||||
# NOTE: tx.anomaly_score should not be set initially, but masking would lead to difficult bugs.
|
# NOTE: tx.anomaly_score should not be set initially, but masking would lead to difficult bugs.
|
||||||
# So we add to it.
|
# So we add to it.
|
||||||
@@ -76,6 +136,21 @@ SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
|
@@ -76,6 +136,21 @@ SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
|
||||||
ver:'OWASP_CRS/3.3.4',\
|
ver:'OWASP_CRS/3.3.5',\
|
||||||
setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
|
setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
|
||||||
|
|
||||||
+SecRule TX:BLOCKING_EARLY "@eq 1" \
|
+SecRule TX:BLOCKING_EARLY "@eq 1" \
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
diff --git a/rules/REQUEST-913-SCANNER-DETECTION.conf b/rules/REQUEST-913-SCANNER-DETECTION.conf
|
diff --git a/rules/REQUEST-913-SCANNER-DETECTION.conf b/rules/REQUEST-913-SCANNER-DETECTION.conf
|
||||||
index 2b21cef..335dad2 100644
|
index 6e12d08..6be0b67 100644
|
||||||
--- a/rules/REQUEST-913-SCANNER-DETECTION.conf
|
--- a/rules/REQUEST-913-SCANNER-DETECTION.conf
|
||||||
+++ b/rules/REQUEST-913-SCANNER-DETECTION.conf
|
+++ b/rules/REQUEST-913-SCANNER-DETECTION.conf
|
||||||
@@ -31,6 +31,7 @@ SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,skipAf
|
@@ -31,6 +31,7 @@ SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,skipAf
|
||||||
@ -12,7 +12,7 @@ index 2b21cef..335dad2 100644
|
|||||||
phase:2,\
|
phase:2,\
|
||||||
@@ -49,10 +50,12 @@ SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \
|
@@ -49,10 +50,12 @@ SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \
|
||||||
tag:'PCI/6.5.10',\
|
tag:'PCI/6.5.10',\
|
||||||
ver:'OWASP_CRS/3.3.4',\
|
ver:'OWASP_CRS/3.3.5',\
|
||||||
severity:'CRITICAL',\
|
severity:'CRITICAL',\
|
||||||
- setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
|
- setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
|
||||||
- setvar:'ip.reput_block_flag=1',\
|
- setvar:'ip.reput_block_flag=1',\
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
--- a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf 2020-07-01 18:38:19.000000000 +0200
|
diff --git a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
|
||||||
+++ b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf 2023-02-16 09:14:52.151838881 +0100
|
index 3b2376b..504eb26 100644
|
||||||
@@ -543,8 +543,11 @@
|
--- a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
|
||||||
|
+++ b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
|
||||||
|
@@ -543,8 +543,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
|
||||||
ctl:auditLogParts=+E,\
|
ctl:auditLogParts=+E,\
|
||||||
ver:'OWASP_CRS/3.3.4',\
|
ver:'OWASP_CRS/3.3.5',\
|
||||||
severity:'CRITICAL',\
|
severity:'CRITICAL',\
|
||||||
- setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
|
- setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
|
||||||
- setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
|
- setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Summary: ModSecurity Rules
|
Summary: ModSecurity Rules
|
||||||
Name: mod_security_crs
|
Name: mod_security_crs
|
||||||
Version: 3.3.4
|
Version: 3.3.5
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
|
URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
|
||||||
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
|
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
|
||||||
@ -48,12 +48,15 @@ done
|
|||||||
|
|
||||||
%files
|
%files
|
||||||
%license LICENSE
|
%license LICENSE
|
||||||
%doc CHANGES README.md
|
%doc CHANGES.md README.md
|
||||||
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
|
||||||
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
||||||
%{_datarootdir}/mod_modsecurity_crs
|
%{_datarootdir}/mod_modsecurity_crs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 20 2024 Luboš Uhliarik <luhliari@redhat.com> - 3.3.5-1
|
||||||
|
- Resolves: RHEL-32964 - new version 3.3.5
|
||||||
|
|
||||||
* Fri Feb 09 2024 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-3
|
* Fri Feb 09 2024 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-3
|
||||||
- Resolves: #RHEL-22733 - mod_security_crs - The rule id:913100 in the
|
- Resolves: #RHEL-22733 - mod_security_crs - The rule id:913100 in the
|
||||||
REQUEST-913-SCANNER-DETECTION.conf blocks requests with "User-agent:
|
REQUEST-913-SCANNER-DETECTION.conf blocks requests with "User-agent:
|
||||||
|
Loading…
Reference in New Issue
Block a user