Skip to content

Change auditlog file permission from CREATEMODE to dcfg->auditlog_fileperms #852

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 16 commits into from
Closed

Change auditlog file permission from CREATEMODE to dcfg->auditlog_fileperms #852

wants to merge 16 commits into from

Conversation

littlecho
Copy link

Change third parameter(which is the apr file permission flag) from CREATEMODE to dcfg->auditlog_fileperms. Due to the user can specify the desired file permission setting for the audit log files with setting the value of SecAuditLogFileMode, we should follow the file permission setting from the config file. Therefore, as the dcfg->auditlog_fileperms will be modified in cmd_audit_log_dirmode function, we can use the value while calling apr_file_open to meet the file permission that specified in modsecurity.conf.

Felipe Zimmerle and others added 16 commits March 21, 2015 04:41
nginx refactoring
e53f989 
Refactoring on the nginx module, including:
 - Better handling larger posts;
 - Now using nginx echo module during the regression tests.
 - Better interacting with neginx chain rules
 - Separation of the request handling and content filters.
 - Better handling nginx sessions and resource counts to allow a
   more efficient garbage collector.
 - Handling both http/1.0 and 1.1, including keep-alive.
 - Tests are now capable to test nginx as a proxy or end-server.
 - Tested agains nginx 1.6 and 1.7.
nginx: looking for segfaults on the regression test.
03952c7 
If nginx segfaults it will return, warning that the test failed.
nginx: better dealing with chunked request body
5d8fa16
nginx: copies the req body chain to be processed instead of move
b405850 
Add a check for the definition MOVE_REQUEST_CHAIN_TO_MODSEC, whenever it is
set the chain will be moved into the brigade. If it was not set the chain
will be only copied. Moving was causing segfaults on the following
regression tests:

 owasp-modsecurity#15 - SecRequestBodyInMemoryLimit
 owasp-modsecurity#16 - SecRequestBodyInMemoryLimit (greater)
 owasp-modsecurity#19 - SecRequestBodyLimitAction ProcessPartial (multipart/greater - chunked)
 (from: regression/config/10-request-directives.t)
nginx: cosmetics: Splits lines longer than 80 characters
8a722e8
nginx: cosmetics: Removes trailing whitespace
97a8239
niginx: cosmetics: Changes CRLF to LF
d2a1b61
@InfoHunter
Bugfix: add -P option in test script
a841260 
Otherwise nginx's installation directory could not be specified.

Signed-off-by: paulyang <paulyang.inf@gmail.com>
@defanator
Removed unneeded and invalid initialization.
4846528
@defanator
Obtain port from r->connection->local_sockaddr.
c7ed4dd 
This eliminates segfaults caused by unset (NULL) r->port_start
and non-NULL r->port_end. In fact, r->port_start is always NULL,
so it is useless to rely on this pointer.
nginx: fixing fuzzyHash test case for nginx
1d71116 
POST was happening on a file that was not allowed by nginx to receive a POST.
Nginx was returning 405 instead of 200 making the test to fail. Fixed by
change the URL to one that is allowed to receive POST.
@rmongia
Passthrough the saved Response headers in the response
dd61b18 
Tickets: owasp-modsecurity#735
Allow non-zero Content-Length for HEAD requests
dc2461d
Fix missing status_line when logging in nginx.
1f1eea3
Avoids segfault while running with proxy_pass
226ad1d 
Duplicates the headers variables while coping data from/to ModSecurity.
This seems to fix the segfault that was happening while using proxy_pass.
The variable is later cleaned, which means that we don't have a leak
because of that.
@littlecho
Update apache2_config.c
51200fc 
Change third parameter(which is the apr file permission flag) from CREATEMODE to dcfg->auditlog_fileperms. Due to the user can specify the desired file permission setting for the audit log files with setting the value of SecAuditLogFileMode, we should follow the file permission setting from the config file. Therefore, as the dcfg->auditlog_fileperms will be modified in cmd_audit_log_dirmode function, we can use the value while calling apr_file_open to meet the file permission that specified in modsecurity.conf.
@littlecho littlecho changed the title Update apache2_config.c Change auditlog file permission from CREATEMODE to dcfg->auditlog_fileperms Mar 26, 2015
@zimmerle zimmerle force-pushed the nginx_refactoring branch from 226ad1d to 2c95bcd Compare March 26, 2015 14:40
@zimmerle zimmerle force-pushed the nginx_refactoring branch from 2c95bcd to 8a49998 Compare June 30, 2015 19:05
@zimmerle zimmerle self-assigned this Jan 25, 2016
@zimmerle zimmerle added this to the v2.9.1 milestone Jan 25, 2016
zimmerle pushed a commit that referenced this pull request Jan 26, 2016
Adds information about the pull request #852 on the CHANGES file
4eb095a
@zimmerle
Copy link
Contributor

Hi @littlecho,

Sorry for the huge delay. Your patch is now merge. Made some modification to replicate your work on the secondary audit log file. It will be released as part of v2.9.1

@zimmerle zimmerle closed this Jan 26, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@zimmerle zimmerle

Labels
RIP - release-2.9.1
Projects
None yet
Milestone
v2.9.1
Development

Successfully merging this pull request may close these issues.
5 participants
@littlecho @zimmerle @InfoHunter @defanator @rmongia