From f2449c6f3511e9c88f8b11adabf5be49e5574b90 Mon Sep 17 00:00:00 2001
From: brectanus <brectanus@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Mon, 2 Jun 2008 23:31:27 +0000
Subject: [PATCH] Enable "auditlog" action by default.  See #445 and #451.

---
 CHANGES                               | 5 ++++-
 apache2/re.c                          | 4 ++--
 doc/modsecurity2-apache-reference.xml | 4 ++--
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index a1ffdabd..04dad823 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
-30 May 2008 - trunk
+02 Jun 2008 - trunk
 -------------------
 
+* Enable the "auditlog" action by default to help prevent a misconfiguration.
+  The new default is now: "phase:2,log,auditlog,pass"
+
 * Improve request body processing error messages.
 
 * Handle lack of a new line after the final boundary in a multipart request.
diff --git a/apache2/re.c b/apache2/re.c
index 47486f76..371fc579 100644
--- a/apache2/re.c
+++ b/apache2/re.c
@@ -659,7 +659,7 @@ msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent
 msre_actionset *msre_actionset_create_default(msre_engine *engine) {
     char  *my_error_msg = NULL;
     return msre_actionset_create(engine,
-        "phase:2,log,pass",
+        "phase:2,log,auditlog,pass",
         &my_error_msg);
 }
 
@@ -691,7 +691,7 @@ void msre_actionset_set_defaults(msre_actionset *actionset) {
     if (actionset->intercept_pause == NOT_SET) actionset->intercept_pause = 0;
 
     /* Other */
-    if (actionset->auditlog == NOT_SET) actionset->auditlog = 0;
+    if (actionset->auditlog == NOT_SET) actionset->auditlog = 1;
     if (actionset->log == NOT_SET) actionset->log = 1;
 }
 
diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index fd4c8856..0a509250 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -4,7 +4,7 @@
   Manual</title>
 
   <articleinfo>
-    <releaseinfo>Version 2.6.0-trunk (April 02, 2008)</releaseinfo>
+    <releaseinfo>Version 2.6.0-trunk (June 02, 2008)</releaseinfo>
 
     <copyright>
       <year>2004-2008</year>
@@ -1185,7 +1185,7 @@ SecAuditLogStorageDir logs/audit
       <para>The default value is minimal (differing from previous
       versions):</para>
 
-      <programlisting format="linespecific">SecDefaultAction phase:2,log,pass</programlisting>
+      <programlisting format="linespecific">SecDefaultAction phase:2,log,auditlog,pass</programlisting>
 
       <para><emphasis>Note</emphasis></para>