At patch 45805be, @littlecho changed the behaviour to set the audit log
index/serial file permission. Before, it was using the default permission now
it is respecting the permission configured via SecAuditLogFileMode. This patch
replicates @littlecho's work to the secundary auditlog file.
Change third parameter(which is the apr file permission flag) from CREATEMODE to dcfg->auditlog_fileperms. Due to the user can specify the desired file permission setting for the audit log files with setting the value of SecAuditLogFileMode, we should follow the file permission setting from the config file. Therefore, as the dcfg->auditlog_fileperms will be modified in cmd_audit_log_dirmode function, we can use the value while calling apr_file_open to meet the file permission that specified in modsecurity.conf.
Setting SecAuditLogType concurrent the files created by modsecurity in the directory SecAuditLogStorageDir
are of the type
%Y%m%d-%H%M%S-UNIQUE_ID
where UNIQUE_ID is produced by the module mod_unique_id. In apache 2.2
UNIQUE_ID was 24 characters long while in apache 2.4 is 27 characters long,
as a result of the new version of mod_unique_id. This patch extends
the regular expression for searching these log files for apache 2.4 and apache 2.2,
and also with future releases, at least with regard to the length of UNIQUE_ID
Signed-off-by: Elia Pinto <elia.pinto@gmail.com>
All of the apr flags needed to compile APU_HAVE_CRYPTO check
in configure.ac aren't passed. While this works fine for 64-bit
machines (because _LARGEFILE64_SOURCE is already defined),
this does not work on 32-bit. This in-turn breaks the apr_off_t
definition in apr.h.
By passing along the apr --cflags and --cppflags to compile,
32-bit machines will allow WITH_APU_CRYPTO to be set if there's
support for it.
A random number generator needs to be initialized once per process after a fork, but not after each request, more so with an argument that changes only once per second.
This fixes SpiderLabs#778
This is a copy of my commit deec149ca363dd14213afd1f9d7f71a71959ef31.
It is easy to test old/new code standalone with valgrind;
jst insert the getkey() function into this template:
-----------getkey() goes here-----------------
int main(void)
{
apr_pool_t *p;
apr_initialize();
apr_pool_create(&p, NULL);
printf("%s\n", getkey(p));
return 0;
}
Keep compatibility among different versions of Apache is not a simple
task, in this case it can be avoided by the creation of our own version
of ap_find_command, that is now used by msc_remote_rules.
