1633 Commits

Author SHA1 Message Date
Felipe Zimmerle
d86427f1dd Minor fix on the auditlog regression tests 2015-07-14 16:42:03 -03:00
Felipe Zimmerle
f0624bb089 Adds support to ARGS_GET_NAMES variable 2015-07-14 16:41:55 -03:00
Felipe Zimmerle
e7ec09623d Adds support to ARGS_POST_NAMES variable 2015-07-14 16:41:36 -03:00
Felipe Zimmerle
bc0553e726 Adds support to the variable ARGS_NAMES 2015-07-14 15:22:42 -03:00
Felipe Zimmerle
92c132b64c Adds support to the ARGS_GET variable 2015-07-14 15:22:42 -03:00
Felipe Zimmerle
492526cfc5 Minor fix on the actions test case 2015-07-14 15:22:34 -03:00
Felipe Zimmerle
85f065363d Adds support to the variable ARGS_POST 2015-07-14 14:28:14 -03:00
Felipe Zimmerle
228a5ce7cc Adds support to ARGS_COMBINED_SIZE variable 2015-07-14 14:17:12 -03:00
Felipe Zimmerle
76b769cc84 Decodes the url content before assing values to varibles 2015-07-14 13:54:56 -03:00
Felipe Zimmerle
b2954ff223 Fills ARGS variable even on POST 2015-07-14 01:35:52 -03:00
Felipe Zimmerle
9f869a6aab Adds test case for the variable ARGS 2015-07-14 01:35:46 -03:00
Felipe Zimmerle
80f13437e3 Refactoring on the variable read/store methods
Now it is ready to received two (or more) variables with same key.
2015-07-14 00:33:57 -03:00
Felipe Zimmerle
f13a1bd880 Adds support the Parallel audit log index creation
The index is now being generated.
2015-07-14 00:33:57 -03:00
Felipe Zimmerle
96a777a5cf Adds initial serial audit logging support
Serial logging following the format used on ModSecurity 2.9.
2015-07-14 00:33:50 -03:00
Felipe Zimmerle
001d5ebf7f Properly deal with classes destructors
There are some classes such as AuditLog that demands a reference count. That is
needed because this class can be used by different instances of the Rules
classes.
2015-07-13 14:16:48 -03:00
Felipe Zimmerle
0c98bdc80b Adds support to SecAuditLogParts 2015-07-10 19:08:32 -03:00
Felipe Zimmerle
5e33a1a3c4 Opens auditlog files and directories with the correct mode
Respecting the directives: SecAuditLogStorageDir and SecAuditLogFileMode
2015-07-10 19:08:28 -03:00
Felipe Zimmerle
c9620ac50f Writes audit log in parallel mode
First version still missing the index among other things
2015-07-10 18:37:48 -03:00
Felipe Zimmerle
693238b235 Process the log phase independent of disruptive actions
Disruptive actions was making the log phase to not be processed.
2015-07-10 18:37:48 -03:00
Felipe Zimmerle
5e80e001e5 Adds Components information to the audit logs 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
1ddb36a781 Adds SecComponentSignature configuration directive 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
4aa521df65 Adds SecRuleEngine state information to the audit logs 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
75a9cfa273 Uses an enumeration to determine the state of the SecRuleEngine 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
cb8d6249a8 Adds connector information to the audit logs 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
2138dd1369 Adds method setConnectorInformation to ModSecurity class
For the purpose of log it is necessary for modsecurity to understand which
'connector' is consuming the API.
2015-07-10 18:37:48 -03:00
Felipe Zimmerle
e42e7545d7 Adds ModSecurity version information to the audit logs 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
8dab5ac30c Adds whoAmI method to ModSecurity class
The method returns information about the ModSecurity's version and the platform
that it was compiled. Further it will be used by the audit logs and by the
connectors. msc_who_am_i was added accordingly, to the C api.
2015-07-10 18:37:48 -03:00
Felipe Zimmerle
aa8dc9115b Adds first version of Assay's materialization in a JSON format
That format will be used by the audit logs.
2015-07-10 18:37:48 -03:00
Felipe Zimmerle
610b10bcd5 Adds ascTime function to utils
Further this function will be used by the audit logs.
2015-07-10 18:37:48 -03:00
Felipe Zimmerle
888b9622c7 Adds random id to each assay 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
3112794025 Adds a time stamp to assay class 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
278b513933 Adds protocol and http version to processUri method's signature
Protocol and http version will be further used to fill some variables
and the audit log.
2015-07-10 18:37:48 -03:00
Felipe Zimmerle
2109910848 Adds support to the server ID generation
The server ID is a sha-1 identifier generated from the mac address of the first
ethernet device plus the server name. The process is the same used by
ModSecurity 2.9
2015-07-10 18:37:48 -03:00
Felipe Zimmerle
aadbacf854 Adds basic regression test for AuditLog functionalities 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
fd8f26f763 Adds all auditlog related directives to the configuration parser
Added the support for the following configuration directives:
 - SecAuditLogDirMode
 - SecAuditLogStorageDir
 - SecAuditEngine
 - SecAuditLogFileMode
 - SecAuditLog2
 - SecAuditLogParts
 - SecAuditLog
 - SecAuditLogRelevantStatus
 - SecAuditLogType
2015-07-10 18:37:42 -03:00
Felipe Zimmerle
fc622c27df Checks if an assay is relevant to be saved as an auditlog 2015-07-08 18:28:05 -03:00
Felipe Zimmerle
0beae17b4f Adds 'http_returned_code' property to Assay class
To be used by the auditlogs
2015-07-08 18:28:05 -03:00
Felipe Zimmerle
885fe14f30 Adds AuditLogWriter{Serial,Parallel} classes
Furhter those classes will be used to persist (or send) the auditlogs.
2015-07-08 18:28:00 -03:00
Felipe Zimmerle
e44d6e280d Adds actions 'auditlog' and 'noauditlog' 2015-07-08 18:06:46 -03:00
Felipe Zimmerle
71eb27bbe9 Adds a new constructor to Action it now receives kind as parameter
The property kind is mandatory to be specified by actions who extends the class
Action. The new constructor make simpler the implementation of new actions.
2015-07-08 18:06:35 -03:00
Felipe Zimmerle
616a2ae6de Adds AuditLog class
The properties related to the Audit Log were saved into the classes
Rules and Dirver, now all those properties will be saved into the
AuditLog class.
2015-07-08 18:05:09 -03:00
Felipe Zimmerle
7ea9ff8836 Code cosmetic: Having the code following our coding style
This commit also update some methods parameters to const.
2015-07-08 17:33:29 -03:00
Felipe Zimmerle
73154b51a1 Adds processLogging phase to regression tests
Regression tests was not processing the 'LoggingPhase'. It was stopping in the
'ResponseBodyPhase'. As we are implementing the AuditLogs this phase is now
mandatory.
2015-07-08 15:17:40 -03:00
Andrew Hutchings
64a34584cd Build system fixes
1. Fix the build order so "make -j4" works
2. Remove binaries from git tree
3. Add .gitignore file
2015-07-06 15:53:44 -03:00
Felipe Zimmerle
344aa901b1 Updates README.md: highlight that the project still under development 2015-07-06 15:41:07 -03:00
Chaim Sanders
f262b404cc Fixed issue #905 that dealt with compilation on c++ 5.x > 2015-07-03 17:00:46 -04:00
Felipe Zimmerle
b9507e3969 Decreases the bison requirement from 3.0.4 to 3.0.2
Version 3.0.2 seems to be the default package on Ubuntu.
Reported by Andrei Belov - @defanator.
2015-06-30 10:18:06 -03:00
Felipe Zimmerle
721f951154 Adds transformation functions stub
Added stub for all transformations functions supported on
ModSecurity 2.9
2015-06-26 17:34:39 -03:00
Felipe Zimmerle
95cb4c56ab Very first commit: libmodsecurity
Check the README.md file for further information about the libmodsecurity.
2015-06-26 14:35:15 -03:00
Felipe Zimmerle
33cbe0452a Opens space for libmodsecurity
Deletes all files in the repository does not seems to be a good idea.
The better approach will be to create a new repository. On other hand
we don't want this to be detached from this main repository. We can
push this to other repository if necessary.
2015-06-26 14:00:07 -03:00