github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,621 Commits 55 Branches 109 Tags
Commit Graph

1621 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
f13a1bd880 Adds support the Parallel audit log index creation 
The index is now being generated.
 2015-07-14 00:33:57 -03:00
Felipe Zimmerle
96a777a5cf Adds initial serial audit logging support 
Serial logging following the format used on ModSecurity 2.9.
 2015-07-14 00:33:50 -03:00
Felipe Zimmerle
001d5ebf7f Properly deal with classes destructors 
There are some classes such as AuditLog that demands a reference count. That is
needed because this class can be used by different instances of the Rules
classes.
 2015-07-13 14:16:48 -03:00
Felipe Zimmerle
0c98bdc80b Adds support to SecAuditLogParts 2015-07-10 19:08:32 -03:00
Felipe Zimmerle
5e33a1a3c4 Opens auditlog files and directories with the correct mode 
Respecting the directives: SecAuditLogStorageDir and SecAuditLogFileMode
 2015-07-10 19:08:28 -03:00
Felipe Zimmerle
c9620ac50f Writes audit log in parallel mode 
First version still missing the index among other things
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
693238b235 Process the log phase independent of disruptive actions 
Disruptive actions was making the log phase to not be processed.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
5e80e001e5 Adds Components information to the audit logs 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
1ddb36a781 Adds SecComponentSignature configuration directive 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
4aa521df65 Adds SecRuleEngine state information to the audit logs 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
75a9cfa273 Uses an enumeration to determine the state of the SecRuleEngine 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
cb8d6249a8 Adds connector information to the audit logs 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
2138dd1369 Adds method setConnectorInformation to ModSecurity class 
For the purpose of log it is necessary for modsecurity to understand which
'connector' is consuming the API.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
e42e7545d7 Adds ModSecurity version information to the audit logs 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
8dab5ac30c Adds whoAmI method to ModSecurity class 
The method returns information about the ModSecurity's version and the platform
that it was compiled. Further it will be used by the audit logs and by the
connectors. msc_who_am_i was added accordingly, to the C api.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
aa8dc9115b Adds first version of Assay's materialization in a JSON format 
That format will be used by the audit logs.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
610b10bcd5 Adds ascTime function to utils 
Further this function will be used by the audit logs.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
888b9622c7 Adds random id to each assay 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
3112794025 Adds a time stamp to assay class 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
278b513933 Adds protocol and http version to processUri method's signature 
Protocol and http version will be further used to fill some variables
and the audit log.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
2109910848 Adds support to the server ID generation 
The server ID is a sha-1 identifier generated from the mac address of the first
ethernet device plus the server name. The process is the same used by
ModSecurity 2.9
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
aadbacf854 Adds basic regression test for AuditLog functionalities 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
fd8f26f763 Adds all auditlog related directives to the configuration parser 
Added the support for the following configuration directives:
 - SecAuditLogDirMode
 - SecAuditLogStorageDir
 - SecAuditEngine
 - SecAuditLogFileMode
 - SecAuditLog2
 - SecAuditLogParts
 - SecAuditLog
 - SecAuditLogRelevantStatus
 - SecAuditLogType
 2015-07-10 18:37:42 -03:00
Felipe Zimmerle
fc622c27df Checks if an assay is relevant to be saved as an auditlog 2015-07-08 18:28:05 -03:00
Felipe Zimmerle
0beae17b4f Adds 'http_returned_code' property to Assay class 
To be used by the auditlogs
 2015-07-08 18:28:05 -03:00
Felipe Zimmerle
885fe14f30 Adds AuditLogWriter{Serial,Parallel} classes 
Furhter those classes will be used to persist (or send) the auditlogs.
 2015-07-08 18:28:00 -03:00
Felipe Zimmerle
e44d6e280d Adds actions 'auditlog' and 'noauditlog' 2015-07-08 18:06:46 -03:00
Felipe Zimmerle
71eb27bbe9 Adds a new constructor to Action it now receives kind as parameter 
The property kind is mandatory to be specified by actions who extends the class
Action. The new constructor make simpler the implementation of new actions.
 2015-07-08 18:06:35 -03:00
Felipe Zimmerle
616a2ae6de Adds AuditLog class 
The properties related to the Audit Log were saved into the classes
Rules and Dirver, now all those properties will be saved into the
AuditLog class.
 2015-07-08 18:05:09 -03:00
Felipe Zimmerle
7ea9ff8836 Code cosmetic: Having the code following our coding style 
This commit also update some methods parameters to const.
 2015-07-08 17:33:29 -03:00
Felipe Zimmerle
73154b51a1 Adds processLogging phase to regression tests 
Regression tests was not processing the 'LoggingPhase'. It was stopping in the
'ResponseBodyPhase'. As we are implementing the AuditLogs this phase is now
mandatory.
 2015-07-08 15:17:40 -03:00
Andrew Hutchings
64a34584cd Build system fixes 
1. Fix the build order so "make -j4" works
2. Remove binaries from git tree
3. Add .gitignore file
 2015-07-06 15:53:44 -03:00
Felipe Zimmerle
344aa901b1 Updates README.md: highlight that the project still under development 2015-07-06 15:41:07 -03:00
Chaim Sanders
f262b404cc Fixed issue #905 that dealt with compilation on c++ 5.x > 2015-07-03 17:00:46 -04:00
Felipe Zimmerle
b9507e3969 Decreases the bison requirement from 3.0.4 to 3.0.2 
Version 3.0.2 seems to be the default package on Ubuntu.
Reported by Andrei Belov - @defanator.
 2015-06-30 10:18:06 -03:00
Felipe Zimmerle
721f951154 Adds transformation functions stub 
Added stub for all transformations functions supported on
ModSecurity 2.9
 2015-06-26 17:34:39 -03:00
Felipe Zimmerle
95cb4c56ab Very first commit: libmodsecurity 
Check the README.md file for further information about the libmodsecurity.
 2015-06-26 14:35:15 -03:00
Felipe Zimmerle
33cbe0452a Opens space for libmodsecurity 
Deletes all files in the repository does not seems to be a good idea.
The better approach will be to create a new repository. On other hand
we don't want this to be detached from this main repository. We can
push this to other repository if necessary.
 2015-06-26 14:00:07 -03:00
Felipe Zimmerle
4a49d5b8dc Adds information about the issue #871 on the CHANGES file 2015-05-04 09:59:44 -03:00
Kurt Newman
d9bebfb874 Compiles against ssdeep in non-standard location 
Issue 871: (*nix) Tacks on the include and lib directory when
a the user specifies a path for ssdeep in an alternate location.
 2015-05-04 09:56:03 -03:00
Felipe Zimmerle
25666005ed Modifies the CHANGES file to cite issue #609 2015-03-26 09:53:04 -07:00
Jeff Trawick
1ed95ad932 Fix invalid storage reference by apr_psprintf() when creating a string from salt[]. salt[] is not '\0'-terminated, so apr_psprintf() needs to be told the extent of the bytes to read. 
It is easy to test old/new code standalone with valgrind;
jst insert the getkey() function into this template:

-----------getkey() goes here-----------------

int main(void)
{
    apr_pool_t *p;

    apr_initialize();
    apr_pool_create(&p, NULL);

    printf("%s\n", getkey(p));
    return 0;
}
 2015-03-26 08:55:54 -07:00
Felipe Zimmerle
a9a39255b9 Version 2.9.0 
Increasing version to 2.9.0.
v2.9.0 		2015-02-12 10:58:11 -08:00
Felipe Zimmerle
b304ab1aa2 Improves SecRemoteRules messages on IIS 
IIS was not displaying correctly the error messages and the amount of
loaded rules while the operator SecRemoteRules was used.
 2015-02-12 09:37:32 -08:00
Felipe Zimmerle
f7c7a30db9 Uses our own version of ap_find_command 
Keep compatibility among different versions of Apache is not a simple
task, in this case it can be avoided by the creation of our own version
of ap_find_command, that is now used by msc_remote_rules.
 2015-02-12 09:34:42 -08:00
Felipe Zimmerle
462308be74 Improves the accuracy of version identification on status calls 
Trying to differentiate among IIS, Apache, NGINX, and Standalone builds.
 2015-02-11 18:37:01 -08:00
Felipe Zimmerle
a235b536a4 Fix apr_crypto.h include in modsecurity.h and msc_remote_rules.c 
apr_crypto is not always available, configure scripts are looking for
it and setting WITH_APU_CRYPTO in case it is found. There were two
places where apr_crypto.h was included without validating if
WITH_APU_CRYPTO was set. This patch removes the inclusion from the
first place (it seems not to be mandatory) and add the check for
WITH_APU_CRYPTO in the second one. This fix issue #834.
 2015-02-11 08:15:30 -08:00
Chaim Sanders
2e09b8e542 Fixed comment incorrect comment 2014-12-29 18:03:19 -05:00
Felipe Zimmerle
de74b131c6 Version 2.9.0-RC2 
Increasing version to 2.9.0-RC2.
v2.9.0-rc2 		2014-12-15 12:55:11 -08:00
Felipe Zimmerle
b1e4954a86 Closes a file handle that was left opened on fuzzy hash 
Fuzzy hash implementation was lefting a file handle behind whenever the results
matched.
 2014-12-12 04:34:21 -08:00