|
From: Parthasarathi K. <par...@ya...> - 2012-08-24 10:29:03
|
Please find the patch
Thanks
Partha
--- modsecurity-apache/apache2/msc_util.c Fri Aug 24 02:23:52 2012 -0700
+++ modsecurity-apache/apache2/msc_util.c Fri Aug 24 03:26:42 2012 -0700
@@ -387,6 +387,7 @@
} else {
d = strrchr(b, '\\');
if (d != NULL) *d = '\0';
+ else b = apr_pstrdup(p, ".");
}
return b;
@@ -401,7 +402,7 @@
c = strrchr(b, '/');
if (c != NULL) *c = '\0';
-
+ else b = apr_pstrdup(p, ".");
return b;
}
#endif
________________________________
From: Breno Silva <bre...@gm...>
To: mod...@li...
Sent: Thursday, August 23, 2012 11:34 PM
Subject: Re: [Mod-security-developers] SecAuditLogType concurrent, SecAuditLog has file name "audit.log" creates directory audit.log
Hello,
Yes, looks like a possible fix. I just need to make some tests.
Could you send a patch ?
Thanks
Breno
On Thu, Aug 23, 2012 at 12:49 PM, seema deepak <see...@gm...> wrote:
Hi,
>
>Is this a known issue ?
>
>Let me explain the scenario little more.
>
>If we use the below configuration (without SecAuditLogStorageDir) ...
>
>-- -- -- -- --
>
>SecRuleEngine On
>SecAuditEngine On
>SecAuditLogType concurrent
>SecAuditLog ./audit.log
>SecAuditLogParts ABCFHZ
>-- -- -- -- --
>
>when the server starts up, it creates "audit.log" file relative to the server's config directory ( <config dir>/audit.log ).
>And when ModSecurity processes the request, logs the msg in the concurrent log file created relative to server's config directory ( e.g. <config dir>/20120823/20120823-0601/20120823-060111-fNOoe110000000000,0) and that file's info get logged in the audit.log file.
>So we do see some entries in audit.log and the concurrent log.
>
>If we change AuditLog's location to some absolute path like /tmp/audit.log,
>then audit.log is created in the /tmp dir and concurrent logs are also created in /tmp dir ( /tmp/20120823/20120823-0601/20120823-060111-fNOoe110000000000,0).
>
>Issue is when we specify just the filename for SecAuditLog.
>-- -- -- -- --
>
>SecRuleEngine On
>SecAuditEngine On
>SecAuditLogType concurrent
>SecAuditLog audit.log
>SecAuditLogParts ABCFHZ
>
-- -- -- -- --
>
>At server startup, audit.log file gets created in the server's config directory ( <config dir>/audit.log ) . During request processing when ModSecurity tries to create the concurrent log file it tries to create <config dir>/audit.log/<date>/.. dirs but fails as audit.log already exists and is a file.
>
>Change in file_dirname() of msc_util.c to return "." when filename doesn't have "/" or "\" fixed the issue.
>Please let us know if it is the right fix.
>
>Thanks,
>Seema.
>
>
>
>On Tue, Aug 7, 2012 at 9:31 AM, Parthasarathi Kundu <par...@ya...> wrote:
>
>If the rule file contains SecAuditLog and provides the file name and there is no SecAuditLogStorageDir( it is not mandatory) , it creates audit.log as the directory instead of creating that as the index file.
>>
>>
>>
>>SecRuleEngine On
>>SecAuditEngine On
>>SecAuditLogType concurrent
>>SecAuditLog audit.log
>>SecAuditLogParts ABCFHZ
>>
>>
>>
>>
>>
>>The behaviour is different when SecAuditLog ./audit.log.
>>
>>
>>The issue is with file_dirname(msr->mp, "audit.log")function. it returns "audit.log", where as
>>
>>file_dirname(msr->mp, "./audit.log" ) correctly returns "." as the directory.
>>
>>
>>Should not it return "." even on file_dirname(msr->mp, "audit.log") ?
>>
>>
>>Thanks
>>Partha
>>
>>
>>
>>
>>------------------------------------------------------------------------------
>>Live Security Virtual Conference
>>Exclusive live event will cover all the ways today's security and
>>threat landscape has changed and how IT managers can respond. Discussions
>>will include endpoint security, mobile security and the latest in malware
>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>_______________________________________________
>>mod-security-developers mailing list
>>mod...@li...
>>https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>>ModSecurity Services from Trustwave's SpiderLabs:
>>https://www.trustwave.com/spiderLabs.php
>>
>
>------------------------------------------------------------------------------
>Live Security Virtual Conference
>Exclusive live event will cover all the ways today's security and
>threat landscape has changed and how IT managers can respond. Discussions
>will include endpoint security, mobile security and the latest in malware
>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>_______________________________________________
>mod-security-developers mailing list
>mod...@li...
>https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>ModSecurity Services from Trustwave's SpiderLabs:
>https://www.trustwave.com/spiderLabs.php
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mod-security-developers mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php |
