Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding ModSecurity parameter for audit log format. #2583

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Adding ModSecurity parameter for audit log format. #2583

wants to merge 3 commits into from
+20 −0

Conversation

Tamerz
Copy link
Contributor

@Tamerz Tamerz commented Nov 28, 2024

Summary

Adds a parameter to set the audit log format to JSON

https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#user-content-SecAuditLogFormat

Additional Context

Since as of the current version of ModSecurity, this can only have two values Native and JSON, and Native is default, I decided only add the line if someone specifically sets the value to JSON. This means it shouldn't touch any existing config, especially on versions where this parameter may not exist.

Checklist

  • 🟢 Spec tests.
  • 🟢 Acceptance tests.
  • Manually verified. (For example puppet apply)

@Tamerz Tamerz requested review from bastelfreak, ekohl, smortex and a team as code owners November 28, 2024 10:44
smortex
smortex reviewed Dec 5, 2024
View reviewed changes
Copy link
Collaborator

@smortex smortex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but see inline comment for some doc improvements. Thank!

manifests/params.pp
@@ -36,6 +36,7 @@

$modsec_audit_log_parts = 'ABIJDEFHZ'
$modsec_audit_log_type = 'Serial'
$modsec_audit_log_format = 'Native'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't put the default value in params.pp

manifests/mod/security.pp
@@ -143,6 +146,7 @@
String $audit_log_relevant_status = '^(?:5|4(?!04))',
String $audit_log_parts = $apache::params::modsec_audit_log_parts,
String $audit_log_type = $apache::params::modsec_audit_log_type,
Enum['Native', 'JSON'] $audit_log_format = $apache::params::modsec_audit_log_format,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put the default value here instead.

That way, the default value is correctly documented in the generated documentation.

manifests/mod/security.pp
@@ -32,6 +32,9 @@
#
# @param audit_log_type
# Defines the type of audit logging mechanism to be used.
#
# @param audit_log_format
# Defines what format the logs should be written in. Accepts `Native` and `JSON`.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to list accepted values, as the documentation include the data type (and the default value).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smortex smortex smortex left review comments

@bastelfreak bastelfreak Awaiting requested review from bastelfreak bastelfreak is a code owner

@ekohl ekohl Awaiting requested review from ekohl ekohl is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Tamerz @smortex