Merge pull request #2373 from bastelfreak/2371

david22swan · web-flow · commit 9f6fd95e15ec · 2023-01-31T13:52:17.000Z
security{,_crs}.conf: switch to structured facts
diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb
@@ -10,6 +10,13 @@
       end
 
       case facts[:os]['family']
+      when 'Suse'
+        context 'on Suse based systems' do
+          it {
+            is_expected.to contain_file('security.conf')
+              .with_content(%r{^\s+SecTmpDir /var/lib/mod_security$})
+          }
+        end
       when 'RedHat'
         context 'on RedHat based systems' do
           it {
@@ -42,6 +49,7 @@
               .with_content(%r{^\s+SecAuditLogType Serial$})
               .with_content(%r{^\s+SecDebugLog /var/log/httpd/modsec_debug.log$})
               .with_content(%r{^\s+SecAuditLog /var/log/httpd/modsec_audit.log$})
+              .with_content(%r{^\s+SecTmpDir /var/lib/mod_security$})
           }
           it {
             is_expected.to contain_file('/etc/httpd/modsecurity.d').with(
@@ -211,6 +219,7 @@
               .with_content(%r{^\s+SecAuditLogType Serial$})
               .with_content(%r{^\s+SecDebugLog /var/log/apache2/modsec_debug.log$})
               .with_content(%r{^\s+SecAuditLog /var/log/apache2/modsec_audit.log$})
+              .with_content(%r{^\s+SecTmpDir /var/cache/modsecurity$})
           }
           it {
             is_expected.to contain_file('/etc/modsecurity').with(
diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb
@@ -54,13 +54,13 @@
     <%- end -%>
     SecArgumentSeparator &
     SecCookieFormat 0
-<%- if scope['os::family'] == 'Debian' -%>
+<%- if scope['facts']['os']['family'] == 'Debian' -%>
     SecDebugLog <%= @logroot %>/modsec_debug.log
     SecAuditLog <%= @logroot %>/modsec_audit.log
     SecTmpDir /var/cache/modsecurity
     SecDataDir /var/cache/modsecurity
     SecUploadDir /var/cache/modsecurity
-<%- elsif scope['os::family'] == 'Suse' -%>
+<%- elsif scope['facts']['os']['family'] == 'Suse' -%>
     SecDebugLog /var/log/apache2/modsec_debug.log
     SecAuditLog /var/log/apache2/modsec_audit.log
     SecTmpDir /var/lib/mod_security
diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb
@@ -1,4 +1,4 @@
-<% if scope['os::family'] == 'Redhat' and scope['os::release::major'].to_i <= 7 -%>
+<% if scope['facts']['os']['family'] == 'Redhat' and scope['facts']['os']['release']['major'].to_i <= 7 -%>
 # ---------------------------------------------------------------
 # Core ModSecurity Rule Set ver.2.2.9
 # Copyright (C) 2006-2012 Trustwave All rights reserved.

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<% if scope['os::family'] == 'Redhat' and scope['os::release::major'].to_i <= 7 -%>`
	`1`	`+<% if scope['facts']['os']['family'] == 'Redhat' and scope['facts']['os']['release']['major'].to_i <= 7 -%>`
`2`	`2`	`# ---------------------------------------------------------------`
`3`	`3`	`# Core ModSecurity Rule Set ver.2.2.9`
`4`	`4`	`# Copyright (C) 2006-2012 Trustwave All rights reserved.`