%define auditwriter audit-writer
%define module_name webguard
%define logdir %_logdir/%module_name
%define home %_libdir/%module_name/
%define user webguard
%def_without audit_writer
%set_verify_elf_method none
Name: webguard
Version: 1.10
Release: alt10.M70C.1
Summary: Web-guard system core
License: non-exclusive
Group: Security/Networking
Packager: Lenar Shakirov <snejok@altlinux.org>
BuildRequires: libpq, libmemcached, libjson-glib-devel, libmemcached-devel, libfcgi, glib2-devel, libcurl-devel
Requires: libpq, memcached, libmemcached, glib2, libjson-glib, glibc-core, glibc-pthread, libfcgi, libcurl, libpcre3, logrotate, libldap
Source0: %name-%version.tar
Source1: acl_loader.init
Source4: wg_fcgi.init
Source5: wg_fcgi.logrotate
Source6: acl_loader.logrotate
Source7: wg_dbinfo_loader.logrotate
Source8: acl_loader.service
Source9: acl_loader_oneshot.service
Source10: wg_fcgi.service
%if_with audit_writer
Source2: %auditwriter-%version.tar.gz
Source3: audit_writer_agentd.init
%endif
Conflicts: webguard-debug
ExclusiveArch: x86_64 %ix86
%ifarch x86_64
%define dir_arch 64bit
%endif
%ifarch %ix86
%define dir_arch 32bit
%endif
%description
The product is a software data protection designed to protect against unauthorized access to the Web-server queuing system. The product is responsible for the authentication and authorization of users, and makes registration of user activity in the system (audit), filtering HTTP-user requests.
Web-guard system is designed for external differentiation of user rights in the application due to:
* restricting access the WEB resources for WEB-applications.
%package devel
Summary: WebGard development header files
Group: Security/Networking
Requires: webguard == 1.10
%description devel
The webguard-devel package contains the header files needed to compile applications which will directly interact with a WebGard system. You need to install this package if you want to develop applications which will interact with a WebGard system.
%prep
%setup
%install
install -d %buildroot%_bindir
cp -r %dir_arch%_bindir/* %buildroot%_bindir
install -d %buildroot%_libdir
cp -r %dir_arch%_libdir/* %buildroot%_libdir
install -d %buildroot%_sysconfdir/%name
cp -r conf/* %buildroot%_sysconfdir/%name
install -pD -m755 %SOURCE1 %buildroot%_initdir/acl_loader
install -pD -m755 %SOURCE4 %buildroot%_initdir/wg_fcgi
install -pD -m644 %SOURCE8 %buildroot%systemd_unitdir/acl_loader.service
install -pD -m644 %SOURCE9 %buildroot%systemd_unitdir/acl_loader_oneshot.service
install -pD -m644 %SOURCE10 %buildroot%systemd_unitdir/wg_fcgi.service
install -p -d -m755 %buildroot%logdir
install -pD -m644 %SOURCE5 %buildroot%_sysconfdir/logrotate.d/wg_fcgi
install -pD -m644 %SOURCE6 %buildroot%_sysconfdir/logrotate.d/acl_loader
install -pD -m644 %SOURCE7 %buildroot%_sysconfdir/logrotate.d/wg_dbinfo_loader
%if_with audit_writer
tar xvzf %SOURCE2
install -p -d -m755 %buildroot%_datadir/%name/%auditwriter
cp -r %auditwriter-%version/%dir_arch/* %buildroot%_datadir/%name/%auditwriter
install -pD -m755 %SOURCE3 %buildroot%_initdir/audit_writer_agentd
%endif
install -d %buildroot%_includedir
cp -r %dir_arch%_includedir/* %buildroot%_includedir
%post
%post_service acl_loader
%post_service wg_fcgi
%if_with audit_writer
%post_service audit_writer_agentd
%endif
%pre
if [ $1 == 1 ]; then
%_sbindir/useradd -c "Webguard user" -s /bin/false -r -d %home %user 2>/dev/null || :
fi
echo "NOTE: before using WebGard please make sure service memcached is running. If it is not, start it with the following command:"
echo "systemctl start memcached"
echo "NOTE: before using WebGard please start acl_loader and wg_fcgi with the following commands:"
echo "systemctl start acl_loader"
echo "systemctl start wg_fcgi"
%if_with audit_writer
echo "and " %auditwriter ":"
echo "service audit_writer_agentd start"
%endif
%preun
%preun_service acl_loader
%preun_service wg_fcgi
%if_with audit_writer
%preun_service audit_writer_agentd
%endif
%files
#%doc LICENSE CHANGES README DOC
#log dir
%dir %logdir
# init files
%_initrddir/acl_loader
%_initrddir/wg_fcgi
# unit files
%systemd_unitdir/acl_loader.service
%systemd_unitdir/acl_loader_oneshot.service
%systemd_unitdir/wg_fcgi.service
# executable files
%_bindir/acl_loader
%_bindir/wg_fcgi
%_bindir/wg_dbinfo_loader
%_bindir/wg_memcdump
# shared libraries
%_libdir/%name/
# configuration files
%config(noreplace) %_sysconfdir/%name/
# logrotate files
%config(noreplace) %_sysconfdir/logrotate.d/wg_fcgi
%config(noreplace) %_sysconfdir/logrotate.d/acl_loader
%config(noreplace) %_sysconfdir/logrotate.d/wg_dbinfo_loader
# audit-writer
%if_with audit_writer
%_initrddir/audit_writer_agentd
%attr(2755,root,root) %_datadir/%name/%auditwriter/bin/auditWriter
%ifarch x86_64
%attr(2755,root,root) %_datadir/%name/%auditwriter/bin/wrapper-linux-x86-64
%endif
%ifarch %ix86
%attr(2755,root,root) %_datadir/%name/%auditwriter/bin/wrapper-linux-x86-32
%endif
%_datadir/%name/
%endif
%files devel
%_includedir/libwebguard-audit/
%_includedir/libwebguard-cachewriter/
%_includedir/libwebguard-urlauth/
%_includedir/libwebguard-fcgisrv/
%_includedir/libwebguard-utils/
%_includedir/libwebguard-dbplugin/
%_includedir/libwebguard-sqlauth/
%_pkgconfigdir/%name.pc
%changelog
* Fri Sep 28 2018 Ilfat Aminov <aminov@altlinux.org> 1.10-alt10.M70C.1
- Fix: crash of webguard when several active rules have the same url
- Fix: access rights of wg_fcgi and acl_loader unit files
- Fix: create webguard user
- Update to version 1.10-alt10
* Fri Sep 14 2018 Ilfat Aminov <aminov@altlinux.org> 1.10-alt8.M70C.2
- Added systemd unit files for wg_fcgi and acl_loader
* Fri Feb 09 2018 Lenar Shakirov <snejok@altlinux.ru> 1.10-alt8.M70C.1
- Backport to C7
* Tue Feb 6 2018 Lenar Shakirov <snejok@altlinux.org> 1.10-alt9
- added filtering SQL-queries.
- added wg_fcgi and wg_dbinfo_loader services.
* Fri Oct 17 2014 Lenar Shakirov <snejok@altlinux.org> 1.9-alt1
- added webguard.pc file
* Wed Jul 23 2014 Lenar Shakirov <snejok@altlinux.org> 1.9-alt1
- removed filtering SQL-queries.
- added acl_loader and audit-writer services.
- added devel-package.
* Thu Dec 12 2013 Lenar Shakirov <snejok@altlinux.org> 1.3-alt1
- initial build for ALT Linux Sisyphus