Allow configuring mod_security's SecAuditLogParts

README.md

@@ -71,6 +71,8 @@
 [Apache modules]: https://httpd.apache.org/docs/current/mod/
 [array]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_array.html
 
+[audit log]: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#audit-log
+
 [beaker-rspec]: https://github.com/puppetlabs/beaker-rspec
 
 [certificate revocation list]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile
@@ -1706,6 +1708,7 @@ ${modsec\_dir}/activated\_rules.
 - `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'.
 - `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500'
 - `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500'
+- `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ'
 
 ##### Class: `apache::mod::wsgi`
 

manifests/mod/security.pp

@@ -3,6 +3,7 @@
   $activated_rules       = $::apache::params::modsec_default_rules,
   $modsec_dir            = $::apache::params::modsec_dir,
   $modsec_secruleengine  = $::apache::params::modsec_secruleengine,
+  $audit_log_parts       = $::apache::params::modsec_audit_log_parts,
   $secpcrematchlimit = $::apache::params::secpcrematchlimit,
   $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion,
   $allowed_methods       = 'GET HEAD POST OPTIONS',
@@ -35,6 +36,7 @@
 
   # Template uses:
   # - $modsec_dir
+  # - $audit_log_parts
   # - secpcrematchlimit
   # - secpcrematchlimitrecursion
   file { 'security.conf':

manifests/params.pp

@@ -47,6 +47,8 @@
 
   $vhost_include_pattern = '*'
 
+  $modsec_audit_log_parts = 'ABIJDEFHZ'
+
   if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' {
     $verify_command = '/usr/sbin/apache2ctl -t'
   } else {

spec/classes/mod/security_spec.rb

@@ -27,6 +27,7 @@
     it { should contain_file('security.conf').with(
       :path => '/etc/httpd/conf.modules.d/security.conf'
     ) }
+    it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} }
     it { should contain_file('/etc/httpd/modsecurity.d').with(
       :ensure => 'directory',
       :path => '/etc/httpd/modsecurity.d',
@@ -43,6 +44,14 @@
       :path => '/etc/httpd/modsecurity.d/security_crs.conf'
     ) }
     it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') }
+
+    describe 'with parameters' do
+      let :params do
+        { :audit_log_parts => "ABCDZ"
+        }
+      end
+      it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} }
+    end
   end
 
   context "on Debian based systems" do
@@ -71,6 +80,7 @@
     it { should contain_file('security.conf').with(
       :path => '/etc/apache2/mods-available/security.conf'
     ) }
+    it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} }
     it { should contain_file('/etc/modsecurity').with(
       :ensure => 'directory',
       :path => '/etc/modsecurity',
@@ -87,6 +97,14 @@
       :path => '/etc/modsecurity/security_crs.conf'
     ) }
     it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') }
+
+    describe 'with parameters' do
+      let :params do
+        { :audit_log_parts => "ACEZ"
+        }
+      end
+      it { should contain_file('security.conf').with_content  %r{^\s+SecAuditLogParts ACEZ$} }
+    end
   end
 
 end

templates/mod/security.conf.erb

@@ -50,7 +50,7 @@
     SecDebugLogLevel 0
     SecAuditEngine RelevantOnly
     SecAuditLogRelevantStatus "^(?:5|4(?!04))"
-    SecAuditLogParts ABIJDEFHZ
+    SecAuditLogParts <%= @audit_log_parts %>
     SecAuditLogType Serial
     SecArgumentSeparator &
     SecCookieFormat 0