write mod_sec logfiles per vhost

3 files changed, 46 insertions, 7 deletions

diff --git a/templates/vhosts/perl/CentOS.erb b/templates/vhosts/perl/CentOS.erb
index 2ecb2a4..580eb62 100644
--- a/templates/vhosts/perl/CentOS.erb
+++ b/templates/vhosts/perl/CentOS.erb
@@ -48,7 +48,13 @@
     <%- end -%>
 
     <IfModule mod_security2.c>
-        SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecFilterDebugLog <%= logdir %>/mod_security_debug.log
+        <%- else -%>
+        SecRuleEngine Off
+        <%- end -%>
     </IfModule>
 
     <%- unless additional_options.to_s == 'absent' then -%>
@@ -105,7 +111,13 @@
     <%- end -%>
 
     <IfModule mod_security2.c>
-        SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecFilterDebugLog <%= logdir %>/mod_security_debug.log
+        <%- else -%>
+        SecRuleEngine Off
+        <%- end -%>
     </IfModule>
 
     <%- unless additional_options.to_s == 'absent' then -%>
diff --git a/templates/vhosts/php/CentOS.erb b/templates/vhosts/php/CentOS.erb
index 30a6d72..1bca7e1 100644
--- a/templates/vhosts/php/CentOS.erb
+++ b/templates/vhosts/php/CentOS.erb
@@ -42,7 +42,13 @@
     <%- end -%>
 
     <IfModule mod_security2.c>
-        SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecFilterDebugLog <%= logdir %>/mod_security_debug.log
+        <%- else -%>
+        SecRuleEngine Off
+        <%- end -%>
     </IfModule>
 
     <%- unless additional_options.to_s == 'absent' then -%>
@@ -96,7 +102,13 @@
     </Directory>
 
     <IfModule mod_security2.c>
-        SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecFilterDebugLog <%= logdir %>/mod_security_debug.log
+        <%- else -%>
+        SecRuleEngine Off
+        <%- end -%>
     </IfModule>
 
     <%- unless additional_options.to_s == 'absent' then -%>
diff --git a/templates/vhosts/php_joomla/CentOS.erb b/templates/vhosts/php_joomla/CentOS.erb
index 33a714a..49addfd 100644
--- a/templates/vhosts/php_joomla/CentOS.erb
+++ b/templates/vhosts/php_joomla/CentOS.erb
@@ -52,9 +52,15 @@
     </Directory>
 
     <IfModule mod_security2.c>
-        SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %>
-	# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
-	SecRuleRemoveById "960010"
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecFilterDebugLog <%= logdir %>/mod_security_debug.log
+        # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+        SecRuleRemoveById "960010"
+        <%- else -%>
+        SecRuleEngine Off
+        <%- end -%>
     </IfModule>
 
     <%- unless additional_options.to_s == 'absent' then -%>
@@ -109,6 +115,15 @@
 
     <IfModule mod_security2.c>
         SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecFilterDebugLog <%= logdir %>/mod_security_debug.log
+        # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+        SecRuleRemoveById "960010"
+        <%- else -%>
+        SecRuleEngine Off
+        <%- end -%>
     </IfModule>
 
     <%- unless additional_options.to_s == 'absent' then -%>