feature: Allow to set the verbosity of the debug

JGodin-C2C · JGodin-C2C · commit 429dd0528b1d · 2024-04-30T09:17:52.000+02:00
Signed-off-by: Julien Godin &lt;julien.godin@camptocamp.com&gt;
diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp
@@ -23,6 +23,9 @@
 # @param modsec_secruleengine
 #   Configures the rules engine.
 # 
+# @param debug_log_level
+#   Configures the debug log level.
+#
 # @param audit_log_relevant_status
 #   Configures which response status code is to be considered relevant for the purpose of audit logging.
 # 
@@ -140,6 +143,7 @@
   Optional[Array[String]] $custom_rules_set                    = $apache::params::modsec_custom_rules_set,
   Stdlib::Absolutepath $modsec_dir                             = $apache::params::modsec_dir,
   String $modsec_secruleengine                                 = $apache::params::modsec_secruleengine,
+  Integer[0, 9] $debug_log_level                              = 0,
   String $audit_log_relevant_status                            = '^(?:5|4(?!04))',
   String $audit_log_parts                                      = $apache::params::modsec_audit_log_parts,
   String $audit_log_type                                       = $apache::params::modsec_audit_log_type,
@@ -257,6 +261,7 @@
     'audit_log_parts'             => $audit_log_parts,
     'audit_log_type'              => $audit_log_type,
     'audit_log_storage_dir'       => $audit_log_storage_dir,
+    'debug_log_level'             => $debug_log_level,
     'logroot'                     => $logroot,
   }
 
diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb
@@ -103,6 +103,7 @@
                 audit_log_parts: 'ABCDZ',
                 audit_log_type: 'Concurrent',
                 audit_log_storage_dir: '/var/log/httpd/audit',
+                debug_log_level: 3,
                 secdefaultaction: 'deny,status:406,nolog,auditlog',
                 secrequestbodyaccess: 'Off',
                 secresponsebodyaccess: 'On',
@@ -116,6 +117,7 @@
             it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogType Concurrent$} }
             it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogStorageDir /var/log/httpd/audit$} }
             it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecRequestBodyAccess Off$} }
+            it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecDebugLogLevel 3$} }
             it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecResponseBodyAccess On$} }
             it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecRequestBodyLimitAction ProcessPartial$} }
             it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecResponseBodyLimitAction Reject$} }
diff --git a/templates/mod/security.conf.epp b/templates/mod/security.conf.epp
@@ -44,7 +44,7 @@
     SecResponseBodyMimeType text/plain text/html text/xml
     SecResponseBodyLimit 524288
     SecResponseBodyLimitAction <%= $secresponsebodylimitaction %>
-    SecDebugLogLevel 0
+    SecDebugLogLevel <%= $debug_log_level %>
     SecAuditEngine RelevantOnly
     SecAuditLogRelevantStatus "<%= $audit_log_relevant_status %>"
     SecAuditLogParts <%= $audit_log_parts %>
