Create directory for audit log

[hnakamur]

I would like to use this change to run tests for ModSecurity v2/v3 with ftw

• https://github.com/hnakamur/ModSecurity/tree/v2/e2e_tests_using_ftw
• https://github.com/hnakamur/ModSecurity/tree/v3/e2e_tests_using_ftw

[fzipi]

Hey @hnakamur ! Is there something specific you are fixing? Can you add something in the description?

[hnakamur]

@fzipi Thank you for your comment! I added an explanation to the description.

[fzipi]

Sorry for the delay. What I see in this diff, for example, is that you are still using the file modsec_audit.log.

Is that what you wanted, or still need the directory?

[hnakamur]

Thank you for taking a time to review my diffs.
What I want is creating the audit log file in the docker compose volume so that go-ftw can look at it.

The audit filename:

• /var/log/apache2/modsec_audit.log in https://github.com/hnakamur/ModSecurity/tree/v2/e2e_tests_using_ftw
• /var/log/modsecurity/audit/audit.log in https://github.com/hnakamur/ModSecurity/tree/v3/e2e_tests_using_ftw

[fzipi]

@hnakamur As we are not using those directories, maybe it makes sense for you to also add a VOLUME /var/log/modsecurity/audit directive in this PR?

[hnakamur]

I think we don't need to add a VOLUME /var/log/modsecurity/audit in Dockerfiles in this repository.
Users can add a volume as needed without modifying Dockerfiles in this repository just like I do in docker-compose.yml at #402 (comment)

The log directory is needed to be created in Dockerfiles in this repository. So I opened this pull request.

[theseion]

I don't think we need the audit directory. /var/log/modsecurity should be enough, then you can specify the file path as SecAuditLog /var/log/modsecurity/audit.log.

[hnakamur]

Currently the MODSEC_AUDIT_STORAGE_DIR environment variable is set to /var/log/modsecurity/audit/ in Dockerfiles, for example:

modsecurity-crs-docker/nginx/Dockerfile

Line 157 in 443b9e3

MODSEC_AUDIT_STORAGE_DIR=/var/log/modsecurity/audit/ \

Is it OK to change these to /var/log/modsecurity too?
If yes, I am fine to use /var/log/modsecurity as the log directory.

[theseion]

Ah, good catch @hnakamur! And the directory defined there must actually exist (if concurrent audit log were to be used, at least). So technically, creation of that directory is missing anyway.