2 files changed, 20 insertions, 7 deletions

diff --git a/www-apache/mod_security/files/79_mod_security.conf b/www-apache/mod_security/files/79_mod_security.conf
index bd88e88a9771..8c7e128571ed 100644
--- a/www-apache/mod_security/files/79_mod_security.conf
+++ b/www-apache/mod_security/files/79_mod_security.conf
@@ -1,11 +1,19 @@
 <IfDefine SECURITY>
   LoadModule security2_module modules/mod_security2.so
-  SecDataDir /var/lib/modsecurity
 
-  # Enable looking up geolocation data from MaxMind's GeoIP database
-  # SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
+  # These paths are Gentoo-specific, created by the ebuild.
+  SecDataDir /var/lib/modsecurity/data
+  SecTmpDir /var/lib/modsecurity/tmp
+  SecUploadDir /var/lib/modsecurity/upload
 
-  # Define here your http:BL API key if any
-  # see http://www.projecthoneypot.org/httpbl_api.php
-  #SecHttpBlKey xxxxxxxx
+  # A copy of upstream's modsecurity.conf-recommended is installed
+  # along with the documentation for mod_security. It contains many
+  # recommended settings that you should evaluate for your system.
+  # The full documentation for the available settings can be found
+  # in the mod_security reference manual, at
+  #
+  #   https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual
+  #
+  # and in particular in the "Configuration Directives" setting.
+  #
 </IfDefine>
diff --git a/www-apache/mod_security/mod_security-2.9.1.ebuild b/www-apache/mod_security/mod_security-2.9.1-r1.ebuild
index c444dd2ecf3c..6dc8bf354d1c 100644
--- a/www-apache/mod_security/mod_security-2.9.1.ebuild
+++ b/www-apache/mod_security/mod_security-2.9.1-r1.ebuild
@@ -90,7 +90,12 @@ src_install() {
 	# Bug 605496.
 	keepdir /var/lib/modsecurity
 	fowners apache:apache /var/lib/modsecurity
-	fperms 0770 /var/lib/modsecurity
+	fperms 0750 /var/lib/modsecurity
+	for dir in data tmp upload; do
+		keepdir "/var/lib/modsecurity/${dir}"
+		fowners apache:apache "/var/lib/modsecurity/${dir}"
+		fperms 0750 "/var/lib/modsecurity/${dir}"
+	done
 }
 
 pkg_postinst() {