summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChuck Short <zul@gentoo.org>2004-06-04 01:30:14 +0000
committerChuck Short <zul@gentoo.org>2004-06-04 01:30:14 +0000
commitfb6eec6c571fc65066c8bc97a5ffa0e582884458 (patch)
tree28733082b63f7901d6bd7357862de39e81e02464
parentDEPEND on wxGTK-2.4.2; closes #52769 (diff)
downloadgentoo-2-fb6eec6c571fc65066c8bc97a5ffa0e582884458.tar.gz
gentoo-2-fb6eec6c571fc65066c8bc97a5ffa0e582884458.tar.bz2
gentoo-2-fb6eec6c571fc65066c8bc97a5ffa0e582884458.zip
Initial version, closes #32190.
-rw-r--r--net-www/mod_security/ChangeLog11
-rw-r--r--net-www/mod_security/Manifest2
-rw-r--r--net-www/mod_security/files/99_mod_security.conf123
-rw-r--r--net-www/mod_security/files/digest-mod_security-1.7.61
-rw-r--r--net-www/mod_security/files/mod_security.conf113
-rw-r--r--net-www/mod_security/metadata.xml8
-rw-r--r--net-www/mod_security/mod_security-1.7.6.ebuild36
7 files changed, 294 insertions, 0 deletions
diff --git a/net-www/mod_security/ChangeLog b/net-www/mod_security/ChangeLog
new file mode 100644
index 000000000000..8875266c0889
--- /dev/null
+++ b/net-www/mod_security/ChangeLog
@@ -0,0 +1,11 @@
+# ChangeLog for net-www/mod_security
+# Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/ChangeLog,v 1.1 2004/06/04 01:30:14 zul Exp $
+
+*mod_security-1.7.6 (03 Jun 2004)
+
+ 03 Jun 2004; Chuck Short <zul@gentoo.org> metadata.xml, mod_security-1.7.6.ebuild,
+ files/99_mod_security.conf, files/mod_security.conf:
+ Initial version,e build written by dju` <dju @ elegiac.net>.
+ Closes #32190.
+
diff --git a/net-www/mod_security/Manifest b/net-www/mod_security/Manifest
new file mode 100644
index 000000000000..c62e473ac575
--- /dev/null
+++ b/net-www/mod_security/Manifest
@@ -0,0 +1,2 @@
+MD5 7fbf85aa71902b2efb900e4c8f58cca5 mod_security-1.7.6.ebuild 1211
+MD5 93b283b1aef242964a12edd89989d103 files/digest-mod_security-1.7.6 70
diff --git a/net-www/mod_security/files/99_mod_security.conf b/net-www/mod_security/files/99_mod_security.conf
new file mode 100644
index 000000000000..4b2cb1b36cc6
--- /dev/null
+++ b/net-www/mod_security/files/99_mod_security.conf
@@ -0,0 +1,123 @@
+<IfDefine SECURITY>
+ <IfModule !mod_security.c>
+ LoadModule security_module extramodules/mod_security.so
+ </IfModule>
+</IfDefine>
+
+# Examples below are taken from the online documentation
+# Refer to:
+# http://www.modsecurity.org/documentation/quick-examples.html
+
+<IfModule mod_security.c>
+
+ # Turn the filtering engine On or Off
+ SecFilterEngine On
+
+ # Make sure that URL encoding is valid
+ SecFilterCheckURLEncoding On
+
+ # Only allow bytes from this range
+ SecFilterForceByteRange 32 126
+
+ # The audit engine works independently and
+ # can be turned On of Off on the per-server or
+ # on the per-directory basis. "On" will log everything,
+ # "DynamicOrRelevant" will log dynamic requests or violations,
+ # and "RelevantOnly" will only log policy violations
+ SecAuditEngine RelevantOnly
+
+ # The name of the audit log file
+ SecAuditLog logs/audit_log
+
+ SecFilterDebugLog logs/modsec_debug_log
+ SecFilterDebugLevel 0
+
+ # Should mod_security inspect POST payloads
+ SecFilterScanPOST On
+
+ # Action to take by default
+ SecFilterDefaultAction "deny,log,status:500"
+
+ # Redirect user on filter match
+ SecFilter xxx redirect:http://www.webkreator.com
+
+ # Execute the external script on filter match
+ SecFilter yyy log,exec:/home/users/ivanr/apache/bin/report-attack.pl
+
+ # Simple filter
+ SecFilter 111
+
+ # Only check the QUERY_STRING variable
+ SecFilterSelective QUERY_STRING 222
+
+ # Only check the body of the POST request
+ SecFilterSelective POST_PAYLOAD 333
+
+ # Only check arguments (will work for GET and POST)
+ SecFilterSelective ARGS 444
+
+ # Test filter
+ SecFilter "/cgi-bin/modsec-test.pl/keyword"
+
+ # Another test filter, will be denied with 404 but not logged
+ # action supplied as a parameter overrides the default action
+ SecFilter 999 "deny,nolog,status:500"
+
+ # Prevent OS specific keywords
+ SecFilter /etc/passwd
+
+ # Prevent path traversal (..) attacks
+ SecFilter "\.\./"
+
+ # Weaker XSS protection but allows common HTML tags
+ SecFilter "<[[:space:]]*script"
+
+ # Prevent XSS atacks (HTML/Javascript injection)
+ SecFilter "<(.|\n)+>"
+
+ # Very crude filters to prevent SQL injection attacks
+ SecFilter "delete[[:space:]]+from"
+ SecFilter "insert[[:space:]]+into"
+ SecFilter "select.+from"
+
+ # Require HTTP_USER_AGENT and HTTP_HOST headers
+ SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
+
+ # Forbid file upload
+ SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
+
+ # Only watch argument p1
+ SecFilterSelective "ARG_p1" 555
+
+ # Watch all arguments except p1
+ SecFilterSelective "ARGS|!ARG_p2" 666
+
+ # Only allow our own test utility to send requests (or Mozilla)
+ SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
+
+ # Do not allow variables with this name
+ SecFilterSelective ARGS_NAMES 777
+
+ # Do now allow this variable value (names are ok)
+ SecFilterSelective ARGS_VALUES 888
+
+ # Test for a POST variable parsing bug, see test #41
+ SecFilterSelective ARG_p2 AAA
+
+ # Stop spamming through FormMail
+ # note the exclamation mark at the beginning
+ # of the filter - only requests that match this regex will
+ # be allowed
+ <Location /cgi-bin/FormMail>
+ SecFilterSelective "ARG_recipient" "!@webkreator.com$"
+ </Location>
+
+ # when allowing upload, only allow images
+ # note that this is not foolproof, a determined attacker
+ # could get around this
+ <Location /fileupload.php>
+ SecFilterInheritance Off
+ SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
+ </Location>
+
+</IfModule>
diff --git a/net-www/mod_security/files/digest-mod_security-1.7.6 b/net-www/mod_security/files/digest-mod_security-1.7.6
new file mode 100644
index 000000000000..0fa61fbcdf47
--- /dev/null
+++ b/net-www/mod_security/files/digest-mod_security-1.7.6
@@ -0,0 +1 @@
+MD5 2be3a3a4ac98a95580e5c01d2d5b3b88 mod_security-1.7.6.tar.gz 272864
diff --git a/net-www/mod_security/files/mod_security.conf b/net-www/mod_security/files/mod_security.conf
new file mode 100644
index 000000000000..186eaf58b46f
--- /dev/null
+++ b/net-www/mod_security/files/mod_security.conf
@@ -0,0 +1,113 @@
+<IfModule mod_security.c>
+
+ # Turn the filtering engine On or Off
+ SecFilterEngine On
+
+ # Make sure that URL encoding is valid
+ SecFilterCheckURLEncoding On
+
+ # Only allow bytes from this range
+ SecFilterForceByteRange 32 126
+
+ # The audit engine works independently and
+ # can be turned On of Off on the per-server or
+ # on the per-directory basis. "On" will log everything,
+ # "DynamicOrRelevant" will log dynamic requests or violations,
+ # and "RelevantOnly" will only log policy violations
+ SecAuditEngine RelevantOnly
+
+ # The name of the audit log file
+ SecAuditLog logs/audit_log
+
+ SecFilterDebugLog logs/modsec_debug_log
+ SecFilterDebugLevel 0
+
+ # Should mod_security inspect POST payloads
+ SecFilterScanPOST On
+
+ # Action to take by default
+ SecFilterDefaultAction "deny,log,status:500"
+
+ # Redirect user on filter match
+ SecFilter xxx redirect:http://www.webkreator.com
+
+ # Execute the external script on filter match
+ SecFilter yyy log,exec:/home/users/ivanr/apache/bin/report-attack.pl
+
+ # Simple filter
+ SecFilter 111
+
+ # Only check the QUERY_STRING variable
+ SecFilterSelective QUERY_STRING 222
+
+ # Only check the body of the POST request
+ SecFilterSelective POST_PAYLOAD 333
+
+ # Only check arguments (will work for GET and POST)
+ SecFilterSelective ARGS 444
+
+ # Test filter
+ SecFilter "/cgi-bin/modsec-test.pl/keyword"
+
+ # Another test filter, will be denied with 404 but not logged
+ # action supplied as a parameter overrides the default action
+ SecFilter 999 "deny,nolog,status:500"
+
+ # Prevent OS specific keywords
+ SecFilter /etc/passwd
+
+ # Prevent path traversal (..) attacks
+ SecFilter "\.\./"
+
+ # Weaker XSS protection but allows common HTML tags
+ SecFilter "<[[:space:]]*script"
+
+ # Prevent XSS atacks (HTML/Javascript injection)
+ SecFilter "<(.|\n)+>"
+
+ # Very crude filters to prevent SQL injection attacks
+ SecFilter "delete[[:space:]]+from"
+ SecFilter "insert[[:space:]]+into"
+ SecFilter "select.+from"
+
+ # Require HTTP_USER_AGENT and HTTP_HOST headers
+ SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
+
+ # Forbid file upload
+ SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data
+
+ # Only watch argument p1
+ SecFilterSelective "ARG_p1" 555
+
+ # Watch all arguments except p1
+ SecFilterSelective "ARGS|!ARG_p2" 666
+
+ # Only allow our own test utility to send requests (or Mozilla)
+ SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"
+
+ # Do not allow variables with this name
+ SecFilterSelective ARGS_NAMES 777
+
+ # Do now allow this variable value (names are ok)
+ SecFilterSelective ARGS_VALUES 888
+
+ # Test for a POST variable parsing bug, see test #41
+ SecFilterSelective ARG_p2 AAA
+
+ # Stop spamming through FormMail
+ # note the exclamation mark at the beginning
+ # of the filter - only requests that match this regex will
+ # be allowed
+ <Location /cgi-bin/FormMail>
+ SecFilterSelective "ARG_recipient" "!@webkreator.com$"
+ </Location>
+
+ # when allowing upload, only allow images
+ # note that this is not foolproof, a determined attacker
+ # could get around this
+ <Location /fileupload.php>
+ SecFilterInheritance Off
+ SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
+ </Location>
+
+</IfModule>
diff --git a/net-www/mod_security/metadata.xml b/net-www/mod_security/metadata.xml
new file mode 100644
index 000000000000..bcaabdbbd0d3
--- /dev/null
+++ b/net-www/mod_security/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>apache</herd>
+<longdescription>
+The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
+</longdescription>
+</pkgmetadata>
diff --git a/net-www/mod_security/mod_security-1.7.6.ebuild b/net-www/mod_security/mod_security-1.7.6.ebuild
new file mode 100644
index 000000000000..f8439a25c3bf
--- /dev/null
+++ b/net-www/mod_security/mod_security-1.7.6.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/mod_security-1.7.6.ebuild,v 1.1 2004/06/04 01:30:14 zul Exp $
+
+DESCRIPTION="Intrusion Detection System for apache"
+HOMEPAGE="http://www.modsecurity.org"
+SRC_URI="http://www.modsecurity.org/download/${P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86"
+IUSE="apache2 doc"
+DEPEND="apache2? ( =net-www/apache-2* )
+ !apache2? ( =net-www/apache-1* )"
+
+src_compile() {
+ use apache2 || apxs -S LIBEXECDIR=${S} -ci ${S}/apache1/mod_security.c
+ use apache2 && apxs2 -S LIBEXECDIR=${S} -ci ${S}/apache2/mod_security.c
+}
+
+src_install() {
+ use apache2 || exeinto /usr/lib/apache-extramodules/
+ use apache2 && exeinto /usr/lib/apache2-extramodules/
+ doexe ${S}/mod_security.so
+ dodoc CHANGES httpd.conf.example-full httpd.conf.example-minimal INSTALL LICENSE README
+ use doc && dodoc modsecurity-manual-1.7.4.pdf
+
+ if use apache2; then
+ einfo "Installing a Apache2 config for mod_security (99_mod_security.conf)"
+ insinto /etc/apache2/conf/modules.d
+ doins ${FILESDIR}/99_mod_security.conf
+ else
+ einfo "Installing a Apache config for mod_security (mod_security.conf)"
+ insinto /etc/apache/conf/addon-modules
+ doins ${FILESDIR}/mod_security.conf
+ fi
+}