diff options
author | Diego Elio Pettenò <flameeyes@gentoo.org> | 2010-09-24 13:01:25 +0000 |
---|---|---|
committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2010-09-24 13:01:25 +0000 |
commit | 4bab42219eca52045bc6846b1ce748f3e419d0e4 (patch) | |
tree | b819676cd2e0c61cadae5b6a59e5e5fc79af0cda /www-apache | |
parent | Keyworded for ~-linux and EPAI=3 (diff) | |
download | gentoo-2-4bab42219eca52045bc6846b1ce748f3e419d0e4.tar.gz gentoo-2-4bab42219eca52045bc6846b1ce748f3e419d0e4.tar.bz2 gentoo-2-4bab42219eca52045bc6846b1ce748f3e419d0e4.zip |
Add an ebuild for the ModSecurity Core Rule Set split out of mod_security itself.
(Portage version: 2.2_rc86/cvs/Linux x86_64)
Diffstat (limited to 'www-apache')
-rw-r--r-- | www-apache/modsecurity-crs/ChangeLog | 11 | ||||
-rw-r--r-- | www-apache/modsecurity-crs/metadata.xml | 19 | ||||
-rw-r--r-- | www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild | 61 |
3 files changed, 91 insertions, 0 deletions
diff --git a/www-apache/modsecurity-crs/ChangeLog b/www-apache/modsecurity-crs/ChangeLog new file mode 100644 index 000000000000..85d84ca437b9 --- /dev/null +++ b/www-apache/modsecurity-crs/ChangeLog @@ -0,0 +1,11 @@ +# ChangeLog for www-apache/modsecurity-crs +# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.1 2010/09/24 13:01:25 flameeyes Exp $ + +*modsecurity-crs-2.0.8 (24 Sep 2010) + + 24 Sep 2010; Diego E. Pettenò <flameeyes@gentoo.org> + +modsecurity-crs-2.0.8.ebuild, +metadata.xml: + Add an ebuild for the ModSecurity Core Rule Set split out of mod_security + itself. + diff --git a/www-apache/modsecurity-crs/metadata.xml b/www-apache/modsecurity-crs/metadata.xml new file mode 100644 index 000000000000..72bb6448ac19 --- /dev/null +++ b/www-apache/modsecurity-crs/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>apache</herd> + <maintainer> + <email>flameeyes@gentoo.org</email> + <name>Diego E. Pettenò</name> + </maintainer> + <use> + <flag name="vanilla"> + Provide the original ModSecurity Core Rule Set without + Gentoo-specific relaxation. When this flag is enabled, we + install the unadulterated Core Rule Set. Warning! The original + Core Rule Set is draconic and most likely will break your web + applications, including Rails-based web applications and + Bugzilla. + </flag> + </use> +</pkgmetadata> diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild new file mode 100644 index 000000000000..7692b88ee69c --- /dev/null +++ b/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild,v 1.1 2010/09/24 13:01:25 flameeyes Exp $ + +EAPI=2 + +DESCRIPTION="Core Rule Set for ModSecurity" +HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" +SRC_URI="mirror://sourceforge/mod-security/${PN}_${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64" +IUSE="vanilla" + +RDEPEND=">=www-apache/mod_security-2.5.12-r1" +DEPEND="" + +S="${WORKDIR}/${PN}_${PV}" + +RULESDIR=/etc/apache2/modules.d/mod_security + +src_install() { + insinto "${RULESDIR}" || die + doins *.conf base_rules/* || die + + insinto "${RULESDIR}"/optional_rules + doins optional_rules/* || die + + # These are not conditionals because they actually need to be + # moved for the rules to work — bug #329131 + mv "${D}${RULESDIR}"/modsecurity_{46_et_sql_injection,46_et_web_rules,42_comment_spam}.data \ + "${D}${RULESDIR}"/optional_rules || die + + if ! use vanilla; then + mv "${D}${RULESDIR}"/modsecurity_*{41_phpids,50_outbound}* \ + "${D}${RULESDIR}"/optional_rules || die + fi + + dodoc CHANGELOG README || die +} + +pkg_postinst() { + if ! use vanilla; then + elog "Please note that the Core Rule Set is quite draconic; to make it more usable," + elog "the Gentoo distribution disables a few rule set files, that are relevant for" + elog "PHP-only websites or that would make it kill a website that discussed of source code." + elog + elog "Furthermore we disable the 'HTTP Parameter Pollution' tests that disallow" + elog "multiple parameters with the same name, because that's common practice both" + elog "for Rails-based web-applications and Bugzilla." + else + elog "You decided to enable the original Core Rule Set from ModSecurity." + elog "Be warned that the original Core Rule Set is draconic and most likely will" + elog "render your web application unusable if you don't disable at leat some of" + elog "the rules." + fi + elog + elog "If you want to enable further rules, check the following directory:" + elog " ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules" +} |