From 4bab42219eca52045bc6846b1ce748f3e419d0e4 Mon Sep 17 00:00:00 2001 From: Diego Elio Pettenò Date: Fri, 24 Sep 2010 13:01:25 +0000 Subject: Add an ebuild for the ModSecurity Core Rule Set split out of mod_security itself. (Portage version: 2.2_rc86/cvs/Linux x86_64) --- www-apache/modsecurity-crs/ChangeLog | 11 ++++ www-apache/modsecurity-crs/metadata.xml | 19 +++++++ .../modsecurity-crs/modsecurity-crs-2.0.8.ebuild | 61 ++++++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 www-apache/modsecurity-crs/ChangeLog create mode 100644 www-apache/modsecurity-crs/metadata.xml create mode 100644 www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild (limited to 'www-apache/modsecurity-crs') diff --git a/www-apache/modsecurity-crs/ChangeLog b/www-apache/modsecurity-crs/ChangeLog new file mode 100644 index 000000000000..85d84ca437b9 --- /dev/null +++ b/www-apache/modsecurity-crs/ChangeLog @@ -0,0 +1,11 @@ +# ChangeLog for www-apache/modsecurity-crs +# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.1 2010/09/24 13:01:25 flameeyes Exp $ + +*modsecurity-crs-2.0.8 (24 Sep 2010) + + 24 Sep 2010; Diego E. Pettenò + +modsecurity-crs-2.0.8.ebuild, +metadata.xml: + Add an ebuild for the ModSecurity Core Rule Set split out of mod_security + itself. + diff --git a/www-apache/modsecurity-crs/metadata.xml b/www-apache/modsecurity-crs/metadata.xml new file mode 100644 index 000000000000..72bb6448ac19 --- /dev/null +++ b/www-apache/modsecurity-crs/metadata.xml @@ -0,0 +1,19 @@ + + + + apache + + flameeyes@gentoo.org + Diego E. Pettenò + + + + Provide the original ModSecurity Core Rule Set without + Gentoo-specific relaxation. When this flag is enabled, we + install the unadulterated Core Rule Set. Warning! The original + Core Rule Set is draconic and most likely will break your web + applications, including Rails-based web applications and + Bugzilla. + + + diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild new file mode 100644 index 000000000000..7692b88ee69c --- /dev/null +++ b/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild,v 1.1 2010/09/24 13:01:25 flameeyes Exp $ + +EAPI=2 + +DESCRIPTION="Core Rule Set for ModSecurity" +HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" +SRC_URI="mirror://sourceforge/mod-security/${PN}_${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64" +IUSE="vanilla" + +RDEPEND=">=www-apache/mod_security-2.5.12-r1" +DEPEND="" + +S="${WORKDIR}/${PN}_${PV}" + +RULESDIR=/etc/apache2/modules.d/mod_security + +src_install() { + insinto "${RULESDIR}" || die + doins *.conf base_rules/* || die + + insinto "${RULESDIR}"/optional_rules + doins optional_rules/* || die + + # These are not conditionals because they actually need to be + # moved for the rules to work — bug #329131 + mv "${D}${RULESDIR}"/modsecurity_{46_et_sql_injection,46_et_web_rules,42_comment_spam}.data \ + "${D}${RULESDIR}"/optional_rules || die + + if ! use vanilla; then + mv "${D}${RULESDIR}"/modsecurity_*{41_phpids,50_outbound}* \ + "${D}${RULESDIR}"/optional_rules || die + fi + + dodoc CHANGELOG README || die +} + +pkg_postinst() { + if ! use vanilla; then + elog "Please note that the Core Rule Set is quite draconic; to make it more usable," + elog "the Gentoo distribution disables a few rule set files, that are relevant for" + elog "PHP-only websites or that would make it kill a website that discussed of source code." + elog + elog "Furthermore we disable the 'HTTP Parameter Pollution' tests that disallow" + elog "multiple parameters with the same name, because that's common practice both" + elog "for Rails-based web-applications and Bugzilla." + else + elog "You decided to enable the original Core Rule Set from ModSecurity." + elog "Be warned that the original Core Rule Set is draconic and most likely will" + elog "render your web application unusable if you don't disable at leat some of" + elog "the rules." + fi + elog + elog "If you want to enable further rules, check the following directory:" + elog " ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules" +} -- cgit v1.2.3-65-gdbad