diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /www-apache/modsecurity-crs | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'www-apache/modsecurity-crs')
-rw-r--r-- | www-apache/modsecurity-crs/Manifest | 2 | ||||
-rw-r--r-- | www-apache/modsecurity-crs/metadata.xml | 11 | ||||
-rw-r--r-- | www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild | 137 | ||||
-rw-r--r-- | www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild | 132 |
4 files changed, 282 insertions, 0 deletions
diff --git a/www-apache/modsecurity-crs/Manifest b/www-apache/modsecurity-crs/Manifest new file mode 100644 index 000000000000..c3cd8410c6a6 --- /dev/null +++ b/www-apache/modsecurity-crs/Manifest @@ -0,0 +1,2 @@ +DIST modsecurity-crs-2.2.6.tar.gz 291070 SHA256 1c837fc7ace28f732b5034c90a17635e31fe3c9a45425c079fd1fd6bae01b790 SHA512 0e6c2735814dd24ba2329bc756e382b0430937a703d492b2ac00f95af6598903961b43013e99cd49240fe6b7a5439a7b1b3e79c3b7a48828465252dafd586165 WHIRLPOOL d8c85f8e6db07ecbc5a9a680e843f485d87294c71ceeb84aa83e562441ea78db477f9850431ded67371fbe455438fb89fedb5d3070e524abebe53b3c9a039f72 +DIST modsecurity-crs-2.2.7.tar.gz 294137 SHA256 54bc74815d6e6c3b476aec673a48e3ce08ee82b76bfe941408efab757aa8a0f7 SHA512 d0d3dac1b391c8ab730cc16546c9508d93c85dd674b2750d12fff99c17e5575b36bea0cf00e06fdd20c2db5dfdbdc3fd7bbaa26502988617632acfde1ee88927 WHIRLPOOL fc72bdbd5c79dffa0b2c65893cb8cdab0708705ce48ca3d49115339a5b4ff8cbe7cc42bcb49abd966243a2e48cb2af290ea125c6de4b185eb8b1c20e7eb66057 diff --git a/www-apache/modsecurity-crs/metadata.xml b/www-apache/modsecurity-crs/metadata.xml new file mode 100644 index 000000000000..e00e0a6a260b --- /dev/null +++ b/www-apache/modsecurity-crs/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>flameeyes@gentoo.org</email> + <name>Diego E. Pettenò</name> + </maintainer> + <upstream> + <remote-id type="github">SpiderLabs/owasp-modsecurity-crs</remote-id> + </upstream> +</pkgmetadata> diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild new file mode 100644 index 000000000000..e4b076aff6a2 --- /dev/null +++ b/www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +GITHUB_USER=SpiderLabs +GITHUB_PROJECT=owasp-${PN} + +DESCRIPTION="Core Rule Set for ModSecurity" +HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" +SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/tarball/v${PV} -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="amd64 ppc sparc x86" +IUSE="lua geoip" + +RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]" +DEPEND="" + +S="${WORKDIR}/${P}" + +RULESDIR=/etc/modsecurity +LUADIR=/usr/share/${PN}/lua + +src_unpack() { + default + mv "${WORKDIR}/${GITHUB_USER}-${GITHUB_PROJECT}-"* "${P}" || die +} + +src_prepare() { + if ! use lua; then + # comment out this since it's in the same file as another one we want to keep + sed -i -e "/id:'96000[456]'/s:^:#:" \ + experimental_rules/modsecurity_crs_61_ip_forensics.conf || die + + # remove these that rely on the presence of the lua files + rm \ + experimental_rules/modsecurity_crs_16_scanner_integration.conf \ + experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \ + experimental_rules/modsecurity_crs_41_advanced_filters.conf \ + experimental_rules/modsecurity_crs_55_response_profiling.conf \ + experimental_rules/modsecurity_crs_56_pvi_checks.conf \ + || die + else + # fix up the path to the scripts; there seems to be no + # consistency at all on how the rules are loaded. + sed -i \ + -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ + -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \ + -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \ + -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \ + -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ + -e "s:\.\./lua/:${LUADIR}/:" \ + *_rules/*.conf || die + + # fix up the shebang on the scripts + sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \ + lua/*.lua || die + fi + + sed -i \ + -e '/SecGeoLookupDb/s:^:#:' \ + -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \ + experimental_rules/modsecurity_crs_61_ip_forensics.conf || die + + if ! use geoip; then + if use lua; then + # only comment this out as the file is going to be used for other things + sed -i -e "/id:'960007'/,+1 s:^:#:" \ + experimental_rules/modsecurity_crs_61_ip_forensics.conf || die + else + rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die + fi + fi +} + +src_install() { + insinto "${RULESDIR}" + # slr_rules as of 2.2.6 have broken IDs that don't work with + # ModSecurity 2.7, but the rules require 2.7 to begin with. + doins -r base_rules optional_rules experimental_rules #slr_rules + + insinto "${LUADIR}" + doins lua/*.lua + + dodoc CHANGELOG README.md + + ( + cat - <<EOF +<IfDefine SECURITY> +EOF + + cat modsecurity_crs_10_setup.conf.example + + cat - <<EOF + +Include /etc/modsecurity/base_rules/*.conf + +# Include Trustwave SpiderLabs Research Team rules +# Include /etc/modsecurity/slr_rules/*.conf +# Not installed yet as of 2.2.6 + +# Optionally use the other rules as well +# Include /etc/modsecurity/optional_rules/*.conf +# Include /etc/modsecurity/experimental_rules/*.conf +</IfDefine> + +# -*- apache -*- +# vim: ts=4 filetype=apache + +EOF + ) > "${T}"/"80_${PN}.conf" + + insinto /etc/apache2/modules.d/ + doins "${T}"/"80_${PN}.conf" +} + +pkg_postinst() { + elog + elog "If you want to enable further rules, check the following directories:" + elog " ${RULESDIR}/optional_rules" + elog " ${RULESDIR}/experimental_rules" + elog "" + elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" + elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" + elog "should change 80_${PN}.conf so that you have these settings enabled:" + elog "" + elog " #SecDefaultAction \"phase:2,deny,log\"" + elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" + elog "" + elog "Starting from version 2.1.2 rules are installed, for consistency, under" + elog "/etc/modsecurity, and can be configured with the following file:" + elog " /etc/apache2/modules.d/80_${PN}.conf" + elog "" +} diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild new file mode 100644 index 000000000000..28d3e2c3b312 --- /dev/null +++ b/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild @@ -0,0 +1,132 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +GITHUB_USER=SpiderLabs +GITHUB_PROJECT=owasp-${PN} + +DESCRIPTION="Core Rule Set for ModSecurity" +HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" +SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="amd64 ppc sparc x86" +IUSE="lua geoip" + +RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]" +DEPEND="" + +S="${WORKDIR}/${GITHUB_PROJECT}-${PV}" + +RULESDIR=/etc/modsecurity +LUADIR=/usr/share/${PN}/lua + +src_prepare() { + if ! use lua; then + # comment out this since it's in the same file as another one we want to keep + sed -i -e "/id:'96000[456]'/s:^:#:" \ + experimental_rules/modsecurity_crs_61_ip_forensics.conf || die + + # remove these that rely on the presence of the lua files + rm \ + experimental_rules/modsecurity_crs_16_scanner_integration.conf \ + experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \ + experimental_rules/modsecurity_crs_41_advanced_filters.conf \ + experimental_rules/modsecurity_crs_55_response_profiling.conf \ + experimental_rules/modsecurity_crs_56_pvi_checks.conf \ + || die + else + # fix up the path to the scripts; there seems to be no + # consistency at all on how the rules are loaded. + sed -i \ + -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ + -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \ + -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \ + -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \ + -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ + -e "s:\.\./lua/:${LUADIR}/:" \ + *_rules/*.conf || die + + # fix up the shebang on the scripts + sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \ + lua/*.lua || die + fi + + sed -i \ + -e '/SecGeoLookupDb/s:^:#:' \ + -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \ + experimental_rules/modsecurity_crs_61_ip_forensics.conf || die + + if ! use geoip; then + if use lua; then + # only comment this out as the file is going to be used for other things + sed -i -e "/id:'960007'/,+1 s:^:#:" \ + experimental_rules/modsecurity_crs_61_ip_forensics.conf || die + else + rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die + fi + fi +} + +src_install() { + insinto "${RULESDIR}" + # slr_rules as of 2.2.6 have broken IDs that don't work with + # ModSecurity 2.7, but the rules require 2.7 to begin with. + doins -r base_rules optional_rules experimental_rules #slr_rules + + insinto "${LUADIR}" + doins lua/*.lua + + dodoc CHANGELOG README.md + + ( + cat - <<EOF +<IfDefine SECURITY> +EOF + + cat modsecurity_crs_10_setup.conf.example + + cat - <<EOF + +Include /etc/modsecurity/base_rules/*.conf + +# Include Trustwave SpiderLabs Research Team rules +# Include /etc/modsecurity/slr_rules/*.conf +# Not installed yet as of 2.2.6 + +# Optionally use the other rules as well +# Include /etc/modsecurity/optional_rules/*.conf +# Include /etc/modsecurity/experimental_rules/*.conf +</IfDefine> + +# -*- apache -*- +# vim: ts=4 filetype=apache + +EOF + ) > "${T}"/"80_${PN}.conf" + + insinto /etc/apache2/modules.d/ + doins "${T}"/"80_${PN}.conf" +} + +pkg_postinst() { + elog + elog "If you want to enable further rules, check the following directories:" + elog " ${RULESDIR}/optional_rules" + elog " ${RULESDIR}/experimental_rules" + elog "" + elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" + elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" + elog "should change 80_${PN}.conf so that you have these settings enabled:" + elog "" + elog " #SecDefaultAction \"phase:2,deny,log\"" + elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" + elog "" + elog "Starting from version 2.1.2 rules are installed, for consistency, under" + elog "/etc/modsecurity, and can be configured with the following file:" + elog " /etc/apache2/modules.d/80_${PN}.conf" + elog "" +} |