1 |
flameeyes 10/12/31 13:03:26 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: modsecurity-crs-2.1.1.ebuild |
5 |
Log: |
6 |
Version bump, this version introduces experimental rules as well. |
7 |
|
8 |
(Portage version: 2.2.0_alpha10/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.6 www-apache/modsecurity-crs/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.6&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.6&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?r1=1.5&r2=1.6 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v |
20 |
retrieving revision 1.5 |
21 |
retrieving revision 1.6 |
22 |
diff -u -r1.5 -r1.6 |
23 |
--- ChangeLog 3 Dec 2010 01:34:34 -0000 1.5 |
24 |
+++ ChangeLog 31 Dec 2010 13:03:26 -0000 1.6 |
25 |
@@ -1,6 +1,12 @@ |
26 |
# ChangeLog for www-apache/modsecurity-crs |
27 |
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.5 2010/12/03 01:34:34 flameeyes Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.6 2010/12/31 13:03:26 flameeyes Exp $ |
30 |
+ |
31 |
+*modsecurity-crs-2.1.1 (31 Dec 2010) |
32 |
+ |
33 |
+ 31 Dec 2010; Diego E. Pettenò <flameeyes@g.o> |
34 |
+ +modsecurity-crs-2.1.1.ebuild: |
35 |
+ Version bump, this version introduces experimental rules as well. |
36 |
|
37 |
03 Dec 2010; Diego E. Pettenò <flameeyes@g.o> |
38 |
modsecurity-crs-2.0.10.ebuild: |
39 |
|
40 |
|
41 |
|
42 |
1.1 www-apache/modsecurity-crs/modsecurity-crs-2.1.1.ebuild |
43 |
|
44 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.1.1.ebuild?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.1.1.ebuild?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: modsecurity-crs-2.1.1.ebuild |
48 |
=================================================================== |
49 |
# Copyright 1999-2010 Gentoo Foundation |
50 |
# Distributed under the terms of the GNU General Public License v2 |
51 |
# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.1.1.ebuild,v 1.1 2010/12/31 13:03:26 flameeyes Exp $ |
52 |
|
53 |
EAPI=2 |
54 |
|
55 |
DESCRIPTION="Core Rule Set for ModSecurity" |
56 |
HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" |
57 |
SRC_URI="mirror://sourceforge/mod-security/${PN}_${PV}.tar.gz" |
58 |
|
59 |
LICENSE="GPL-2" |
60 |
SLOT="0" |
61 |
KEYWORDS="~amd64 ~sparc ~x86" |
62 |
IUSE="vanilla" |
63 |
|
64 |
RDEPEND=">=www-apache/mod_security-2.5.12-r1" |
65 |
DEPEND="" |
66 |
|
67 |
S="${WORKDIR}/${PN}_${PV}" |
68 |
|
69 |
RULESDIR=/etc/apache2/modules.d/mod_security |
70 |
|
71 |
src_install() { |
72 |
insinto "${RULESDIR}" || die |
73 |
doins base_rules/* || die |
74 |
|
75 |
# these are considered examples, but we install them anyway, and let |
76 |
# etc-update deal with them. |
77 |
for file in *.conf.example; do |
78 |
newins "${file}" "${file%.example}" || die "failed to install ${file}" |
79 |
done |
80 |
|
81 |
insinto "${RULESDIR}"/optional_rules |
82 |
doins optional_rules/* || die |
83 |
|
84 |
insinto "${RULESDIR}"/experimental_rules |
85 |
doins experimental_rules/* || die |
86 |
|
87 |
if ! use vanilla; then |
88 |
mv "${D}${RULESDIR}"/modsecurity_*50_outbound* \ |
89 |
"${D}${RULESDIR}"/optional_rules || die |
90 |
fi |
91 |
|
92 |
dodoc CHANGELOG README || die |
93 |
} |
94 |
|
95 |
pkg_postinst() { |
96 |
if ! use vanilla; then |
97 |
elog "Please note that the Core Rule Set is quite draconic; to make it more usable," |
98 |
elog "the Gentoo distribution disables a few rule set files, that are relevant for" |
99 |
elog "PHP-only websites or that would make it kill a website that discussed of source code." |
100 |
else |
101 |
elog "You decided to enable the original Core Rule Set from ModSecurity." |
102 |
elog "Be warned that the original Core Rule Set is draconic and most likely will" |
103 |
elog "render your web application unusable if you don't disable at leat some of" |
104 |
elog "the rules." |
105 |
fi |
106 |
elog |
107 |
elog "If you want to enable further rules, check the following directories:" |
108 |
elog " ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules" |
109 |
elog " ${APACHE_MODULES_CONFDIR}/mod_security/experimental_rules" |
110 |
elog "" |
111 |
elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" |
112 |
elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" |
113 |
elog "should change modsecurity_crs_10_config.conf so that you have these settings enabled:" |
114 |
elog "" |
115 |
elog " #SecDefaultAction \"phase:2,deny,log\"" |
116 |
elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" |
117 |
elog "" |
118 |
} |