[gentoo-commits] gentoo-x86 commit in www-apache/modsecurity-crs: modsecurity-crs-2.2.6.ebuild ChangeLog - gentoo-commits

From:	"Diego Petteno (flameeyes)" <flameeyes@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in www-apache/modsecurity-crs: modsecurity-crs-2.2.6.ebuild ChangeLog
Date:	Fri, 28 Sep 2012 20:59:32
Message-Id:	`20120928205919.E441221505@flycatcher.gentoo.org`

1

flameeyes    12/09/28 20:59:19

2

3

  Modified:             ChangeLog

4

  Added:                modsecurity-crs-2.2.6.ebuild

5

  Log:

6

  Version bump.

7

8

  (Portage version: 2.2.0_alpha134/cvs/Linux x86_64)

9

10

Revision  Changes    Path

11

1.28                 www-apache/modsecurity-crs/ChangeLog

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.28&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.28&content-type=text/plain

15

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?r1=1.27&r2=1.28

16

17

Index: ChangeLog

18

===================================================================

19

RCS file: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v

20

retrieving revision 1.27

21

retrieving revision 1.28

22

diff -u -r1.27 -r1.28

23

--- ChangeLog	11 Sep 2012 22:21:13 -0000	1.27

24

+++ ChangeLog	28 Sep 2012 20:59:19 -0000	1.28

25

@@ -1,6 +1,12 @@

26

 # ChangeLog for www-apache/modsecurity-crs

27

 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2

28

-# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.27 2012/09/11 22:21:13 flameeyes Exp $

29

+# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.28 2012/09/28 20:59:19 flameeyes Exp $

30

+

31

+*modsecurity-crs-2.2.6 (28 Sep 2012)

32

+

33

+  28 Sep 2012; Diego E. Pettenò <flameeyes@g.o>

34

+  +modsecurity-crs-2.2.6.ebuild:

35

+  Version bump.

36

37

   11 Sep 2012; Diego E. Pettenò <flameeyes@g.o>

38

   -modsecurity-crs-2.1.2.ebuild, -modsecurity-crs-2.2.3.ebuild,

1.1                  www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild

43

44

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild?rev=1.1&view=markup

45

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild?rev=1.1&content-type=text/plain

46

47

Index: modsecurity-crs-2.2.6.ebuild

48

===================================================================

49

# Copyright 1999-2012 Gentoo Foundation

50

# Distributed under the terms of the GNU General Public License v2

51

# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild,v 1.1 2012/09/28 20:59:19 flameeyes Exp $

52

53

EAPI=4

54

55

GITHUB_USER=SpiderLabs

56

GITHUB_PROJECT=owasp-${PN}

57

58

DESCRIPTION="Core Rule Set for ModSecurity"

59

HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project"

60

SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/tarball/v${PV} -> ${P}.tar.gz"

61

62

LICENSE="Apache-2.0"

63

SLOT="0"

64

KEYWORDS="~amd64 ~ppc ~sparc ~x86"

65

IUSE="lua geoip"

66

67

RDEPEND=">=www-apache/mod_security-2.5.13-r1[lua?,geoip?]"

68

DEPEND=""

69

70

S="${WORKDIR}/${P}"

71

72

RULESDIR=/etc/modsecurity

73

LUADIR=/usr/share/${PN}/lua

74

75

src_unpack() {

76

	default

77

	mv "${WORKDIR}/${GITHUB_USER}-${GITHUB_PROJECT}-"* "${P}" || die

78

}

79

80

src_prepare() {

81

	if ! use lua; then

82

		# comment out this since it's in the same file as another one we want to keep

83

		sed -i -e "/id:'96000[456]'/s:^:#:" \

84

			experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

85

86

		# remove these that rely on the presence of the lua files

87

		rm \

88

			experimental_rules/modsecurity_crs_16_scanner_integration.conf \

89

			experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \

90

			experimental_rules/modsecurity_crs_41_advanced_filters.conf \

91

			experimental_rules/modsecurity_crs_55_response_profiling.conf \

92

			experimental_rules/modsecurity_crs_56_pvi_checks.conf \

93

			|| die

94

	else

95

		# fix up the path to the scripts; there seems to be no

96

		# consistency at all on how the rules are loaded.

97

		sed -i \

98

			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \

99

			-e "s:profile_page_scripts.lua:${LUADIR}/\0:" \

100

			-e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \

101

			-e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \

102

			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \

103

			-e "s:\.\./lua/:${LUADIR}/:" \

104

			*_rules/*.conf || die

105

106

		# fix up the shebang on the scripts

107

		sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \

108

			lua/*.lua || die

109

fi

110

111

	sed -i \

112

		-e '/SecGeoLookupDb/s:^:#:' \

113

		-e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \

114

		experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

115

116

	if ! use geoip; then

117

		if use lua; then

118

			# only comment this out as the file is going to be used for other things

119

			sed -i -e "/id:'960007'/,+1 s:^:#:" \

120

				experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

121

		else

122

			rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

123

fi

124

fi

125

}

126

127

src_install() {

128

	insinto "${RULESDIR}"

129

	doins -r base_rules optional_rules experimental_rules slr_rules

130

131

	insinto "${LUADIR}"

132

	doins lua/*.lua

133

134

	dodoc CHANGELOG README.md

135

136

(

137

		cat - <<EOF

138

<IfDefine SECURITY>

139

EOF

140

141

		cat modsecurity_crs_10_setup.conf.example

142

143

		cat - <<EOF

144

145

Include /etc/modsecurity/base_rules/*.conf

146

147

# Include Trustwave SpiderLabs Research Team rules

148

Include /etc/modsecurity/slr_rules/*.conf

149

150

# Optionally use the other rules as well

151

# Include /etc/modsecurity/optional_rules/*.conf

152

# Include /etc/modsecurity/experimental_rules/*.conf

153

</IfDefine>

154

155

# -*- apache -*-

156

# vim: ts=4 filetype=apache

157

158

EOF

159

	) > "${T}"/"80_${PN}.conf"

160

161

	insinto /etc/apache2/modules.d/

162

	doins "${T}"/"80_${PN}.conf"

163

}

164

165

pkg_postinst() {

166

	elog

167

	elog "If you want to enable further rules, check the following directories:"

168

	elog "	${RULESDIR}/optional_rules"

169

	elog "	${RULESDIR}/experimental_rules"

170

	elog ""

171

	elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"

172

	elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"

173

	elog "should change 80_${PN}.conf so that you have these settings enabled:"

174

	elog ""

175

	elog "    #SecDefaultAction \"phase:2,deny,log\""

176

	elog "    SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""

177

	elog ""

178

	elog "Starting from version 2.1.2 rules are installed, for consistency, under"

179

	elog "/etc/modsecurity, and can be configured with the following file:"

180

	elog "  /etc/apache2/modules.d/80_${PN}.conf"

181

	elog ""

182

}

1	flameeyes 12/09/28 20:59:19
2
3	Modified: ChangeLog
4	Added: modsecurity-crs-2.2.6.ebuild
5	Log:
6	Version bump.
7
8	(Portage version: 2.2.0_alpha134/cvs/Linux x86_64)
9
10	Revision Changes Path
11	1.28 www-apache/modsecurity-crs/ChangeLog
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.28&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.28&content-type=text/plain
15	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?r1=1.27&r2=1.28
16
17	Index: ChangeLog
18	===================================================================
19	RCS file: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v
20	retrieving revision 1.27
21	retrieving revision 1.28
22	diff -u -r1.27 -r1.28
23	--- ChangeLog 11 Sep 2012 22:21:13 -0000 1.27
24	+++ ChangeLog 28 Sep 2012 20:59:19 -0000 1.28
25	@@ -1,6 +1,12 @@
26	# ChangeLog for www-apache/modsecurity-crs
27	# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
28	-# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.27 2012/09/11 22:21:13 flameeyes Exp $
29	+# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.28 2012/09/28 20:59:19 flameeyes Exp $
30	+
31	+*modsecurity-crs-2.2.6 (28 Sep 2012)
32	+
33	+ 28 Sep 2012; Diego E. Pettenò <flameeyes@g.o>
34	+ +modsecurity-crs-2.2.6.ebuild:
35	+ Version bump.
36
37	11 Sep 2012; Diego E. Pettenò <flameeyes@g.o>
38	-modsecurity-crs-2.1.2.ebuild, -modsecurity-crs-2.2.3.ebuild,
39
40
41
42	1.1 www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild
43
44	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild?rev=1.1&view=markup
45	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild?rev=1.1&content-type=text/plain
46
47	Index: modsecurity-crs-2.2.6.ebuild
48	===================================================================
49	# Copyright 1999-2012 Gentoo Foundation
50	# Distributed under the terms of the GNU General Public License v2
51	# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild,v 1.1 2012/09/28 20:59:19 flameeyes Exp $
52
53	EAPI=4
54
55	GITHUB_USER=SpiderLabs
56	GITHUB_PROJECT=owasp-${PN}
57
58	DESCRIPTION="Core Rule Set for ModSecurity"
59	HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project"
60	SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/tarball/v${PV} -> ${P}.tar.gz"
61
62	LICENSE="Apache-2.0"
63	SLOT="0"
64	KEYWORDS="~amd64 ~ppc ~sparc ~x86"
65	IUSE="lua geoip"
66
67	RDEPEND=">=www-apache/mod_security-2.5.13-r1[lua?,geoip?]"
68	DEPEND=""
69
70	S="${WORKDIR}/${P}"
71
72	RULESDIR=/etc/modsecurity
73	LUADIR=/usr/share/${PN}/lua
74
75	src_unpack() {
76	default
77	mv "${WORKDIR}/${GITHUB_USER}-${GITHUB_PROJECT}-"* "${P}" \|\| die
78	}
79
80	src_prepare() {
81	if ! use lua; then
82	# comment out this since it's in the same file as another one we want to keep
83	sed -i -e "/id:'96000[456]'/s:^:#:" \
84	experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
85
86	# remove these that rely on the presence of the lua files
87	rm \
88	experimental_rules/modsecurity_crs_16_scanner_integration.conf \
89	experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \
90	experimental_rules/modsecurity_crs_41_advanced_filters.conf \
91	experimental_rules/modsecurity_crs_55_response_profiling.conf \
92	experimental_rules/modsecurity_crs_56_pvi_checks.conf \
93	\|\| die
94	else
95	# fix up the path to the scripts; there seems to be no
96	# consistency at all on how the rules are loaded.
97	sed -i \
98	-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
99	-e "s:profile_page_scripts.lua:${LUADIR}/\0:" \
100	-e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \
101	-e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \
102	-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
103	-e "s:\.\./lua/:${LUADIR}/:" \
104	_rules/.conf \|\| die
105
106	# fix up the shebang on the scripts
107	sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \
108	lua/*.lua \|\| die
109	fi
110
111	sed -i \
112	-e '/SecGeoLookupDb/s:^:#:' \
113	-e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \
114	experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
115
116	if ! use geoip; then
117	if use lua; then
118	# only comment this out as the file is going to be used for other things
119	sed -i -e "/id:'960007'/,+1 s:^:#:" \
120	experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
121	else
122	rm experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
123	fi
124	fi
125	}
126
127	src_install() {
128	insinto "${RULESDIR}"
129	doins -r base_rules optional_rules experimental_rules slr_rules
130
131	insinto "${LUADIR}"
132	doins lua/*.lua
133
134	dodoc CHANGELOG README.md
135
136	(
137	cat - <<EOF
138	<IfDefine SECURITY>
139	EOF
140
141	cat modsecurity_crs_10_setup.conf.example
142
143	cat - <<EOF
144
145	Include /etc/modsecurity/base_rules/*.conf
146
147	# Include Trustwave SpiderLabs Research Team rules
148	Include /etc/modsecurity/slr_rules/*.conf
149
150	# Optionally use the other rules as well
151	# Include /etc/modsecurity/optional_rules/*.conf
152	# Include /etc/modsecurity/experimental_rules/*.conf
153	</IfDefine>
154
155	# -- apache --
156	# vim: ts=4 filetype=apache
157
158	EOF
159	) > "${T}"/"80_${PN}.conf"
160
161	insinto /etc/apache2/modules.d/
162	doins "${T}"/"80_${PN}.conf"
163	}
164
165	pkg_postinst() {
166	elog
167	elog "If you want to enable further rules, check the following directories:"
168	elog " ${RULESDIR}/optional_rules"
169	elog " ${RULESDIR}/experimental_rules"
170	elog ""
171	elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"
172	elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"
173	elog "should change 80_${PN}.conf so that you have these settings enabled:"
174	elog ""
175	elog " #SecDefaultAction \"phase:2,deny,log\""
176	elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""
177	elog ""
178	elog "Starting from version 2.1.2 rules are installed, for consistency, under"
179	elog "/etc/modsecurity, and can be configured with the following file:"
180	elog " /etc/apache2/modules.d/80_${PN}.conf"
181	elog ""
182	}

Gentoo Archives: gentoo-commits