1 |
flameeyes 12/09/28 20:59:19 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: modsecurity-crs-2.2.6.ebuild |
5 |
Log: |
6 |
Version bump. |
7 |
|
8 |
(Portage version: 2.2.0_alpha134/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.28 www-apache/modsecurity-crs/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.28&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.28&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?r1=1.27&r2=1.28 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v |
20 |
retrieving revision 1.27 |
21 |
retrieving revision 1.28 |
22 |
diff -u -r1.27 -r1.28 |
23 |
--- ChangeLog 11 Sep 2012 22:21:13 -0000 1.27 |
24 |
+++ ChangeLog 28 Sep 2012 20:59:19 -0000 1.28 |
25 |
@@ -1,6 +1,12 @@ |
26 |
# ChangeLog for www-apache/modsecurity-crs |
27 |
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.27 2012/09/11 22:21:13 flameeyes Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.28 2012/09/28 20:59:19 flameeyes Exp $ |
30 |
+ |
31 |
+*modsecurity-crs-2.2.6 (28 Sep 2012) |
32 |
+ |
33 |
+ 28 Sep 2012; Diego E. Pettenò <flameeyes@g.o> |
34 |
+ +modsecurity-crs-2.2.6.ebuild: |
35 |
+ Version bump. |
36 |
|
37 |
11 Sep 2012; Diego E. Pettenò <flameeyes@g.o> |
38 |
-modsecurity-crs-2.1.2.ebuild, -modsecurity-crs-2.2.3.ebuild, |
39 |
|
40 |
|
41 |
|
42 |
1.1 www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild |
43 |
|
44 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: modsecurity-crs-2.2.6.ebuild |
48 |
=================================================================== |
49 |
# Copyright 1999-2012 Gentoo Foundation |
50 |
# Distributed under the terms of the GNU General Public License v2 |
51 |
# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6.ebuild,v 1.1 2012/09/28 20:59:19 flameeyes Exp $ |
52 |
|
53 |
EAPI=4 |
54 |
|
55 |
GITHUB_USER=SpiderLabs |
56 |
GITHUB_PROJECT=owasp-${PN} |
57 |
|
58 |
DESCRIPTION="Core Rule Set for ModSecurity" |
59 |
HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" |
60 |
SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/tarball/v${PV} -> ${P}.tar.gz" |
61 |
|
62 |
LICENSE="Apache-2.0" |
63 |
SLOT="0" |
64 |
KEYWORDS="~amd64 ~ppc ~sparc ~x86" |
65 |
IUSE="lua geoip" |
66 |
|
67 |
RDEPEND=">=www-apache/mod_security-2.5.13-r1[lua?,geoip?]" |
68 |
DEPEND="" |
69 |
|
70 |
S="${WORKDIR}/${P}" |
71 |
|
72 |
RULESDIR=/etc/modsecurity |
73 |
LUADIR=/usr/share/${PN}/lua |
74 |
|
75 |
src_unpack() { |
76 |
default |
77 |
mv "${WORKDIR}/${GITHUB_USER}-${GITHUB_PROJECT}-"* "${P}" || die |
78 |
} |
79 |
|
80 |
src_prepare() { |
81 |
if ! use lua; then |
82 |
# comment out this since it's in the same file as another one we want to keep |
83 |
sed -i -e "/id:'96000[456]'/s:^:#:" \ |
84 |
experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
85 |
|
86 |
# remove these that rely on the presence of the lua files |
87 |
rm \ |
88 |
experimental_rules/modsecurity_crs_16_scanner_integration.conf \ |
89 |
experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \ |
90 |
experimental_rules/modsecurity_crs_41_advanced_filters.conf \ |
91 |
experimental_rules/modsecurity_crs_55_response_profiling.conf \ |
92 |
experimental_rules/modsecurity_crs_56_pvi_checks.conf \ |
93 |
|| die |
94 |
else |
95 |
# fix up the path to the scripts; there seems to be no |
96 |
# consistency at all on how the rules are loaded. |
97 |
sed -i \ |
98 |
-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ |
99 |
-e "s:profile_page_scripts.lua:${LUADIR}/\0:" \ |
100 |
-e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \ |
101 |
-e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \ |
102 |
-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ |
103 |
-e "s:\.\./lua/:${LUADIR}/:" \ |
104 |
*_rules/*.conf || die |
105 |
|
106 |
# fix up the shebang on the scripts |
107 |
sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \ |
108 |
lua/*.lua || die |
109 |
fi |
110 |
|
111 |
sed -i \ |
112 |
-e '/SecGeoLookupDb/s:^:#:' \ |
113 |
-e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \ |
114 |
experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
115 |
|
116 |
if ! use geoip; then |
117 |
if use lua; then |
118 |
# only comment this out as the file is going to be used for other things |
119 |
sed -i -e "/id:'960007'/,+1 s:^:#:" \ |
120 |
experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
121 |
else |
122 |
rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
123 |
fi |
124 |
fi |
125 |
} |
126 |
|
127 |
src_install() { |
128 |
insinto "${RULESDIR}" |
129 |
doins -r base_rules optional_rules experimental_rules slr_rules |
130 |
|
131 |
insinto "${LUADIR}" |
132 |
doins lua/*.lua |
133 |
|
134 |
dodoc CHANGELOG README.md |
135 |
|
136 |
( |
137 |
cat - <<EOF |
138 |
<IfDefine SECURITY> |
139 |
EOF |
140 |
|
141 |
cat modsecurity_crs_10_setup.conf.example |
142 |
|
143 |
cat - <<EOF |
144 |
|
145 |
Include /etc/modsecurity/base_rules/*.conf |
146 |
|
147 |
# Include Trustwave SpiderLabs Research Team rules |
148 |
Include /etc/modsecurity/slr_rules/*.conf |
149 |
|
150 |
# Optionally use the other rules as well |
151 |
# Include /etc/modsecurity/optional_rules/*.conf |
152 |
# Include /etc/modsecurity/experimental_rules/*.conf |
153 |
</IfDefine> |
154 |
|
155 |
# -*- apache -*- |
156 |
# vim: ts=4 filetype=apache |
157 |
|
158 |
EOF |
159 |
) > "${T}"/"80_${PN}.conf" |
160 |
|
161 |
insinto /etc/apache2/modules.d/ |
162 |
doins "${T}"/"80_${PN}.conf" |
163 |
} |
164 |
|
165 |
pkg_postinst() { |
166 |
elog |
167 |
elog "If you want to enable further rules, check the following directories:" |
168 |
elog " ${RULESDIR}/optional_rules" |
169 |
elog " ${RULESDIR}/experimental_rules" |
170 |
elog "" |
171 |
elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" |
172 |
elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" |
173 |
elog "should change 80_${PN}.conf so that you have these settings enabled:" |
174 |
elog "" |
175 |
elog " #SecDefaultAction \"phase:2,deny,log\"" |
176 |
elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" |
177 |
elog "" |
178 |
elog "Starting from version 2.1.2 rules are installed, for consistency, under" |
179 |
elog "/etc/modsecurity, and can be configured with the following file:" |
180 |
elog " /etc/apache2/modules.d/80_${PN}.conf" |
181 |
elog "" |
182 |
} |