1 |
commit: 2dacb30d5bbd42e21c274419aedf3b8eeba2baac |
2 |
Author: Pacho Ramos <pacho <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Oct 31 18:32:05 2018 +0000 |
4 |
Commit: Pacho Ramos <pacho <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Oct 31 18:34:01 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dacb30d |
7 |
|
8 |
www-apache/modsecurity-crs: Drop old |
9 |
|
10 |
Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org> |
11 |
Package-Manager: Portage-2.3.51, Repoman-2.3.11 |
12 |
|
13 |
www-apache/modsecurity-crs/Manifest | 2 - |
14 |
.../modsecurity-crs/files/80_mod_security-crs.conf | 8 -- |
15 |
.../modsecurity-crs/modsecurity-crs-2.2.7.ebuild | 134 -------------------- |
16 |
.../modsecurity-crs/modsecurity-crs-2.2.9.ebuild | 138 --------------------- |
17 |
4 files changed, 282 deletions(-) |
18 |
|
19 |
diff --git a/www-apache/modsecurity-crs/Manifest b/www-apache/modsecurity-crs/Manifest |
20 |
index da8c80c1e06..0b221bc9969 100644 |
21 |
--- a/www-apache/modsecurity-crs/Manifest |
22 |
+++ b/www-apache/modsecurity-crs/Manifest |
23 |
@@ -1,3 +1 @@ |
24 |
-DIST modsecurity-crs-2.2.7.tar.gz 294137 BLAKE2B 399c72d5c52f2914e8f92c813b6ac346bbd2858d34b61ff4845dbbc7671ff7ffa906b43e2d8e3283a5f30b2fec59395b81239c121c953d51d736b009bc86f4bb SHA512 d0d3dac1b391c8ab730cc16546c9508d93c85dd674b2750d12fff99c17e5575b36bea0cf00e06fdd20c2db5dfdbdc3fd7bbaa26502988617632acfde1ee88927 |
25 |
-DIST modsecurity-crs-2.2.9.tar.gz 279898 BLAKE2B 75e9c5c9fb0fdf3957b17926b923d1d26b44677fc30556bf58d0b44d73918f7f65052714a7c67c53fc312f81a28422025303674f934f085929e8f4b9ea9fc063 SHA512 fc95cfff9d4ba9a4478c704e5d16e4054e514eb3ffb6343706840aad76607f997b4cc4b8b148adc5cb83743ea7996328d35b8556115de29d6a0e034b67591a09 |
26 |
DIST modsecurity-crs-3.0.2.tar.gz 156751 BLAKE2B 111a330b6081d476899be321e15d74379b3c3db23f429a4a4ef1900c87e4b29229638acf3bb367745446ef97ccba4679db91b0d84bae93f2c127bbb6e8031851 SHA512 ae8fe9a0f00a57708c8680cb76882214e4f5ff647e13087aaf1bfc7382cefb38d2f3a88eb1f210031b553f56d3e44c12dbdc68f8b0d09fb4a9e2f15a70d885aa |
27 |
|
28 |
diff --git a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf b/www-apache/modsecurity-crs/files/80_mod_security-crs.conf |
29 |
deleted file mode 100644 |
30 |
index c6b767a3cf2..00000000000 |
31 |
--- a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf |
32 |
+++ /dev/null |
33 |
@@ -1,8 +0,0 @@ |
34 |
-<IfDefine SECURITY> |
35 |
- # Add your custom CRS configuration here. A copy of upstream's |
36 |
- # crs-setup.conf.example is includes with the documentation of |
37 |
- # modsecurity-crs. |
38 |
- |
39 |
- # Include the rules AFTER your custom configuration. |
40 |
- Include /usr/share/modsecurity-crs/rules/*.conf |
41 |
-</IfDefine> |
42 |
|
43 |
diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild |
44 |
deleted file mode 100644 |
45 |
index c96ed6be896..00000000000 |
46 |
--- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild |
47 |
+++ /dev/null |
48 |
@@ -1,134 +0,0 @@ |
49 |
-# Copyright 1999-2018 Gentoo Foundation |
50 |
-# Distributed under the terms of the GNU General Public License v2 |
51 |
- |
52 |
-EAPI=5 |
53 |
- |
54 |
-GITHUB_USER=SpiderLabs |
55 |
-GITHUB_PROJECT=owasp-${PN} |
56 |
- |
57 |
-DESCRIPTION="Core Rule Set for ModSecurity" |
58 |
-HOMEPAGE=" |
59 |
- https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project |
60 |
- https://modsecurity.org/crs/ |
61 |
- https://coreruleset.org/" |
62 |
-SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz" |
63 |
- |
64 |
-LICENSE="Apache-2.0" |
65 |
-SLOT="0" |
66 |
-KEYWORDS="amd64 ppc sparc x86" |
67 |
-IUSE="lua geoip" |
68 |
- |
69 |
-RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]" |
70 |
-DEPEND="" |
71 |
- |
72 |
-S="${WORKDIR}/${GITHUB_PROJECT}-${PV}" |
73 |
- |
74 |
-RULESDIR=/etc/modsecurity |
75 |
-LUADIR=/usr/share/${PN}/lua |
76 |
- |
77 |
-src_prepare() { |
78 |
- if ! use lua; then |
79 |
- # comment out this since it's in the same file as another one we want to keep |
80 |
- sed -i -e "/id:'96000[456]'/s:^:#:" \ |
81 |
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
82 |
- |
83 |
- # remove these that rely on the presence of the lua files |
84 |
- rm \ |
85 |
- experimental_rules/modsecurity_crs_16_scanner_integration.conf \ |
86 |
- experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \ |
87 |
- experimental_rules/modsecurity_crs_41_advanced_filters.conf \ |
88 |
- experimental_rules/modsecurity_crs_55_response_profiling.conf \ |
89 |
- experimental_rules/modsecurity_crs_56_pvi_checks.conf \ |
90 |
- || die |
91 |
- else |
92 |
- # fix up the path to the scripts; there seems to be no |
93 |
- # consistency at all on how the rules are loaded. |
94 |
- sed -i \ |
95 |
- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ |
96 |
- -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \ |
97 |
- -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \ |
98 |
- -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \ |
99 |
- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ |
100 |
- -e "s:\.\./lua/:${LUADIR}/:" \ |
101 |
- *_rules/*.conf || die |
102 |
- |
103 |
- # fix up the shebang on the scripts |
104 |
- sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \ |
105 |
- lua/*.lua || die |
106 |
- fi |
107 |
- |
108 |
- sed -i \ |
109 |
- -e '/SecGeoLookupDb/s:^:#:' \ |
110 |
- -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \ |
111 |
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
112 |
- |
113 |
- if ! use geoip; then |
114 |
- if use lua; then |
115 |
- # only comment this out as the file is going to be used for other things |
116 |
- sed -i -e "/id:'960007'/,+1 s:^:#:" \ |
117 |
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
118 |
- else |
119 |
- rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
120 |
- fi |
121 |
- fi |
122 |
-} |
123 |
- |
124 |
-src_install() { |
125 |
- insinto "${RULESDIR}" |
126 |
- # slr_rules as of 2.2.6 have broken IDs that don't work with |
127 |
- # ModSecurity 2.7, but the rules require 2.7 to begin with. |
128 |
- doins -r base_rules optional_rules experimental_rules #slr_rules |
129 |
- |
130 |
- insinto "${LUADIR}" |
131 |
- doins lua/*.lua |
132 |
- |
133 |
- dodoc CHANGELOG README.md |
134 |
- |
135 |
- ( |
136 |
- cat - <<EOF |
137 |
-<IfDefine SECURITY> |
138 |
-EOF |
139 |
- |
140 |
- cat modsecurity_crs_10_setup.conf.example |
141 |
- |
142 |
- cat - <<EOF |
143 |
- |
144 |
-Include /etc/modsecurity/base_rules/*.conf |
145 |
- |
146 |
-# Include Trustwave SpiderLabs Research Team rules |
147 |
-# Include /etc/modsecurity/slr_rules/*.conf |
148 |
-# Not installed yet as of 2.2.6 |
149 |
- |
150 |
-# Optionally use the other rules as well |
151 |
-# Include /etc/modsecurity/optional_rules/*.conf |
152 |
-# Include /etc/modsecurity/experimental_rules/*.conf |
153 |
-</IfDefine> |
154 |
- |
155 |
-# -*- apache -*- |
156 |
-# vim: ts=4 filetype=apache |
157 |
- |
158 |
-EOF |
159 |
- ) > "${T}"/"80_${PN}.conf" |
160 |
- |
161 |
- insinto /etc/apache2/modules.d/ |
162 |
- doins "${T}"/"80_${PN}.conf" |
163 |
-} |
164 |
- |
165 |
-pkg_postinst() { |
166 |
- elog |
167 |
- elog "If you want to enable further rules, check the following directories:" |
168 |
- elog " ${RULESDIR}/optional_rules" |
169 |
- elog " ${RULESDIR}/experimental_rules" |
170 |
- elog "" |
171 |
- elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" |
172 |
- elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" |
173 |
- elog "should change 80_${PN}.conf so that you have these settings enabled:" |
174 |
- elog "" |
175 |
- elog " #SecDefaultAction \"phase:2,deny,log\"" |
176 |
- elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" |
177 |
- elog "" |
178 |
- elog "Starting from version 2.1.2 rules are installed, for consistency, under" |
179 |
- elog "/etc/modsecurity, and can be configured with the following file:" |
180 |
- elog " /etc/apache2/modules.d/80_${PN}.conf" |
181 |
- elog "" |
182 |
-} |
183 |
|
184 |
diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild |
185 |
deleted file mode 100644 |
186 |
index 57f9f9b0391..00000000000 |
187 |
--- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild |
188 |
+++ /dev/null |
189 |
@@ -1,138 +0,0 @@ |
190 |
-# Copyright 1999-2018 Gentoo Foundation |
191 |
-# Distributed under the terms of the GNU General Public License v2 |
192 |
- |
193 |
-EAPI=6 |
194 |
- |
195 |
-GITHUB_USER=SpiderLabs |
196 |
-GITHUB_PROJECT=owasp-${PN} |
197 |
- |
198 |
-DESCRIPTION="Core Rule Set for ModSecurity" |
199 |
-HOMEPAGE=" |
200 |
- https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project |
201 |
- https://modsecurity.org/crs/ |
202 |
- https://coreruleset.org/" |
203 |
-SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz" |
204 |
- |
205 |
-LICENSE="Apache-2.0" |
206 |
-SLOT="0" |
207 |
-KEYWORDS="~amd64 ~ppc ~sparc ~x86" |
208 |
-IUSE="lua geoip" |
209 |
- |
210 |
-RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]" |
211 |
-DEPEND="" |
212 |
- |
213 |
-S="${WORKDIR}/${GITHUB_PROJECT}-${PV}" |
214 |
- |
215 |
-RULESDIR=/etc/modsecurity |
216 |
-LUADIR=/usr/share/${PN}/lua |
217 |
- |
218 |
-src_prepare() { |
219 |
- if ! use lua; then |
220 |
- # comment out this since it's in the same file as another one we want to keep |
221 |
- sed -i -e "/id:'900036'/s:^:#:" \ |
222 |
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
223 |
- |
224 |
- # remove these that rely on the presence of the lua files |
225 |
- rm \ |
226 |
- experimental_rules/modsecurity_crs_16_scanner_integration.conf \ |
227 |
- experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf \ |
228 |
- experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \ |
229 |
- experimental_rules/modsecurity_crs_48_bayes_analysis.conf \ |
230 |
- experimental_rules/modsecurity_crs_55_response_profiling.conf \ |
231 |
- experimental_rules/modsecurity_crs_56_pvi_checks.conf \ |
232 |
- || die |
233 |
- else |
234 |
- # fix up the path to the scripts; there seems to be no |
235 |
- # consistency at all on how the rules are loaded. |
236 |
- sed -i \ |
237 |
- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ |
238 |
- -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \ |
239 |
- -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \ |
240 |
- -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \ |
241 |
- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ |
242 |
- -e "s:\.\./lua/:${LUADIR}/:" \ |
243 |
- *_rules/*.conf || die |
244 |
- |
245 |
- # fix up the shebang on the scripts |
246 |
- sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \ |
247 |
- lua/*.lua || die |
248 |
- fi |
249 |
- |
250 |
- sed -i \ |
251 |
- -e '/SecGeoLookupDb/s:^:#:' \ |
252 |
- -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \ |
253 |
- experimental_rules/modsecurity_crs_61_ip_forensics.conf \ |
254 |
- experimental_rules/modsecurity_crs_11_proxy_abuse.conf || die |
255 |
- |
256 |
- if ! use geoip; then |
257 |
- rm experimental_rules/modsecurity_crs_11_proxy_abuse.conf |
258 |
- |
259 |
- if use lua; then |
260 |
- # only comment this out as the file is going to be used for other things |
261 |
- sed -i -e "/id:'900039'/,+1 s:^:#:" \ |
262 |
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
263 |
- else |
264 |
- rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die |
265 |
- fi |
266 |
- fi |
267 |
- |
268 |
- eapply_user |
269 |
-} |
270 |
- |
271 |
-src_install() { |
272 |
- insinto "${RULESDIR}" |
273 |
- doins -r base_rules optional_rules experimental_rules slr_rules |
274 |
- |
275 |
- insinto "${LUADIR}" |
276 |
- doins lua/*.lua |
277 |
- |
278 |
- dodoc CHANGES README.md |
279 |
- |
280 |
- ( |
281 |
- cat - <<EOF |
282 |
-<IfDefine SECURITY> |
283 |
-EOF |
284 |
- |
285 |
- cat modsecurity_crs_10_setup.conf.example |
286 |
- |
287 |
- cat - <<EOF |
288 |
- |
289 |
-Include /etc/modsecurity/base_rules/*.conf |
290 |
- |
291 |
-# Include Trustwave SpiderLabs Research Team rules |
292 |
-# Include /etc/modsecurity/slr_rules/*.conf |
293 |
-# Not installed yet as of 2.2.6 |
294 |
- |
295 |
-# Optionally use the other rules as well |
296 |
-# Include /etc/modsecurity/optional_rules/*.conf |
297 |
-# Include /etc/modsecurity/experimental_rules/*.conf |
298 |
-</IfDefine> |
299 |
- |
300 |
-# -*- apache -*- |
301 |
-# vim: ts=4 filetype=apache |
302 |
- |
303 |
-EOF |
304 |
- ) > "${T}"/"80_${PN}.conf" |
305 |
- |
306 |
- insinto /etc/apache2/modules.d/ |
307 |
- doins "${T}"/"80_${PN}.conf" |
308 |
-} |
309 |
- |
310 |
-pkg_postinst() { |
311 |
- elog |
312 |
- elog "If you want to enable further rules, check the following directories:" |
313 |
- elog " ${RULESDIR}/optional_rules" |
314 |
- elog " ${RULESDIR}/experimental_rules" |
315 |
- elog "" |
316 |
- elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" |
317 |
- elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" |
318 |
- elog "should change 80_${PN}.conf so that you have these settings enabled:" |
319 |
- elog "" |
320 |
- elog " #SecDefaultAction \"phase:2,deny,log\"" |
321 |
- elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" |
322 |
- elog "" |
323 |
- elog "Starting from version 2.1.2 rules are installed, for consistency, under" |
324 |
- elog "/etc/modsecurity, and can be configured with the following file:" |
325 |
- elog " /etc/apache2/modules.d/80_${PN}.conf" |
326 |
- elog "" |
327 |
-} |