[gentoo-commits] repo/gentoo:master commit in: www-apache/modsecurity-crs/, www-apache/modsecurity-crs/files/ - gentoo-commits

From:	Pacho Ramos <pacho@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: www-apache/modsecurity-crs/, www-apache/modsecurity-crs/files/
Date:	Wed, 31 Oct 2018 18:34:19
Message-Id:	`1541010841.2dacb30d5bbd42e21c274419aedf3b8eeba2baac.pacho@gentoo`

1

commit:     2dacb30d5bbd42e21c274419aedf3b8eeba2baac

2

Author:     Pacho Ramos <pacho <AT> gentoo <DOT> org>

3

AuthorDate: Wed Oct 31 18:32:05 2018 +0000

4

Commit:     Pacho Ramos <pacho <AT> gentoo <DOT> org>

5

CommitDate: Wed Oct 31 18:34:01 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dacb30d

7

8

www-apache/modsecurity-crs: Drop old

9

10

Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org>

11

Package-Manager: Portage-2.3.51, Repoman-2.3.11

12

13

 www-apache/modsecurity-crs/Manifest                |   2 -

14

 .../modsecurity-crs/files/80_mod_security-crs.conf |   8 --

15

 .../modsecurity-crs/modsecurity-crs-2.2.7.ebuild   | 134 --------------------

16

 .../modsecurity-crs/modsecurity-crs-2.2.9.ebuild   | 138 ---------------------

17

 4 files changed, 282 deletions(-)

18

19

diff --git a/www-apache/modsecurity-crs/Manifest b/www-apache/modsecurity-crs/Manifest

20

index da8c80c1e06..0b221bc9969 100644

21

--- a/www-apache/modsecurity-crs/Manifest

22

+++ b/www-apache/modsecurity-crs/Manifest

23

@@ -1,3 +1 @@

24

-DIST modsecurity-crs-2.2.7.tar.gz 294137 BLAKE2B 399c72d5c52f2914e8f92c813b6ac346bbd2858d34b61ff4845dbbc7671ff7ffa906b43e2d8e3283a5f30b2fec59395b81239c121c953d51d736b009bc86f4bb SHA512 d0d3dac1b391c8ab730cc16546c9508d93c85dd674b2750d12fff99c17e5575b36bea0cf00e06fdd20c2db5dfdbdc3fd7bbaa26502988617632acfde1ee88927

25

-DIST modsecurity-crs-2.2.9.tar.gz 279898 BLAKE2B 75e9c5c9fb0fdf3957b17926b923d1d26b44677fc30556bf58d0b44d73918f7f65052714a7c67c53fc312f81a28422025303674f934f085929e8f4b9ea9fc063 SHA512 fc95cfff9d4ba9a4478c704e5d16e4054e514eb3ffb6343706840aad76607f997b4cc4b8b148adc5cb83743ea7996328d35b8556115de29d6a0e034b67591a09

26

 DIST modsecurity-crs-3.0.2.tar.gz 156751 BLAKE2B 111a330b6081d476899be321e15d74379b3c3db23f429a4a4ef1900c87e4b29229638acf3bb367745446ef97ccba4679db91b0d84bae93f2c127bbb6e8031851 SHA512 ae8fe9a0f00a57708c8680cb76882214e4f5ff647e13087aaf1bfc7382cefb38d2f3a88eb1f210031b553f56d3e44c12dbdc68f8b0d09fb4a9e2f15a70d885aa

27

28

diff --git a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf b/www-apache/modsecurity-crs/files/80_mod_security-crs.conf

29

deleted file mode 100644

30

index c6b767a3cf2..00000000000

31

--- a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf

32

+++ /dev/null

33

@@ -1,8 +0,0 @@

34

-<IfDefine SECURITY>

35

-  # Add your custom CRS configuration here. A copy of upstream's

36

-  # crs-setup.conf.example is includes with the documentation of

37

-  # modsecurity-crs.

38

-

39

-  # Include the rules AFTER your custom configuration.

40

-  Include /usr/share/modsecurity-crs/rules/*.conf

41

-</IfDefine>

42

43

diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild

44

deleted file mode 100644

45

index c96ed6be896..00000000000

46

--- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild

47

+++ /dev/null

48

@@ -1,134 +0,0 @@

49

-# Copyright 1999-2018 Gentoo Foundation

50

-# Distributed under the terms of the GNU General Public License v2

51

-

52

-EAPI=5

53

-

54

-GITHUB_USER=SpiderLabs

55

-GITHUB_PROJECT=owasp-${PN}

56

-

57

-DESCRIPTION="Core Rule Set for ModSecurity"

58

-HOMEPAGE="

59

-	https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

60

-	https://modsecurity.org/crs/

61

-	https://coreruleset.org/"

62

-SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz"

63

-

64

-LICENSE="Apache-2.0"

65

-SLOT="0"

66

-KEYWORDS="amd64 ppc sparc x86"

67

-IUSE="lua geoip"

68

-

69

-RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]"

70

-DEPEND=""

71

-

72

-S="${WORKDIR}/${GITHUB_PROJECT}-${PV}"

73

-

74

-RULESDIR=/etc/modsecurity

75

-LUADIR=/usr/share/${PN}/lua

76

-

77

-src_prepare() {

78

-	if ! use lua; then

79

-		# comment out this since it's in the same file as another one we want to keep

80

-		sed -i -e "/id:'96000[456]'/s:^:#:" \

81

-			experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

82

-

83

-		# remove these that rely on the presence of the lua files

84

-		rm \

85

-			experimental_rules/modsecurity_crs_16_scanner_integration.conf \

86

-			experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \

87

-			experimental_rules/modsecurity_crs_41_advanced_filters.conf \

88

-			experimental_rules/modsecurity_crs_55_response_profiling.conf \

89

-			experimental_rules/modsecurity_crs_56_pvi_checks.conf \

90

-			|| die

91

-	else

92

-		# fix up the path to the scripts; there seems to be no

93

-		# consistency at all on how the rules are loaded.

94

-		sed -i \

95

-			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \

96

-			-e "s:profile_page_scripts.lua:${LUADIR}/\0:" \

97

-			-e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \

98

-			-e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \

99

-			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \

100

-			-e "s:\.\./lua/:${LUADIR}/:" \

101

-			*_rules/*.conf || die

102

-

103

-		# fix up the shebang on the scripts

104

-		sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \

105

-			lua/*.lua || die

106

-	fi

107

-

108

-	sed -i \

109

-		-e '/SecGeoLookupDb/s:^:#:' \

110

-		-e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \

111

-		experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

112

-

113

-	if ! use geoip; then

114

-		if use lua; then

115

-			# only comment this out as the file is going to be used for other things

116

-			sed -i -e "/id:'960007'/,+1 s:^:#:" \

117

-				experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

118

-		else

119

-			rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

120

-		fi

121

-	fi

122

-}

123

-

124

-src_install() {

125

-	insinto "${RULESDIR}"

126

-	# slr_rules as of 2.2.6 have broken IDs that don't work with

127

-	# ModSecurity 2.7, but the rules require 2.7 to begin with.

128

-	doins -r base_rules optional_rules experimental_rules #slr_rules

129

-

130

-	insinto "${LUADIR}"

131

-	doins lua/*.lua

132

-

133

-	dodoc CHANGELOG README.md

134

-

135

-	(

136

-		cat - <<EOF

137

-<IfDefine SECURITY>

138

-EOF

139

-

140

-		cat modsecurity_crs_10_setup.conf.example

141

-

142

-		cat - <<EOF

143

-

144

-Include /etc/modsecurity/base_rules/*.conf

145

-

146

-# Include Trustwave SpiderLabs Research Team rules

147

-# Include /etc/modsecurity/slr_rules/*.conf

148

-# Not installed yet as of 2.2.6

149

-

150

-# Optionally use the other rules as well

151

-# Include /etc/modsecurity/optional_rules/*.conf

152

-# Include /etc/modsecurity/experimental_rules/*.conf

153

-</IfDefine>

154

-

155

-# -*- apache -*-

156

-# vim: ts=4 filetype=apache

157

-

158

-EOF

159

-	) > "${T}"/"80_${PN}.conf"

160

-

161

-	insinto /etc/apache2/modules.d/

162

-	doins "${T}"/"80_${PN}.conf"

163

-}

164

-

165

-pkg_postinst() {

166

-	elog

167

-	elog "If you want to enable further rules, check the following directories:"

168

-	elog "	${RULESDIR}/optional_rules"

169

-	elog "	${RULESDIR}/experimental_rules"

170

-	elog ""

171

-	elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"

172

-	elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"

173

-	elog "should change 80_${PN}.conf so that you have these settings enabled:"

174

-	elog ""

175

-	elog "    #SecDefaultAction \"phase:2,deny,log\""

176

-	elog "    SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""

177

-	elog ""

178

-	elog "Starting from version 2.1.2 rules are installed, for consistency, under"

179

-	elog "/etc/modsecurity, and can be configured with the following file:"

180

-	elog "  /etc/apache2/modules.d/80_${PN}.conf"

181

-	elog ""

182

-}

183

184

diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild

185

deleted file mode 100644

186

index 57f9f9b0391..00000000000

187

--- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild

188

+++ /dev/null

189

@@ -1,138 +0,0 @@

190

-# Copyright 1999-2018 Gentoo Foundation

191

-# Distributed under the terms of the GNU General Public License v2

192

-

193

-EAPI=6

194

-

195

-GITHUB_USER=SpiderLabs

196

-GITHUB_PROJECT=owasp-${PN}

197

-

198

-DESCRIPTION="Core Rule Set for ModSecurity"

199

-HOMEPAGE="

200

-	https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

201

-	https://modsecurity.org/crs/

202

-	https://coreruleset.org/"

203

-SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz"

204

-

205

-LICENSE="Apache-2.0"

206

-SLOT="0"

207

-KEYWORDS="~amd64 ~ppc ~sparc ~x86"

208

-IUSE="lua geoip"

209

-

210

-RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]"

211

-DEPEND=""

212

-

213

-S="${WORKDIR}/${GITHUB_PROJECT}-${PV}"

214

-

215

-RULESDIR=/etc/modsecurity

216

-LUADIR=/usr/share/${PN}/lua

217

-

218

-src_prepare() {

219

-	if ! use lua; then

220

-		# comment out this since it's in the same file as another one we want to keep

221

-		sed -i -e "/id:'900036'/s:^:#:" \

222

-			experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

223

-

224

-		# remove these that rely on the presence of the lua files

225

-		rm \

226

-			experimental_rules/modsecurity_crs_16_scanner_integration.conf \

227

-			experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf \

228

-			experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \

229

-			experimental_rules/modsecurity_crs_48_bayes_analysis.conf \

230

-			experimental_rules/modsecurity_crs_55_response_profiling.conf \

231

-			experimental_rules/modsecurity_crs_56_pvi_checks.conf \

232

-			|| die

233

-	else

234

-		# fix up the path to the scripts; there seems to be no

235

-		# consistency at all on how the rules are loaded.

236

-		sed -i \

237

-			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \

238

-			-e "s:profile_page_scripts.lua:${LUADIR}/\0:" \

239

-			-e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \

240

-			-e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \

241

-			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \

242

-			-e "s:\.\./lua/:${LUADIR}/:" \

243

-			*_rules/*.conf || die

244

-

245

-		# fix up the shebang on the scripts

246

-		sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \

247

-			lua/*.lua || die

248

-	fi

249

-

250

-	sed -i \

251

-		-e '/SecGeoLookupDb/s:^:#:' \

252

-		-e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \

253

-		experimental_rules/modsecurity_crs_61_ip_forensics.conf \

254

-		experimental_rules/modsecurity_crs_11_proxy_abuse.conf || die

255

-

256

-	if ! use geoip; then

257

-		rm  experimental_rules/modsecurity_crs_11_proxy_abuse.conf

258

-

259

-		if use lua; then

260

-			# only comment this out as the file is going to be used for other things

261

-			sed -i -e "/id:'900039'/,+1 s:^:#:" \

262

-				experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

263

-		else

264

-			rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

265

-		fi

266

-	fi

267

-

268

-	eapply_user

269

-}

270

-

271

-src_install() {

272

-	insinto "${RULESDIR}"

273

-	doins -r base_rules optional_rules experimental_rules slr_rules

274

-

275

-	insinto "${LUADIR}"

276

-	doins lua/*.lua

277

-

278

-	dodoc CHANGES README.md

279

-

280

-	(

281

-		cat - <<EOF

282

-<IfDefine SECURITY>

283

-EOF

284

-

285

-		cat modsecurity_crs_10_setup.conf.example

286

-

287

-		cat - <<EOF

288

-

289

-Include /etc/modsecurity/base_rules/*.conf

290

-

291

-# Include Trustwave SpiderLabs Research Team rules

292

-# Include /etc/modsecurity/slr_rules/*.conf

293

-# Not installed yet as of 2.2.6

294

-

295

-# Optionally use the other rules as well

296

-# Include /etc/modsecurity/optional_rules/*.conf

297

-# Include /etc/modsecurity/experimental_rules/*.conf

298

-</IfDefine>

299

-

300

-# -*- apache -*-

301

-# vim: ts=4 filetype=apache

302

-

303

-EOF

304

-	) > "${T}"/"80_${PN}.conf"

305

-

306

-	insinto /etc/apache2/modules.d/

307

-	doins "${T}"/"80_${PN}.conf"

308

-}

309

-

310

-pkg_postinst() {

311

-	elog

312

-	elog "If you want to enable further rules, check the following directories:"

313

-	elog "	${RULESDIR}/optional_rules"

314

-	elog "	${RULESDIR}/experimental_rules"

315

-	elog ""

316

-	elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"

317

-	elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"

318

-	elog "should change 80_${PN}.conf so that you have these settings enabled:"

319

-	elog ""

320

-	elog "    #SecDefaultAction \"phase:2,deny,log\""

321

-	elog "    SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""

322

-	elog ""

323

-	elog "Starting from version 2.1.2 rules are installed, for consistency, under"

324

-	elog "/etc/modsecurity, and can be configured with the following file:"

325

-	elog "  /etc/apache2/modules.d/80_${PN}.conf"

326

-	elog ""

327

-}

1	commit: 2dacb30d5bbd42e21c274419aedf3b8eeba2baac
2	Author: Pacho Ramos <pacho <AT> gentoo <DOT> org>
3	AuthorDate: Wed Oct 31 18:32:05 2018 +0000
4	Commit: Pacho Ramos <pacho <AT> gentoo <DOT> org>
5	CommitDate: Wed Oct 31 18:34:01 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dacb30d
7
8	www-apache/modsecurity-crs: Drop old
9
10	Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org>
11	Package-Manager: Portage-2.3.51, Repoman-2.3.11
12
13	www-apache/modsecurity-crs/Manifest \| 2 -
14	.../modsecurity-crs/files/80_mod_security-crs.conf \| 8 --
15	.../modsecurity-crs/modsecurity-crs-2.2.7.ebuild \| 134 --------------------
16	.../modsecurity-crs/modsecurity-crs-2.2.9.ebuild \| 138 ---------------------
17	4 files changed, 282 deletions(-)
18
19	diff --git a/www-apache/modsecurity-crs/Manifest b/www-apache/modsecurity-crs/Manifest
20	index da8c80c1e06..0b221bc9969 100644
21	--- a/www-apache/modsecurity-crs/Manifest
22	+++ b/www-apache/modsecurity-crs/Manifest
23	@@ -1,3 +1 @@
24	-DIST modsecurity-crs-2.2.7.tar.gz 294137 BLAKE2B 399c72d5c52f2914e8f92c813b6ac346bbd2858d34b61ff4845dbbc7671ff7ffa906b43e2d8e3283a5f30b2fec59395b81239c121c953d51d736b009bc86f4bb SHA512 d0d3dac1b391c8ab730cc16546c9508d93c85dd674b2750d12fff99c17e5575b36bea0cf00e06fdd20c2db5dfdbdc3fd7bbaa26502988617632acfde1ee88927
25	-DIST modsecurity-crs-2.2.9.tar.gz 279898 BLAKE2B 75e9c5c9fb0fdf3957b17926b923d1d26b44677fc30556bf58d0b44d73918f7f65052714a7c67c53fc312f81a28422025303674f934f085929e8f4b9ea9fc063 SHA512 fc95cfff9d4ba9a4478c704e5d16e4054e514eb3ffb6343706840aad76607f997b4cc4b8b148adc5cb83743ea7996328d35b8556115de29d6a0e034b67591a09
26	DIST modsecurity-crs-3.0.2.tar.gz 156751 BLAKE2B 111a330b6081d476899be321e15d74379b3c3db23f429a4a4ef1900c87e4b29229638acf3bb367745446ef97ccba4679db91b0d84bae93f2c127bbb6e8031851 SHA512 ae8fe9a0f00a57708c8680cb76882214e4f5ff647e13087aaf1bfc7382cefb38d2f3a88eb1f210031b553f56d3e44c12dbdc68f8b0d09fb4a9e2f15a70d885aa
27
28	diff --git a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf b/www-apache/modsecurity-crs/files/80_mod_security-crs.conf
29	deleted file mode 100644
30	index c6b767a3cf2..00000000000
31	--- a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf
32	+++ /dev/null
33	@@ -1,8 +0,0 @@
34	-<IfDefine SECURITY>
35	- # Add your custom CRS configuration here. A copy of upstream's
36	- # crs-setup.conf.example is includes with the documentation of
37	- # modsecurity-crs.
38	-
39	- # Include the rules AFTER your custom configuration.
40	- Include /usr/share/modsecurity-crs/rules/*.conf
41	-</IfDefine>
42
43	diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild
44	deleted file mode 100644
45	index c96ed6be896..00000000000
46	--- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild
47	+++ /dev/null
48	@@ -1,134 +0,0 @@
49	-# Copyright 1999-2018 Gentoo Foundation
50	-# Distributed under the terms of the GNU General Public License v2
51	-
52	-EAPI=5
53	-
54	-GITHUB_USER=SpiderLabs
55	-GITHUB_PROJECT=owasp-${PN}
56	-
57	-DESCRIPTION="Core Rule Set for ModSecurity"
58	-HOMEPAGE="
59	- https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
60	- https://modsecurity.org/crs/
61	- https://coreruleset.org/"
62	-SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz"
63	-
64	-LICENSE="Apache-2.0"
65	-SLOT="0"
66	-KEYWORDS="amd64 ppc sparc x86"
67	-IUSE="lua geoip"
68	-
69	-RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]"
70	-DEPEND=""
71	-
72	-S="${WORKDIR}/${GITHUB_PROJECT}-${PV}"
73	-
74	-RULESDIR=/etc/modsecurity
75	-LUADIR=/usr/share/${PN}/lua
76	-
77	-src_prepare() {
78	- if ! use lua; then
79	- # comment out this since it's in the same file as another one we want to keep
80	- sed -i -e "/id:'96000[456]'/s:^:#:" \
81	- experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
82	-
83	- # remove these that rely on the presence of the lua files
84	- rm \
85	- experimental_rules/modsecurity_crs_16_scanner_integration.conf \
86	- experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \
87	- experimental_rules/modsecurity_crs_41_advanced_filters.conf \
88	- experimental_rules/modsecurity_crs_55_response_profiling.conf \
89	- experimental_rules/modsecurity_crs_56_pvi_checks.conf \
90	- \|\| die
91	- else
92	- # fix up the path to the scripts; there seems to be no
93	- # consistency at all on how the rules are loaded.
94	- sed -i \
95	- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
96	- -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \
97	- -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \
98	- -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \
99	- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
100	- -e "s:\.\./lua/:${LUADIR}/:" \
101	- _rules/.conf \|\| die
102	-
103	- # fix up the shebang on the scripts
104	- sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \
105	- lua/*.lua \|\| die
106	- fi
107	-
108	- sed -i \
109	- -e '/SecGeoLookupDb/s:^:#:' \
110	- -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \
111	- experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
112	-
113	- if ! use geoip; then
114	- if use lua; then
115	- # only comment this out as the file is going to be used for other things
116	- sed -i -e "/id:'960007'/,+1 s:^:#:" \
117	- experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
118	- else
119	- rm experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
120	- fi
121	- fi
122	-}
123	-
124	-src_install() {
125	- insinto "${RULESDIR}"
126	- # slr_rules as of 2.2.6 have broken IDs that don't work with
127	- # ModSecurity 2.7, but the rules require 2.7 to begin with.
128	- doins -r base_rules optional_rules experimental_rules #slr_rules
129	-
130	- insinto "${LUADIR}"
131	- doins lua/*.lua
132	-
133	- dodoc CHANGELOG README.md
134	-
135	- (
136	- cat - <<EOF
137	-<IfDefine SECURITY>
138	-EOF
139	-
140	- cat modsecurity_crs_10_setup.conf.example
141	-
142	- cat - <<EOF
143	-
144	-Include /etc/modsecurity/base_rules/*.conf
145	-
146	-# Include Trustwave SpiderLabs Research Team rules
147	-# Include /etc/modsecurity/slr_rules/*.conf
148	-# Not installed yet as of 2.2.6
149	-
150	-# Optionally use the other rules as well
151	-# Include /etc/modsecurity/optional_rules/*.conf
152	-# Include /etc/modsecurity/experimental_rules/*.conf
153	-</IfDefine>
154	-
155	-# -- apache --
156	-# vim: ts=4 filetype=apache
157	-
158	-EOF
159	- ) > "${T}"/"80_${PN}.conf"
160	-
161	- insinto /etc/apache2/modules.d/
162	- doins "${T}"/"80_${PN}.conf"
163	-}
164	-
165	-pkg_postinst() {
166	- elog
167	- elog "If you want to enable further rules, check the following directories:"
168	- elog " ${RULESDIR}/optional_rules"
169	- elog " ${RULESDIR}/experimental_rules"
170	- elog ""
171	- elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"
172	- elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"
173	- elog "should change 80_${PN}.conf so that you have these settings enabled:"
174	- elog ""
175	- elog " #SecDefaultAction \"phase:2,deny,log\""
176	- elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""
177	- elog ""
178	- elog "Starting from version 2.1.2 rules are installed, for consistency, under"
179	- elog "/etc/modsecurity, and can be configured with the following file:"
180	- elog " /etc/apache2/modules.d/80_${PN}.conf"
181	- elog ""
182	-}
183
184	diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild
185	deleted file mode 100644
186	index 57f9f9b0391..00000000000
187	--- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild
188	+++ /dev/null
189	@@ -1,138 +0,0 @@
190	-# Copyright 1999-2018 Gentoo Foundation
191	-# Distributed under the terms of the GNU General Public License v2
192	-
193	-EAPI=6
194	-
195	-GITHUB_USER=SpiderLabs
196	-GITHUB_PROJECT=owasp-${PN}
197	-
198	-DESCRIPTION="Core Rule Set for ModSecurity"
199	-HOMEPAGE="
200	- https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
201	- https://modsecurity.org/crs/
202	- https://coreruleset.org/"
203	-SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz"
204	-
205	-LICENSE="Apache-2.0"
206	-SLOT="0"
207	-KEYWORDS="~amd64 ~ppc ~sparc ~x86"
208	-IUSE="lua geoip"
209	-
210	-RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]"
211	-DEPEND=""
212	-
213	-S="${WORKDIR}/${GITHUB_PROJECT}-${PV}"
214	-
215	-RULESDIR=/etc/modsecurity
216	-LUADIR=/usr/share/${PN}/lua
217	-
218	-src_prepare() {
219	- if ! use lua; then
220	- # comment out this since it's in the same file as another one we want to keep
221	- sed -i -e "/id:'900036'/s:^:#:" \
222	- experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
223	-
224	- # remove these that rely on the presence of the lua files
225	- rm \
226	- experimental_rules/modsecurity_crs_16_scanner_integration.conf \
227	- experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf \
228	- experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \
229	- experimental_rules/modsecurity_crs_48_bayes_analysis.conf \
230	- experimental_rules/modsecurity_crs_55_response_profiling.conf \
231	- experimental_rules/modsecurity_crs_56_pvi_checks.conf \
232	- \|\| die
233	- else
234	- # fix up the path to the scripts; there seems to be no
235	- # consistency at all on how the rules are loaded.
236	- sed -i \
237	- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
238	- -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \
239	- -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \
240	- -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \
241	- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
242	- -e "s:\.\./lua/:${LUADIR}/:" \
243	- _rules/.conf \|\| die
244	-
245	- # fix up the shebang on the scripts
246	- sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \
247	- lua/*.lua \|\| die
248	- fi
249	-
250	- sed -i \
251	- -e '/SecGeoLookupDb/s:^:#:' \
252	- -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \
253	- experimental_rules/modsecurity_crs_61_ip_forensics.conf \
254	- experimental_rules/modsecurity_crs_11_proxy_abuse.conf \|\| die
255	-
256	- if ! use geoip; then
257	- rm experimental_rules/modsecurity_crs_11_proxy_abuse.conf
258	-
259	- if use lua; then
260	- # only comment this out as the file is going to be used for other things
261	- sed -i -e "/id:'900039'/,+1 s:^:#:" \
262	- experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
263	- else
264	- rm experimental_rules/modsecurity_crs_61_ip_forensics.conf \|\| die
265	- fi
266	- fi
267	-
268	- eapply_user
269	-}
270	-
271	-src_install() {
272	- insinto "${RULESDIR}"
273	- doins -r base_rules optional_rules experimental_rules slr_rules
274	-
275	- insinto "${LUADIR}"
276	- doins lua/*.lua
277	-
278	- dodoc CHANGES README.md
279	-
280	- (
281	- cat - <<EOF
282	-<IfDefine SECURITY>
283	-EOF
284	-
285	- cat modsecurity_crs_10_setup.conf.example
286	-
287	- cat - <<EOF
288	-
289	-Include /etc/modsecurity/base_rules/*.conf
290	-
291	-# Include Trustwave SpiderLabs Research Team rules
292	-# Include /etc/modsecurity/slr_rules/*.conf
293	-# Not installed yet as of 2.2.6
294	-
295	-# Optionally use the other rules as well
296	-# Include /etc/modsecurity/optional_rules/*.conf
297	-# Include /etc/modsecurity/experimental_rules/*.conf
298	-</IfDefine>
299	-
300	-# -- apache --
301	-# vim: ts=4 filetype=apache
302	-
303	-EOF
304	- ) > "${T}"/"80_${PN}.conf"
305	-
306	- insinto /etc/apache2/modules.d/
307	- doins "${T}"/"80_${PN}.conf"
308	-}
309	-
310	-pkg_postinst() {
311	- elog
312	- elog "If you want to enable further rules, check the following directories:"
313	- elog " ${RULESDIR}/optional_rules"
314	- elog " ${RULESDIR}/experimental_rules"
315	- elog ""
316	- elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"
317	- elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"
318	- elog "should change 80_${PN}.conf so that you have these settings enabled:"
319	- elog ""
320	- elog " #SecDefaultAction \"phase:2,deny,log\""
321	- elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""
322	- elog ""
323	- elog "Starting from version 2.1.2 rules are installed, for consistency, under"
324	- elog "/etc/modsecurity, and can be configured with the following file:"
325	- elog " /etc/apache2/modules.d/80_${PN}.conf"
326	- elog ""
327	-}

Gentoo Archives: gentoo-commits