From: "Diego Elio Pettenò" <flameeyes@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: www-apache/modsecurity-crs/
Date: Thu, 3 Nov 2016 21:46:41 +0000 (UTC) [thread overview]
Message-ID: <1478209582.2b0a47c1be1e03f7cc380e8f0f95cfbf6550a075.flameeyes@gentoo> (raw)
commit: 2b0a47c1be1e03f7cc380e8f0f95cfbf6550a075
Author: Diego Elio Pettenò <flameeyes <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 3 21:46:07 2016 +0000
Commit: Diego Elio Pettenò <flameeyes <AT> gentoo <DOT> org>
CommitDate: Thu Nov 3 21:46:22 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b0a47c1
www-apache/modsecurity-crs: update to version 2.2.9 (last version before v3.)
Update the sedding and removal of experimental rules, and install slr_rules that are now compatible with mod_security v2.7
Package-Manager: portage-2.3.0
www-apache/modsecurity-crs/Manifest | 1 +
.../modsecurity-crs/modsecurity-crs-2.2.9.ebuild | 136 +++++++++++++++++++++
2 files changed, 137 insertions(+)
diff --git a/www-apache/modsecurity-crs/Manifest b/www-apache/modsecurity-crs/Manifest
index c3cd841..543075c 100644
--- a/www-apache/modsecurity-crs/Manifest
+++ b/www-apache/modsecurity-crs/Manifest
@@ -1,2 +1,3 @@
DIST modsecurity-crs-2.2.6.tar.gz 291070 SHA256 1c837fc7ace28f732b5034c90a17635e31fe3c9a45425c079fd1fd6bae01b790 SHA512 0e6c2735814dd24ba2329bc756e382b0430937a703d492b2ac00f95af6598903961b43013e99cd49240fe6b7a5439a7b1b3e79c3b7a48828465252dafd586165 WHIRLPOOL d8c85f8e6db07ecbc5a9a680e843f485d87294c71ceeb84aa83e562441ea78db477f9850431ded67371fbe455438fb89fedb5d3070e524abebe53b3c9a039f72
DIST modsecurity-crs-2.2.7.tar.gz 294137 SHA256 54bc74815d6e6c3b476aec673a48e3ce08ee82b76bfe941408efab757aa8a0f7 SHA512 d0d3dac1b391c8ab730cc16546c9508d93c85dd674b2750d12fff99c17e5575b36bea0cf00e06fdd20c2db5dfdbdc3fd7bbaa26502988617632acfde1ee88927 WHIRLPOOL fc72bdbd5c79dffa0b2c65893cb8cdab0708705ce48ca3d49115339a5b4ff8cbe7cc42bcb49abd966243a2e48cb2af290ea125c6de4b185eb8b1c20e7eb66057
+DIST modsecurity-crs-2.2.9.tar.gz 279898 SHA256 203669540abf864d40e892acf2ea02ec4ab47f9769747d28d79b6c2a501e3dfc SHA512 fc95cfff9d4ba9a4478c704e5d16e4054e514eb3ffb6343706840aad76607f997b4cc4b8b148adc5cb83743ea7996328d35b8556115de29d6a0e034b67591a09 WHIRLPOOL 8e741a5430905e061ba024e8ae2b5bd08ae19e6ae30d9ca8a0160c9f73afee7bfe57caf73ba7eecebc00e34141f5d46cb1378793a89c8c56966139c10f70c30a
diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild
new file mode 100644
index 00000000..c33f3da
--- /dev/null
+++ b/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+GITHUB_USER=SpiderLabs
+GITHUB_PROJECT=owasp-${PN}
+
+DESCRIPTION="Core Rule Set for ModSecurity"
+HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project"
+SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="lua geoip"
+
+RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]"
+DEPEND=""
+
+S="${WORKDIR}/${GITHUB_PROJECT}-${PV}"
+
+RULESDIR=/etc/modsecurity
+LUADIR=/usr/share/${PN}/lua
+
+src_prepare() {
+ if ! use lua; then
+ # comment out this since it's in the same file as another one we want to keep
+ sed -i -e "/id:'900036'/s:^:#:" \
+ experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
+
+ # remove these that rely on the presence of the lua files
+ rm \
+ experimental_rules/modsecurity_crs_16_scanner_integration.conf \
+ experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf \
+ experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \
+ experimental_rules/modsecurity_crs_48_bayes_analysis.conf \
+ experimental_rules/modsecurity_crs_55_response_profiling.conf \
+ experimental_rules/modsecurity_crs_56_pvi_checks.conf \
+ || die
+ else
+ # fix up the path to the scripts; there seems to be no
+ # consistency at all on how the rules are loaded.
+ sed -i \
+ -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
+ -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \
+ -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \
+ -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \
+ -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
+ -e "s:\.\./lua/:${LUADIR}/:" \
+ *_rules/*.conf || die
+
+ # fix up the shebang on the scripts
+ sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \
+ lua/*.lua || die
+ fi
+
+ sed -i \
+ -e '/SecGeoLookupDb/s:^:#:' \
+ -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \
+ experimental_rules/modsecurity_crs_61_ip_forensics.conf \
+ experimental_rules/modsecurity_crs_11_proxy_abuse.conf || die
+
+ if ! use geoip; then
+ rm experimental_rules/modsecurity_crs_11_proxy_abuse.conf
+
+ if use lua; then
+ # only comment this out as the file is going to be used for other things
+ sed -i -e "/id:'900039'/,+1 s:^:#:" \
+ experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
+ else
+ rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
+ fi
+ fi
+
+ eapply_user
+}
+
+src_install() {
+ insinto "${RULESDIR}"
+ doins -r base_rules optional_rules experimental_rules slr_rules
+
+ insinto "${LUADIR}"
+ doins lua/*.lua
+
+ dodoc CHANGES README.md
+
+ (
+ cat - <<EOF
+<IfDefine SECURITY>
+EOF
+
+ cat modsecurity_crs_10_setup.conf.example
+
+ cat - <<EOF
+
+Include /etc/modsecurity/base_rules/*.conf
+
+# Include Trustwave SpiderLabs Research Team rules
+# Include /etc/modsecurity/slr_rules/*.conf
+# Not installed yet as of 2.2.6
+
+# Optionally use the other rules as well
+# Include /etc/modsecurity/optional_rules/*.conf
+# Include /etc/modsecurity/experimental_rules/*.conf
+</IfDefine>
+
+# -*- apache -*-
+# vim: ts=4 filetype=apache
+
+EOF
+ ) > "${T}"/"80_${PN}.conf"
+
+ insinto /etc/apache2/modules.d/
+ doins "${T}"/"80_${PN}.conf"
+}
+
+pkg_postinst() {
+ elog
+ elog "If you want to enable further rules, check the following directories:"
+ elog " ${RULESDIR}/optional_rules"
+ elog " ${RULESDIR}/experimental_rules"
+ elog ""
+ elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"
+ elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"
+ elog "should change 80_${PN}.conf so that you have these settings enabled:"
+ elog ""
+ elog " #SecDefaultAction \"phase:2,deny,log\""
+ elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""
+ elog ""
+ elog "Starting from version 2.1.2 rules are installed, for consistency, under"
+ elog "/etc/modsecurity, and can be configured with the following file:"
+ elog " /etc/apache2/modules.d/80_${PN}.conf"
+ elog ""
+}
next reply other threads:[~2016-11-03 21:46 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-03 21:46 Diego Elio Pettenò [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-03-12 12:38 [gentoo-commits] repo/gentoo:master commit in: www-apache/modsecurity-crs/ Petr Vaněk
2025-03-01 9:00 Petr Vaněk
2025-03-01 9:00 Petr Vaněk
2025-02-11 9:49 Sam James
2025-02-11 9:49 Sam James
2025-02-11 9:21 Sam James
2025-02-11 9:21 Sam James
2024-12-04 18:10 Joonas Niilola
2024-12-04 18:10 Joonas Niilola
2024-12-04 18:10 Joonas Niilola
2024-10-26 6:02 Joonas Niilola
2024-10-26 6:02 Joonas Niilola
2024-10-26 3:49 Sam James
2024-10-26 3:49 Sam James
2024-10-25 11:36 Joonas Niilola
2024-10-25 11:36 Joonas Niilola
2024-07-20 6:42 Joonas Niilola
2024-07-20 6:42 Joonas Niilola
2024-04-27 13:21 Petr Vaněk
2024-04-27 13:21 Petr Vaněk
2024-04-26 17:16 Sam James
2024-04-26 17:16 Sam James
2024-03-16 9:26 Joonas Niilola
2024-01-11 14:06 Joonas Niilola
2024-01-11 14:06 Joonas Niilola
2023-10-31 0:06 Sam James
2023-10-30 23:13 Sam James
2023-10-28 7:07 Hans de Graaff
2022-12-02 6:15 John Helmert III
2022-12-02 3:38 Sam James
2022-12-02 3:34 Sam James
2022-11-21 9:22 Joonas Niilola
2022-11-21 9:22 Joonas Niilola
2021-12-24 8:02 Sam James
2021-12-22 0:45 Sam James
2021-12-22 0:44 Sam James
2021-12-21 2:05 Sam James
2020-12-29 2:00 Sam James
2020-10-09 15:23 Agostino Sarubbo
2020-10-09 8:41 Agostino Sarubbo
2020-10-07 18:58 Sam James
2019-03-04 1:35 Thomas Deutschmann
2018-10-26 0:52 Thomas Deutschmann
2018-10-20 18:01 Mikle Kolyada
2018-05-20 23:26 Aaron Bauman
2018-03-29 19:23 Michał Górny
2016-08-07 9:30 Pacho Ramos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1478209582.2b0a47c1be1e03f7cc380e8f0f95cfbf6550a075.flameeyes@gentoo \
--to=flameeyes@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox