* [gentoo-commits] repo/gentoo:master commit in: www-apache/modsecurity-crs/, www-apache/modsecurity-crs/files/
@ 2018-10-31 18:34 Pacho Ramos
0 siblings, 0 replies; only message in thread
From: Pacho Ramos @ 2018-10-31 18:34 UTC (permalink / raw
To: gentoo-commits
commit: 2dacb30d5bbd42e21c274419aedf3b8eeba2baac
Author: Pacho Ramos <pacho <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 31 18:32:05 2018 +0000
Commit: Pacho Ramos <pacho <AT> gentoo <DOT> org>
CommitDate: Wed Oct 31 18:34:01 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dacb30d
www-apache/modsecurity-crs: Drop old
Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
www-apache/modsecurity-crs/Manifest | 2 -
.../modsecurity-crs/files/80_mod_security-crs.conf | 8 --
.../modsecurity-crs/modsecurity-crs-2.2.7.ebuild | 134 --------------------
.../modsecurity-crs/modsecurity-crs-2.2.9.ebuild | 138 ---------------------
4 files changed, 282 deletions(-)
diff --git a/www-apache/modsecurity-crs/Manifest b/www-apache/modsecurity-crs/Manifest
index da8c80c1e06..0b221bc9969 100644
--- a/www-apache/modsecurity-crs/Manifest
+++ b/www-apache/modsecurity-crs/Manifest
@@ -1,3 +1 @@
-DIST modsecurity-crs-2.2.7.tar.gz 294137 BLAKE2B 399c72d5c52f2914e8f92c813b6ac346bbd2858d34b61ff4845dbbc7671ff7ffa906b43e2d8e3283a5f30b2fec59395b81239c121c953d51d736b009bc86f4bb SHA512 d0d3dac1b391c8ab730cc16546c9508d93c85dd674b2750d12fff99c17e5575b36bea0cf00e06fdd20c2db5dfdbdc3fd7bbaa26502988617632acfde1ee88927
-DIST modsecurity-crs-2.2.9.tar.gz 279898 BLAKE2B 75e9c5c9fb0fdf3957b17926b923d1d26b44677fc30556bf58d0b44d73918f7f65052714a7c67c53fc312f81a28422025303674f934f085929e8f4b9ea9fc063 SHA512 fc95cfff9d4ba9a4478c704e5d16e4054e514eb3ffb6343706840aad76607f997b4cc4b8b148adc5cb83743ea7996328d35b8556115de29d6a0e034b67591a09
DIST modsecurity-crs-3.0.2.tar.gz 156751 BLAKE2B 111a330b6081d476899be321e15d74379b3c3db23f429a4a4ef1900c87e4b29229638acf3bb367745446ef97ccba4679db91b0d84bae93f2c127bbb6e8031851 SHA512 ae8fe9a0f00a57708c8680cb76882214e4f5ff647e13087aaf1bfc7382cefb38d2f3a88eb1f210031b553f56d3e44c12dbdc68f8b0d09fb4a9e2f15a70d885aa
diff --git a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf b/www-apache/modsecurity-crs/files/80_mod_security-crs.conf
deleted file mode 100644
index c6b767a3cf2..00000000000
--- a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-<IfDefine SECURITY>
- # Add your custom CRS configuration here. A copy of upstream's
- # crs-setup.conf.example is includes with the documentation of
- # modsecurity-crs.
-
- # Include the rules AFTER your custom configuration.
- Include /usr/share/modsecurity-crs/rules/*.conf
-</IfDefine>
diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild
deleted file mode 100644
index c96ed6be896..00000000000
--- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild
+++ /dev/null
@@ -1,134 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-GITHUB_USER=SpiderLabs
-GITHUB_PROJECT=owasp-${PN}
-
-DESCRIPTION="Core Rule Set for ModSecurity"
-HOMEPAGE="
- https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
- https://modsecurity.org/crs/
- https://coreruleset.org/"
-SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64 ppc sparc x86"
-IUSE="lua geoip"
-
-RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]"
-DEPEND=""
-
-S="${WORKDIR}/${GITHUB_PROJECT}-${PV}"
-
-RULESDIR=/etc/modsecurity
-LUADIR=/usr/share/${PN}/lua
-
-src_prepare() {
- if ! use lua; then
- # comment out this since it's in the same file as another one we want to keep
- sed -i -e "/id:'96000[456]'/s:^:#:" \
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
-
- # remove these that rely on the presence of the lua files
- rm \
- experimental_rules/modsecurity_crs_16_scanner_integration.conf \
- experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \
- experimental_rules/modsecurity_crs_41_advanced_filters.conf \
- experimental_rules/modsecurity_crs_55_response_profiling.conf \
- experimental_rules/modsecurity_crs_56_pvi_checks.conf \
- || die
- else
- # fix up the path to the scripts; there seems to be no
- # consistency at all on how the rules are loaded.
- sed -i \
- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
- -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \
- -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \
- -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \
- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
- -e "s:\.\./lua/:${LUADIR}/:" \
- *_rules/*.conf || die
-
- # fix up the shebang on the scripts
- sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \
- lua/*.lua || die
- fi
-
- sed -i \
- -e '/SecGeoLookupDb/s:^:#:' \
- -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
-
- if ! use geoip; then
- if use lua; then
- # only comment this out as the file is going to be used for other things
- sed -i -e "/id:'960007'/,+1 s:^:#:" \
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
- else
- rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
- fi
- fi
-}
-
-src_install() {
- insinto "${RULESDIR}"
- # slr_rules as of 2.2.6 have broken IDs that don't work with
- # ModSecurity 2.7, but the rules require 2.7 to begin with.
- doins -r base_rules optional_rules experimental_rules #slr_rules
-
- insinto "${LUADIR}"
- doins lua/*.lua
-
- dodoc CHANGELOG README.md
-
- (
- cat - <<EOF
-<IfDefine SECURITY>
-EOF
-
- cat modsecurity_crs_10_setup.conf.example
-
- cat - <<EOF
-
-Include /etc/modsecurity/base_rules/*.conf
-
-# Include Trustwave SpiderLabs Research Team rules
-# Include /etc/modsecurity/slr_rules/*.conf
-# Not installed yet as of 2.2.6
-
-# Optionally use the other rules as well
-# Include /etc/modsecurity/optional_rules/*.conf
-# Include /etc/modsecurity/experimental_rules/*.conf
-</IfDefine>
-
-# -*- apache -*-
-# vim: ts=4 filetype=apache
-
-EOF
- ) > "${T}"/"80_${PN}.conf"
-
- insinto /etc/apache2/modules.d/
- doins "${T}"/"80_${PN}.conf"
-}
-
-pkg_postinst() {
- elog
- elog "If you want to enable further rules, check the following directories:"
- elog " ${RULESDIR}/optional_rules"
- elog " ${RULESDIR}/experimental_rules"
- elog ""
- elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"
- elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"
- elog "should change 80_${PN}.conf so that you have these settings enabled:"
- elog ""
- elog " #SecDefaultAction \"phase:2,deny,log\""
- elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""
- elog ""
- elog "Starting from version 2.1.2 rules are installed, for consistency, under"
- elog "/etc/modsecurity, and can be configured with the following file:"
- elog " /etc/apache2/modules.d/80_${PN}.conf"
- elog ""
-}
diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild
deleted file mode 100644
index 57f9f9b0391..00000000000
--- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild
+++ /dev/null
@@ -1,138 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-GITHUB_USER=SpiderLabs
-GITHUB_PROJECT=owasp-${PN}
-
-DESCRIPTION="Core Rule Set for ModSecurity"
-HOMEPAGE="
- https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
- https://modsecurity.org/crs/
- https://coreruleset.org/"
-SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~sparc ~x86"
-IUSE="lua geoip"
-
-RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]"
-DEPEND=""
-
-S="${WORKDIR}/${GITHUB_PROJECT}-${PV}"
-
-RULESDIR=/etc/modsecurity
-LUADIR=/usr/share/${PN}/lua
-
-src_prepare() {
- if ! use lua; then
- # comment out this since it's in the same file as another one we want to keep
- sed -i -e "/id:'900036'/s:^:#:" \
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
-
- # remove these that rely on the presence of the lua files
- rm \
- experimental_rules/modsecurity_crs_16_scanner_integration.conf \
- experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf \
- experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \
- experimental_rules/modsecurity_crs_48_bayes_analysis.conf \
- experimental_rules/modsecurity_crs_55_response_profiling.conf \
- experimental_rules/modsecurity_crs_56_pvi_checks.conf \
- || die
- else
- # fix up the path to the scripts; there seems to be no
- # consistency at all on how the rules are loaded.
- sed -i \
- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
- -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \
- -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \
- -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \
- -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
- -e "s:\.\./lua/:${LUADIR}/:" \
- *_rules/*.conf || die
-
- # fix up the shebang on the scripts
- sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \
- lua/*.lua || die
- fi
-
- sed -i \
- -e '/SecGeoLookupDb/s:^:#:' \
- -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \
- experimental_rules/modsecurity_crs_61_ip_forensics.conf \
- experimental_rules/modsecurity_crs_11_proxy_abuse.conf || die
-
- if ! use geoip; then
- rm experimental_rules/modsecurity_crs_11_proxy_abuse.conf
-
- if use lua; then
- # only comment this out as the file is going to be used for other things
- sed -i -e "/id:'900039'/,+1 s:^:#:" \
- experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
- else
- rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
- fi
- fi
-
- eapply_user
-}
-
-src_install() {
- insinto "${RULESDIR}"
- doins -r base_rules optional_rules experimental_rules slr_rules
-
- insinto "${LUADIR}"
- doins lua/*.lua
-
- dodoc CHANGES README.md
-
- (
- cat - <<EOF
-<IfDefine SECURITY>
-EOF
-
- cat modsecurity_crs_10_setup.conf.example
-
- cat - <<EOF
-
-Include /etc/modsecurity/base_rules/*.conf
-
-# Include Trustwave SpiderLabs Research Team rules
-# Include /etc/modsecurity/slr_rules/*.conf
-# Not installed yet as of 2.2.6
-
-# Optionally use the other rules as well
-# Include /etc/modsecurity/optional_rules/*.conf
-# Include /etc/modsecurity/experimental_rules/*.conf
-</IfDefine>
-
-# -*- apache -*-
-# vim: ts=4 filetype=apache
-
-EOF
- ) > "${T}"/"80_${PN}.conf"
-
- insinto /etc/apache2/modules.d/
- doins "${T}"/"80_${PN}.conf"
-}
-
-pkg_postinst() {
- elog
- elog "If you want to enable further rules, check the following directories:"
- elog " ${RULESDIR}/optional_rules"
- elog " ${RULESDIR}/experimental_rules"
- elog ""
- elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"
- elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"
- elog "should change 80_${PN}.conf so that you have these settings enabled:"
- elog ""
- elog " #SecDefaultAction \"phase:2,deny,log\""
- elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""
- elog ""
- elog "Starting from version 2.1.2 rules are installed, for consistency, under"
- elog "/etc/modsecurity, and can be configured with the following file:"
- elog " /etc/apache2/modules.d/80_${PN}.conf"
- elog ""
-}
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2018-10-31 18:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-10-31 18:34 [gentoo-commits] repo/gentoo:master commit in: www-apache/modsecurity-crs/, www-apache/modsecurity-crs/files/ Pacho Ramos
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox