[gentoo-commits] gentoo-x86 commit in www-apache/modsecurity-crs: modsecurity-crs-2.2.6-r1.ebuild ChangeLog modsecurity-crs-2.2.6.ebuild

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] gentoo-x86 commit in www-apache/modsecurity-crs: modsecurity-crs-2.2.6-r1.ebuild ChangeLog modsecurity-crs-2.2.6.ebuild
@ 2012-10-17 19:24 Diego Petteno (flameeyes)
  0 siblings, 0 replies; only message in thread
From: Diego Petteno (flameeyes) @ 2012-10-17 19:24 UTC (permalink / raw
  To: gentoo-commits

flameeyes    12/10/17 19:24:56

  Modified:             ChangeLog
  Added:                modsecurity-crs-2.2.6-r1.ebuild
  Removed:              modsecurity-crs-2.2.6.ebuild
  Log:
  Remove srl_rules as they are currently broken with ModSec 2.7. Thanks to Clemente Aguiar in bug #436982 for reporting.
  
  (Portage version: 2.2.0_alpha137/cvs/Linux x86_64)

Revision  Changes    Path
1.30                 www-apache/modsecurity-crs/ChangeLog

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.30&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?rev=1.30&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/ChangeLog?r1=1.29&r2=1.30

Index: ChangeLog
===================================================================
RCS file: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- ChangeLog	30 Sep 2012 18:02:09 -0000	1.29
+++ ChangeLog	17 Oct 2012 19:24:56 -0000	1.30
@@ -1,6 +1,13 @@
 # ChangeLog for www-apache/modsecurity-crs
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.29 2012/09/30 18:02:09 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.30 2012/10/17 19:24:56 flameeyes Exp $
+
+*modsecurity-crs-2.2.6-r1 (17 Oct 2012)
+
+  17 Oct 2012; Diego E. Pettenò <flameeyes@gentoo.org>
+  +modsecurity-crs-2.2.6-r1.ebuild, -modsecurity-crs-2.2.6.ebuild:
+  Remove srl_rules as they are currently broken with ModSec 2.7. Thanks to
+  Clemente Aguiar in bug #436982 for reporting.
 
   30 Sep 2012; Diego E. Pettenò <flameeyes@gentoo.org>
   modsecurity-crs-2.2.6.ebuild:



1.1                  www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild?rev=1.1&content-type=text/plain

Index: modsecurity-crs-2.2.6-r1.ebuild
===================================================================
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild,v 1.1 2012/10/17 19:24:56 flameeyes Exp $

EAPI=4

GITHUB_USER=SpiderLabs
GITHUB_PROJECT=owasp-${PN}

DESCRIPTION="Core Rule Set for ModSecurity"
HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project"
SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/tarball/v${PV} -> ${P}.tar.gz"

LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~ppc ~sparc ~x86"
IUSE="lua geoip"

RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]"
DEPEND=""

S="${WORKDIR}/${P}"

RULESDIR=/etc/modsecurity
LUADIR=/usr/share/${PN}/lua

src_unpack() {
	default
	mv "${WORKDIR}/${GITHUB_USER}-${GITHUB_PROJECT}-"* "${P}" || die
}

src_prepare() {
	if ! use lua; then
		# comment out this since it's in the same file as another one we want to keep
		sed -i -e "/id:'96000[456]'/s:^:#:" \
			experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

		# remove these that rely on the presence of the lua files
		rm \
			experimental_rules/modsecurity_crs_16_scanner_integration.conf \
			experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \
			experimental_rules/modsecurity_crs_41_advanced_filters.conf \
			experimental_rules/modsecurity_crs_55_response_profiling.conf \
			experimental_rules/modsecurity_crs_56_pvi_checks.conf \
			|| die
	else
		# fix up the path to the scripts; there seems to be no
		# consistency at all on how the rules are loaded.
		sed -i \
			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
			-e "s:profile_page_scripts.lua:${LUADIR}/\0:" \
			-e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \
			-e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \
			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
			-e "s:\.\./lua/:${LUADIR}/:" \
			*_rules/*.conf || die

		# fix up the shebang on the scripts
		sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \
			lua/*.lua || die
	fi

	sed -i \
		-e '/SecGeoLookupDb/s:^:#:' \
		-e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \
		experimental_rules/modsecurity_crs_61_ip_forensics.conf || die

	if ! use geoip; then
		if use lua; then
			# only comment this out as the file is going to be used for other things
			sed -i -e "/id:'960007'/,+1 s:^:#:" \
				experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
		else
			rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
		fi
	fi
}

src_install() {
	insinto "${RULESDIR}"
	# slr_rules as of 2.2.6 have broken IDs that don't work with
	# ModSecurity 2.7, but the rules require 2.7 to begin with.
	doins -r base_rules optional_rules experimental_rules #slr_rules

	insinto "${LUADIR}"
	doins lua/*.lua

	dodoc CHANGELOG README.md

	(
		cat - <<EOF
<IfDefine SECURITY>
EOF

		cat modsecurity_crs_10_setup.conf.example

		cat - <<EOF

Include /etc/modsecurity/base_rules/*.conf

# Include Trustwave SpiderLabs Research Team rules
# Include /etc/modsecurity/slr_rules/*.conf
# Not installed yet as of 2.2.6

# Optionally use the other rules as well
# Include /etc/modsecurity/optional_rules/*.conf
# Include /etc/modsecurity/experimental_rules/*.conf
</IfDefine>

# -*- apache -*-
# vim: ts=4 filetype=apache

EOF
	) > "${T}"/"80_${PN}.conf"

	insinto /etc/apache2/modules.d/
	doins "${T}"/"80_${PN}.conf"
}

pkg_postinst() {
	elog
	elog "If you want to enable further rules, check the following directories:"
	elog "	${RULESDIR}/optional_rules"
	elog "	${RULESDIR}/experimental_rules"
	elog ""
	elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"
	elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"
	elog "should change 80_${PN}.conf so that you have these settings enabled:"
	elog ""
	elog "    #SecDefaultAction \"phase:2,deny,log\""
	elog "    SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""
	elog ""
	elog "Starting from version 2.1.2 rules are installed, for consistency, under"
	elog "/etc/modsecurity, and can be configured with the following file:"
	elog "  /etc/apache2/modules.d/80_${PN}.conf"
	elog ""
}





^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2012-10-17 19:25 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-17 19:24 [gentoo-commits] gentoo-x86 commit in www-apache/modsecurity-crs: modsecurity-crs-2.2.6-r1.ebuild ChangeLog modsecurity-crs-2.2.6.ebuild Diego Petteno (flameeyes)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox