diff options
Diffstat (limited to 'www-apache')
| -rw-r--r-- | www-apache/Manifest.gz | bin | 8908 -> 8899 bytes | |||
| -rw-r--r-- | www-apache/mod_security/Manifest | 2 | ||||
| -rw-r--r-- | www-apache/mod_security/mod_security-2.7.7.ebuild | 96 | ||||
| -rw-r--r-- | www-apache/modsecurity-crs/Manifest | 4 | ||||
| -rw-r--r-- | www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild | 134 | ||||
| -rw-r--r-- | www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild | 138 |
6 files changed, 0 insertions, 374 deletions
diff --git a/www-apache/Manifest.gz b/www-apache/Manifest.gz Binary files differindex 61b94ce7a95e..b9d55c6dba15 100644 --- a/www-apache/Manifest.gz +++ b/www-apache/Manifest.gz diff --git a/www-apache/mod_security/Manifest b/www-apache/mod_security/Manifest index 1301332da185..0addb9264676 100644 --- a/www-apache/mod_security/Manifest +++ b/www-apache/mod_security/Manifest @@ -1,7 +1,5 @@ AUX 79_mod_security.conf 729 BLAKE2B 5a415b7890a6d9553ec6e974825adad596a8f6d5c3b9ca0b7b9c4b2c3a788838d272343037d91cf94e8195510e7e395fc07d6a2ef2c6647695470714a79a7875 SHA512 2b99b28b58795dd45a76046609e7a4a6958ebd28c28c288cb7b732ec99191e218e6dd838a3c288220f267ad8c3b6004d1d6c6addac8df8be4c568a9f2fb54a92 AUX modsecurity-2.7.conf 394 BLAKE2B c9d55e8b4419e5b54a364e03dd02e9d0e5609954d1538c77baa33e0abc46110fa8aaf3207490a80a2fedc13d42558632703ee4552ebbaa99d67d929720008dd2 SHA512 ab8c1ee6372249613f853654f115102c7951ea021f47389510bca6c5d1226e7aa9d90bb47649cf4ca62b8d8f926eba9f5c0b02321851ec2e8452de70dd4c1839 DIST modsecurity-2.9.1.tar.gz 4261212 BLAKE2B c47c7934d8da870e629c5733cc8c37452e4d90351269a14b99483188e8e3161891bd63bfd70e0723648c8daf51f1c33d900bd90ab0157332f826eab772f09f62 SHA512 374733cbfc26e53d95b78c8f268a4e465d838163e9893fc24e33a9d272b114f1b287147bab6d0289575074cbbd94f48983e23fa59832cbcb32950046cea59269 -DIST modsecurity-apache_2.7.7.tar.gz 1003835 BLAKE2B b36370e67945928df1948adcacb2303f80b461eb48409b2bda6b8013620e0dd977bec6a0c5d3c3cc098479f5c231c558fb7462b6300b4552ad65064f8ce1fb8d SHA512 859f72580b6acaae5db180f98ee32ad2cb0f3ef24321d0c2df20ddd9fcfbc6c09c98b672012dc4931a6fd14f3c21c38ed31ab8900940382fcb48b37f30005a7d -EBUILD mod_security-2.7.7.ebuild 2400 BLAKE2B c2332486bf76795fa8340c257b6b87c034a5208e8a91d89149f62bcdbe2eccba667ad4e65c889252af58061865fa09eb89944ed886eef1694f79726201f8e5c6 SHA512 66bc689874fd34b924ef902c72844e0e66f2faa3afac637e40cd8b8ff4c46a6f7ce3867c5892fd2126827b82cfd5d6694bd14fbb3d0acee1be6fa3784c52ea8b EBUILD mod_security-2.9.1-r1.ebuild 2768 BLAKE2B a278a8138efb52c23378fc561adcb2e72345bf63d5c628f11e7c2ecf641ce16dcc5d9d018a7fdfd78f95e03783f8700062ab3fc8e78f1ed41ea3a53bb93fbec1 SHA512 09a1dacfa56d0c188976312a0d4786ee712dfba38ca2d280f96945c308d6f2cae54c014edbc6f5c9ea82bb233fba2bca368a3e7c1123bfa9032ca00666f113e8 MISC metadata.xml 982 BLAKE2B f65a4592e166d75885dd1f2c9a9de79a4f3cb44be079c38300f65f3ffad9eccad8f87695ba665a175b3a38cd249aeb7875dc16884218b735e51b13812b7be3ea SHA512 a2a0c01efa1c1bf5193c0d41df0fd03f915bf53ffa51205d32cc76b633d1707a832b0177b0fc09dd88ea7e44b53caa1c03820c2e0934ced2411862674332a293 diff --git a/www-apache/mod_security/mod_security-2.7.7.ebuild b/www-apache/mod_security/mod_security-2.7.7.ebuild deleted file mode 100644 index 80d37c079687..000000000000 --- a/www-apache/mod_security/mod_security-2.7.7.ebuild +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=4 - -inherit apache-module - -MY_PN=modsecurity-apache -MY_PV=${PV/_rc/-rc} -MY_P=${MY_PN}_${MY_PV} - -DESCRIPTION="Web application firewall and Intrusion Detection System for Apache" -HOMEPAGE="http://www.modsecurity.org/" -SRC_URI="http://www.modsecurity.org/tarball/${PV}/${MY_P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 ppc sparc x86" -IUSE="geoip curl lua jit" - -DEPEND=">=dev-libs/libxml2-2.7.8 - dev-libs/libpcre[jit?] - lua? ( >=dev-lang/lua-5.1 ) - curl? ( >=net-misc/curl-7.15.1 ) - www-servers/apache[apache2_modules_unique_id]" -RDEPEND="${DEPEND} - geoip? ( dev-libs/geoip )" -PDEPEND=">=www-apache/modsecurity-crs-2.2.6-r1" - -S="${WORKDIR}/${MY_P}" - -APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" -APACHE2_MOD_DEFINE="SECURITY" - -# Tests require symbols only defined within the Apache binary. -RESTRICT=test - -need_apache2 - -src_prepare() { - cp "${FILESDIR}"/modsecurity-2.7.conf "${T}"/79_modsecurity.conf || die -} - -src_configure() { - econf \ - --enable-shared --disable-static \ - --with-apxs="${APXS}" \ - --enable-request-early \ - $(use_enable curl mlogc) \ - $(use_with lua) \ - $(use_enable jit pcre-jit) -} - -src_compile() { - if ! use geoip; then - sed -i -e '/SecGeoLookupDb/s:^:#:' \ - "${T}"/79_modsecurity.conf || die - fi - - emake -} - -src_test() { - emake check -} - -src_install() { - apache-module_src_install - - # install manually rather than by using the APACHE2_MOD_CONF - # variable since we have to edit it to set things up properly. - insinto "${APACHE_MODULES_CONFDIR}" - doins "${T}"/79_modsecurity.conf - - dodoc CHANGES NOTICE README.TXT README_WINDOWS.TXT - - dohtml -r doc/* - - keepdir /var/cache/modsecurity - fowners apache:apache /var/cache/modsecurity - fperms 0770 /var/cache/modsecurity -} - -pkg_postinst() { - if [[ -f "${ROOT}"/etc/apache/modules.d/99_mod_security.conf ]]; then - ewarn "You still have the configuration file 99_mod_security.conf." - ewarn "Please make sure to remove that and keep only 79_modsecurity.conf." - ewarn "" - fi - elog "The base configuration file has been renamed 79_modsecurity.conf" - elog "so that you can put your own configuration as 90_modsecurity_local.conf or" - elog "equivalent." - elog "" - elog "That would be the correct place for site-global security rules." - elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs" -} diff --git a/www-apache/modsecurity-crs/Manifest b/www-apache/modsecurity-crs/Manifest index 012d91ae017d..6ea2618bc27b 100644 --- a/www-apache/modsecurity-crs/Manifest +++ b/www-apache/modsecurity-crs/Manifest @@ -1,8 +1,4 @@ AUX 80_mod_security-crs.conf 289 BLAKE2B 441b2f4d46e62ff24886b94dc933b08de8693ad7198cc855a8b0c322ba045e6409b7d3b7b2e2fdc0bd412ee9fdd3761987d59f405de5a84d5e8c96d2dd14ab76 SHA512 e5b86164a68e15d67a294688c993799fca10928c1265cee04555becfb17fb516314471d8c4eaea1205ac1703890cedb4647d93ce75b0a2a1ab9a401a495465dc -DIST modsecurity-crs-2.2.7.tar.gz 294137 BLAKE2B 399c72d5c52f2914e8f92c813b6ac346bbd2858d34b61ff4845dbbc7671ff7ffa906b43e2d8e3283a5f30b2fec59395b81239c121c953d51d736b009bc86f4bb SHA512 d0d3dac1b391c8ab730cc16546c9508d93c85dd674b2750d12fff99c17e5575b36bea0cf00e06fdd20c2db5dfdbdc3fd7bbaa26502988617632acfde1ee88927 -DIST modsecurity-crs-2.2.9.tar.gz 279898 BLAKE2B 75e9c5c9fb0fdf3957b17926b923d1d26b44677fc30556bf58d0b44d73918f7f65052714a7c67c53fc312f81a28422025303674f934f085929e8f4b9ea9fc063 SHA512 fc95cfff9d4ba9a4478c704e5d16e4054e514eb3ffb6343706840aad76607f997b4cc4b8b148adc5cb83743ea7996328d35b8556115de29d6a0e034b67591a09 DIST modsecurity-crs-3.0.2.tar.gz 156751 BLAKE2B 111a330b6081d476899be321e15d74379b3c3db23f429a4a4ef1900c87e4b29229638acf3bb367745446ef97ccba4679db91b0d84bae93f2c127bbb6e8031851 SHA512 ae8fe9a0f00a57708c8680cb76882214e4f5ff647e13087aaf1bfc7382cefb38d2f3a88eb1f210031b553f56d3e44c12dbdc68f8b0d09fb4a9e2f15a70d885aa -EBUILD modsecurity-crs-2.2.7.ebuild 4130 BLAKE2B 891afb7917e10f74674c039725c393129ab6bf7be717dd517794566dc06f1ac917dc8421ccfb5af866077ff256fa78f75ddb80840e969f3088a53b002b14ce27 SHA512 21ae265889535b3dd18b0adec162f744425da149f58c4ab0ebfb245bd02d8e21abe0cbc21f14a587f9e619b3a5d10fd027deb3a71815ecf383e473fc4634dc6b -EBUILD modsecurity-crs-2.2.9.ebuild 4221 BLAKE2B 0270d493848b9ab2a72938bda4fec4a7fb43ffed160c91100eabb98c52a48d4c6aac19443995a0edd460185837eee250936b6aa17ae41024bbfe69fe828d2d4d SHA512 aa2bceb00dc5d61b560d61e21b217ecae63661080e902a1519fb9644cc50a3ba113cb3a86293accb6de7288ef72be4f1bb5b45b78f58ce97504293de44506003 EBUILD modsecurity-crs-3.0.2.ebuild 1557 BLAKE2B 975e0ecabdfc9d9158a8f6f8284175a096cfe6c8666da074466d48a9c7d81d467fa08ed7b449bf232712e3cc4c6830b66fc15fb62f9b04189a6af5da7f6ba23f SHA512 6d50e03a2cd5a616a90e4c0a2814c4d58bfc68109ca1341a4da189463626922a6fbc7db7892f9184b147a896d585817fd778eea84fcab7ca62a95c1ec3beded2 MISC metadata.xml 240 BLAKE2B 9ac73447401500c93e9ab7fce069726f63e07989f48154f4c99346e7913696e53d2451b08ea9fe4c72af28c43e13091599d84c70979e3cb504e301ac785d37a0 SHA512 f387811090c36052ca6dfd48c20af460ebb892738ecd449a5a213ecf7313dfc1cc6eb118e4d28ec24e26078995c4d291784f26b6afc1f822cf83ca5482bd7310 diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild deleted file mode 100644 index c96ed6be8961..000000000000 --- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild +++ /dev/null @@ -1,134 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -GITHUB_USER=SpiderLabs -GITHUB_PROJECT=owasp-${PN} - -DESCRIPTION="Core Rule Set for ModSecurity" -HOMEPAGE=" - https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project - https://modsecurity.org/crs/ - https://coreruleset.org/" -SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 ppc sparc x86" -IUSE="lua geoip" - -RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]" -DEPEND="" - -S="${WORKDIR}/${GITHUB_PROJECT}-${PV}" - -RULESDIR=/etc/modsecurity -LUADIR=/usr/share/${PN}/lua - -src_prepare() { - if ! use lua; then - # comment out this since it's in the same file as another one we want to keep - sed -i -e "/id:'96000[456]'/s:^:#:" \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - - # remove these that rely on the presence of the lua files - rm \ - experimental_rules/modsecurity_crs_16_scanner_integration.conf \ - experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \ - experimental_rules/modsecurity_crs_41_advanced_filters.conf \ - experimental_rules/modsecurity_crs_55_response_profiling.conf \ - experimental_rules/modsecurity_crs_56_pvi_checks.conf \ - || die - else - # fix up the path to the scripts; there seems to be no - # consistency at all on how the rules are loaded. - sed -i \ - -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ - -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \ - -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \ - -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \ - -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ - -e "s:\.\./lua/:${LUADIR}/:" \ - *_rules/*.conf || die - - # fix up the shebang on the scripts - sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \ - lua/*.lua || die - fi - - sed -i \ - -e '/SecGeoLookupDb/s:^:#:' \ - -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - - if ! use geoip; then - if use lua; then - # only comment this out as the file is going to be used for other things - sed -i -e "/id:'960007'/,+1 s:^:#:" \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - else - rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - fi - fi -} - -src_install() { - insinto "${RULESDIR}" - # slr_rules as of 2.2.6 have broken IDs that don't work with - # ModSecurity 2.7, but the rules require 2.7 to begin with. - doins -r base_rules optional_rules experimental_rules #slr_rules - - insinto "${LUADIR}" - doins lua/*.lua - - dodoc CHANGELOG README.md - - ( - cat - <<EOF -<IfDefine SECURITY> -EOF - - cat modsecurity_crs_10_setup.conf.example - - cat - <<EOF - -Include /etc/modsecurity/base_rules/*.conf - -# Include Trustwave SpiderLabs Research Team rules -# Include /etc/modsecurity/slr_rules/*.conf -# Not installed yet as of 2.2.6 - -# Optionally use the other rules as well -# Include /etc/modsecurity/optional_rules/*.conf -# Include /etc/modsecurity/experimental_rules/*.conf -</IfDefine> - -# -*- apache -*- -# vim: ts=4 filetype=apache - -EOF - ) > "${T}"/"80_${PN}.conf" - - insinto /etc/apache2/modules.d/ - doins "${T}"/"80_${PN}.conf" -} - -pkg_postinst() { - elog - elog "If you want to enable further rules, check the following directories:" - elog " ${RULESDIR}/optional_rules" - elog " ${RULESDIR}/experimental_rules" - elog "" - elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" - elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" - elog "should change 80_${PN}.conf so that you have these settings enabled:" - elog "" - elog " #SecDefaultAction \"phase:2,deny,log\"" - elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" - elog "" - elog "Starting from version 2.1.2 rules are installed, for consistency, under" - elog "/etc/modsecurity, and can be configured with the following file:" - elog " /etc/apache2/modules.d/80_${PN}.conf" - elog "" -} diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild deleted file mode 100644 index 57f9f9b03911..000000000000 --- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild +++ /dev/null @@ -1,138 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -GITHUB_USER=SpiderLabs -GITHUB_PROJECT=owasp-${PN} - -DESCRIPTION="Core Rule Set for ModSecurity" -HOMEPAGE=" - https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project - https://modsecurity.org/crs/ - https://coreruleset.org/" -SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="~amd64 ~ppc ~sparc ~x86" -IUSE="lua geoip" - -RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]" -DEPEND="" - -S="${WORKDIR}/${GITHUB_PROJECT}-${PV}" - -RULESDIR=/etc/modsecurity -LUADIR=/usr/share/${PN}/lua - -src_prepare() { - if ! use lua; then - # comment out this since it's in the same file as another one we want to keep - sed -i -e "/id:'900036'/s:^:#:" \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - - # remove these that rely on the presence of the lua files - rm \ - experimental_rules/modsecurity_crs_16_scanner_integration.conf \ - experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf \ - experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \ - experimental_rules/modsecurity_crs_48_bayes_analysis.conf \ - experimental_rules/modsecurity_crs_55_response_profiling.conf \ - experimental_rules/modsecurity_crs_56_pvi_checks.conf \ - || die - else - # fix up the path to the scripts; there seems to be no - # consistency at all on how the rules are loaded. - sed -i \ - -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ - -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \ - -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \ - -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \ - -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ - -e "s:\.\./lua/:${LUADIR}/:" \ - *_rules/*.conf || die - - # fix up the shebang on the scripts - sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \ - lua/*.lua || die - fi - - sed -i \ - -e '/SecGeoLookupDb/s:^:#:' \ - -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf \ - experimental_rules/modsecurity_crs_11_proxy_abuse.conf || die - - if ! use geoip; then - rm experimental_rules/modsecurity_crs_11_proxy_abuse.conf - - if use lua; then - # only comment this out as the file is going to be used for other things - sed -i -e "/id:'900039'/,+1 s:^:#:" \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - else - rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - fi - fi - - eapply_user -} - -src_install() { - insinto "${RULESDIR}" - doins -r base_rules optional_rules experimental_rules slr_rules - - insinto "${LUADIR}" - doins lua/*.lua - - dodoc CHANGES README.md - - ( - cat - <<EOF -<IfDefine SECURITY> -EOF - - cat modsecurity_crs_10_setup.conf.example - - cat - <<EOF - -Include /etc/modsecurity/base_rules/*.conf - -# Include Trustwave SpiderLabs Research Team rules -# Include /etc/modsecurity/slr_rules/*.conf -# Not installed yet as of 2.2.6 - -# Optionally use the other rules as well -# Include /etc/modsecurity/optional_rules/*.conf -# Include /etc/modsecurity/experimental_rules/*.conf -</IfDefine> - -# -*- apache -*- -# vim: ts=4 filetype=apache - -EOF - ) > "${T}"/"80_${PN}.conf" - - insinto /etc/apache2/modules.d/ - doins "${T}"/"80_${PN}.conf" -} - -pkg_postinst() { - elog - elog "If you want to enable further rules, check the following directories:" - elog " ${RULESDIR}/optional_rules" - elog " ${RULESDIR}/experimental_rules" - elog "" - elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" - elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" - elog "should change 80_${PN}.conf so that you have these settings enabled:" - elog "" - elog " #SecDefaultAction \"phase:2,deny,log\"" - elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" - elog "" - elog "Starting from version 2.1.2 rules are installed, for consistency, under" - elog "/etc/modsecurity, and can be configured with the following file:" - elog " /etc/apache2/modules.d/80_${PN}.conf" - elog "" -} |