summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDiego Elio Pettenò <flameeyes@gentoo.org>2010-09-24 13:01:25 +0000
committerDiego Elio Pettenò <flameeyes@gentoo.org>2010-09-24 13:01:25 +0000
commit4bab42219eca52045bc6846b1ce748f3e419d0e4 (patch)
treeb819676cd2e0c61cadae5b6a59e5e5fc79af0cda /www-apache/modsecurity-crs
parentKeyworded for ~-linux and EPAI=3 (diff)
downloadgentoo-2-4bab42219eca52045bc6846b1ce748f3e419d0e4.tar.gz
gentoo-2-4bab42219eca52045bc6846b1ce748f3e419d0e4.tar.bz2
gentoo-2-4bab42219eca52045bc6846b1ce748f3e419d0e4.zip
Add an ebuild for the ModSecurity Core Rule Set split out of mod_security itself.
(Portage version: 2.2_rc86/cvs/Linux x86_64)
Diffstat (limited to 'www-apache/modsecurity-crs')
-rw-r--r--www-apache/modsecurity-crs/ChangeLog11
-rw-r--r--www-apache/modsecurity-crs/metadata.xml19
-rw-r--r--www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild61
3 files changed, 91 insertions, 0 deletions
diff --git a/www-apache/modsecurity-crs/ChangeLog b/www-apache/modsecurity-crs/ChangeLog
new file mode 100644
index 000000000000..85d84ca437b9
--- /dev/null
+++ b/www-apache/modsecurity-crs/ChangeLog
@@ -0,0 +1,11 @@
+# ChangeLog for www-apache/modsecurity-crs
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/ChangeLog,v 1.1 2010/09/24 13:01:25 flameeyes Exp $
+
+*modsecurity-crs-2.0.8 (24 Sep 2010)
+
+ 24 Sep 2010; Diego E. Pettenò <flameeyes@gentoo.org>
+ +modsecurity-crs-2.0.8.ebuild, +metadata.xml:
+ Add an ebuild for the ModSecurity Core Rule Set split out of mod_security
+ itself.
+
diff --git a/www-apache/modsecurity-crs/metadata.xml b/www-apache/modsecurity-crs/metadata.xml
new file mode 100644
index 000000000000..72bb6448ac19
--- /dev/null
+++ b/www-apache/modsecurity-crs/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>apache</herd>
+ <maintainer>
+ <email>flameeyes@gentoo.org</email>
+ <name>Diego E. Pettenò</name>
+ </maintainer>
+ <use>
+ <flag name="vanilla">
+ Provide the original ModSecurity Core Rule Set without
+ Gentoo-specific relaxation. When this flag is enabled, we
+ install the unadulterated Core Rule Set. Warning! The original
+ Core Rule Set is draconic and most likely will break your web
+ applications, including Rails-based web applications and
+ Bugzilla.
+ </flag>
+ </use>
+</pkgmetadata>
diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild
new file mode 100644
index 000000000000..7692b88ee69c
--- /dev/null
+++ b/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apache/modsecurity-crs/modsecurity-crs-2.0.8.ebuild,v 1.1 2010/09/24 13:01:25 flameeyes Exp $
+
+EAPI=2
+
+DESCRIPTION="Core Rule Set for ModSecurity"
+HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project"
+SRC_URI="mirror://sourceforge/mod-security/${PN}_${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="vanilla"
+
+RDEPEND=">=www-apache/mod_security-2.5.12-r1"
+DEPEND=""
+
+S="${WORKDIR}/${PN}_${PV}"
+
+RULESDIR=/etc/apache2/modules.d/mod_security
+
+src_install() {
+ insinto "${RULESDIR}" || die
+ doins *.conf base_rules/* || die
+
+ insinto "${RULESDIR}"/optional_rules
+ doins optional_rules/* || die
+
+ # These are not conditionals because they actually need to be
+ # moved for the rules to work — bug #329131
+ mv "${D}${RULESDIR}"/modsecurity_{46_et_sql_injection,46_et_web_rules,42_comment_spam}.data \
+ "${D}${RULESDIR}"/optional_rules || die
+
+ if ! use vanilla; then
+ mv "${D}${RULESDIR}"/modsecurity_*{41_phpids,50_outbound}* \
+ "${D}${RULESDIR}"/optional_rules || die
+ fi
+
+ dodoc CHANGELOG README || die
+}
+
+pkg_postinst() {
+ if ! use vanilla; then
+ elog "Please note that the Core Rule Set is quite draconic; to make it more usable,"
+ elog "the Gentoo distribution disables a few rule set files, that are relevant for"
+ elog "PHP-only websites or that would make it kill a website that discussed of source code."
+ elog
+ elog "Furthermore we disable the 'HTTP Parameter Pollution' tests that disallow"
+ elog "multiple parameters with the same name, because that's common practice both"
+ elog "for Rails-based web-applications and Bugzilla."
+ else
+ elog "You decided to enable the original Core Rule Set from ModSecurity."
+ elog "Be warned that the original Core Rule Set is draconic and most likely will"
+ elog "render your web application unusable if you don't disable at leat some of"
+ elog "the rules."
+ fi
+ elog
+ elog "If you want to enable further rules, check the following directory:"
+ elog " ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules"
+}