ports/124828: [new port] www/mod_security
Marcelo Araujo <araujo@FreeBSD.org>
araujo at FreeBSD.org
Sat Jun 21 13:00:16 UTC 2008
>Number: 124828
>Category: ports
>Synopsis: [new port] www/mod_security
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Jun 21 13:00:16 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Marcelo Araujo <araujo at FreeBSD.org>
>Release: FreeBSD 7.0-STABLE amd64
>Organization:
FreeBSD
>Environment:
System: FreeBSD 7.0-STABLE #3: Sun Jun 15 11:46:24 BRT 2008
araujo at ponderosa.intelbras.com.br:/usr/obj/usr/src/sys/PONDEROSA
>Description:
It's a new version of mod_security called up as mod_security-2.5.5.
>How-To-Repeat:
>Fix:
--- mod_security25.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# mod_security25/
# mod_security25/files
# mod_security25/files/mod_security2.conf.in
# mod_security25/files/pkg-message.rules.in
# mod_security25/Makefile
# mod_security25/distinfo
# mod_security25/pkg-descr
#
echo c - mod_security25/
mkdir -p mod_security25/ > /dev/null 2>&1
echo c - mod_security25/files
mkdir -p mod_security25/files > /dev/null 2>&1
echo x - mod_security25/files/mod_security2.conf.in
sed 's/^X//' >mod_security25/files/mod_security2.conf.in << 'END-of-mod_security25/files/mod_security2.conf.in'
X<IfModule security2_module>
X Include %%APACHEETCDIR%%/Includes/mod_security2/*.conf
X</IfModule>
END-of-mod_security25/files/mod_security2.conf.in
echo x - mod_security25/files/pkg-message.rules.in
sed 's/^X//' >mod_security25/files/pkg-message.rules.in << 'END-of-mod_security25/files/pkg-message.rules.in'
X
XThe modsecurity 2 Core Rules have been installed in
X
X %%PREFIX%%/%%APACHEETCDIR%%/Includes/mod_security2/
X
Xand run in "DetectionOnly" mode as not to disturb operatings.
X
XPlease read http://www.modsecurity.org/projects/rules/index.html
X
XModSecurity requires mod_unique_id to be actived.
XThis line must be present in your apache configuration file.
X
XLoadModule unique_id_module libexec/apache22/mod_unique_id.so
X
XYou must add the following to your Apache configuration file for
Xactivate mod_security:
X
XLoadModule security2_module libexec/apache22/mod_security2.so
X
XLogging is done to /var/log/httpd-modsec2*.log
END-of-mod_security25/files/pkg-message.rules.in
echo x - mod_security25/Makefile
sed 's/^X//' >mod_security25/Makefile << 'END-of-mod_security25/Makefile'
X# New ports collection makefile for: mod_security2
X# Date created: 9 November 2006
X# Whom: Dominic Mitchell <dom at happygiraffe.net>
X#
X# $FreeBSD: ports/www/mod_security2/Makefile,v 1.15 2008/04/11 14:33:37 araujo Exp $
X#
X
XPORTNAME= mod_security2
XPORTVERSION= 2.5.5
XCATEGORIES= www security
XMASTER_SITES= http://www.modsecurity.org/download/
XDISTNAME= ${PORTNAME:S/_//:S/2//}-apache_${PORTVERSION}
X
XMAINTAINER= araujo at FreeBSD.org
XCOMMENT= An intrusion detection and prevention engine
X
XLIB_DEPENDS+= pcre.0:${PORTSDIR}/devel/pcre \
X apr-1.2:${PORTSDIR}/devel/apr
X
XUSE_APACHE= 2.0+
XGNU_CONFIGURE= yes
XAP_GENPLIST= yes
XAP_EXTRAS+= -DWITH_LIBXML2
XAP_INC= ${LOCALBASE}/include/libxml2
XAP_LIB= ${LOCALBASE}/lib
XUSE_GNOME= libxml2
XMODULENAME= mod_security2
XWRKSRCTOP= ${WRKDIR}/${DISTNAME}
XWRKSRC= ${WRKSRCTOP}/apache2
XSRC_FILE= *.c
XPORTDOCS= *
XDOCS= CHANGES LICENSE README.TXT modsecurity.conf-minimal
XDOCSDIR= ${PREFIX}/share/doc/${MODULENAME}
XSUB_FILES+= mod_security2.conf
XSUB_LIST+= APACHEETCDIR="${APACHEETCDIR}"
XPLIST_FILES+= ${APACHEMODDIR}/mod_security2.so
X
X.if !defined(SKIP_RULES)
XSUB_FILES+= pkg-message.rules
X
XPLIST_DIRS+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules
XPLIST_DIRS+= ${APACHEETCDIR}/Includes/mod_security2
X
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/CHANGELOG
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/LICENSE
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/README
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_23_request_limits.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_10_config.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_20_protocol_violations.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_21_protocol_anomalies.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_30_http_policy.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_35_bad_robots.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_40_generic_attacks.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_45_trojans.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_50_outbound.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_20_protocol_violations.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_21_protocol_anomalies.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_40_generic_attacks.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_42_comment_spam.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_42_tight_security.conf
XPLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_55_marketing.conf
X
X.endif
X
XREINPLACE_ARGS= -i ""
X
Xpost-patch:
X @${REINPLACE_CMD} -e '\
X s|SecRuleEngine On|SecRuleEngine DetectionOnly|; \
X s|SecAuditLog.*logs/modsec_audit.log|SecAuditLog /var/log/httpd-modsec2_audit.log|; \
X s|SecDebugLog.*logs/modsec_debug.log|SecDebugLog /var/log/httpd-modsec2_debug.log|; \
X s|SecServerSignature "Apache/2.2.0 (Fedora)"|SecServerSignature "Apache/${APACHE_VERSION:C/[0-9]/\0./g}x (${OPSYS})"|; \
X ' ${WRKSRCTOP}/rules/modsecurity_crs_10_config.conf
X
Xpost-install:
X.if !defined(NOPORTDOCS)
X @${MKDIR} ${DOCSDIR}
X @(cd ${WRKSRCTOP} && ${COPYTREE_SHARE} "doc rules" ${DOCSDIR}/)
X.endif
X.if !defined(SKIP_RULES)
X @${INSTALL_DATA} ${WRKDIR}/mod_security2.conf ${PREFIX}/${APACHEETCDIR}/Includes/
X @cd ${WRKSRCTOP} && ${PAX} -rw -pe -s +rules+mod_security2+ rules ${PREFIX}/${APACHEETCDIR}/Includes
X @${CAT} ${PKGMESSAGE}
X.endif
X
X.include <bsd.port.mk>
END-of-mod_security25/Makefile
echo x - mod_security25/distinfo
sed 's/^X//' >mod_security25/distinfo << 'END-of-mod_security25/distinfo'
XMD5 (modsecurity-apache_2.5.5.tar.gz) = 8bd027fe079ff2516e3c722a3be6cd4c
XSHA256 (modsecurity-apache_2.5.5.tar.gz) = 626909c8408e2fd9e387f592f49e9d2c6501513b4cdc18dd89a8e9f3e124d959
XSIZE (modsecurity-apache_2.5.5.tar.gz) = 1073723
END-of-mod_security25/distinfo
echo x - mod_security25/pkg-descr
sed 's/^X//' >mod_security25/pkg-descr << 'END-of-mod_security25/pkg-descr'
XModSecurity is an embeddable web application firewall. It provides
Xprotection from a range of attacks against web applications and allows
Xfor HTTP traffic monitoring and real-time analysis with no changes to
Xexisting infrastructure.
X
XIt is also an open source project that aims to make the web application
Xfirewall technology available to everyone.
X
XWWW: http://www.modsecurity.org/
END-of-mod_security25/pkg-descr
exit
--- mod_security25.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list