Added WAF

This commit is contained in:
Gerben Jan Dijkman 2023-08-13 00:22:25 +02:00
parent 2d9105d8bd
commit 0e76c757a5
5 changed files with 178 additions and 0 deletions

View File

@ -0,0 +1,2 @@
DIST modsecurity-2.9.6.tar.gz 4316582 BLAKE2B f344f8630218c401a3b0eb0de9f5f23d9d1f9f65bf5c4cff2d8d0ea3ebd27cf0202ce2199b1c6d923237ee49a3b151cce46a8de3563fa743cf119c8c25270af3 SHA512 54b3316950094b3951fcfdd82bbacd34dfa8f5500b9a772d3296f411711bad0dcad51068b25cb2c196fdc4b2e1095d54701370d25180c0c68cf0913bd7d4ea03
DIST modsecurity-2.9.7.tar.gz 4320766 BLAKE2B 2e0c62ae4f6fcef0b41bf1f74ab5acbae485e728f35bf621a96e622d86e2256c7e052d3a452ff49a4c4cb824243e71a706f9a5868bb3f77e37191a1dfe1b371b SHA512 a333d142f0dedf332a3cccca8267ccf9193cd4ad5a026b3cdbe0713dd1f3edde33739eae8baced2c63409cc0b220001e0a226ea032874a97c08e4065eb1fbdd5

View File

@ -0,0 +1,19 @@
<IfDefine SECURITY>
LoadModule security2_module modules/mod_security2.so
# These paths are Gentoo-specific, created by the ebuild.
SecDataDir /var/lib/modsecurity/data
SecTmpDir /var/lib/modsecurity/tmp
SecUploadDir /var/lib/modsecurity/upload
# A copy of upstream's modsecurity.conf-recommended is installed
# along with the documentation for mod_security. It contains many
# recommended settings that you should evaluate for your system.
# The full documentation for the available settings can be found
# in the mod_security reference manual, at
#
# https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual
#
# and in particular in the "Configuration Directives" setting.
#
</IfDefine>

View File

@ -0,0 +1,11 @@
--- a/build/find_lua.m4
+++ b/build/find_lua.m4
@@ -16,7 +16,7 @@
LUA_LDADD=""
LUA_LDFLAGS=""
LUA_CONFIG=${PKG_CONFIG}
-LUA_PKGNAMES="lua5.1 lua-5.1 lua_5.1 lua-51 lua_51 lua51 lua5 lua lua5.2 lua-5.2 lua_5.2 lua-52 lua_52 lua52 lua5.3 lua-5.3 lua_5.3 lua-53 lua_53 lua53 "
+LUA_PKGNAMES="lua "
LUA_SONAMES="so la sl dll dylib a"
AC_ARG_WITH(

View File

@ -0,0 +1,15 @@
<IfDefine SECURITY>
LoadModule security2_module modules/mod_security2.so
# Enable looking up geolocation data from MaxMind's GeoIP database
SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
SecDataDir /var/cache/modsecurity
# Define here your http:BL API key if any
# see http://www.projecthoneypot.org/httpbl_api.php
#SecHttpBlKey xxxxxxxx
</IfDefine>
# -*- apache -*-
# vim: ts=4 filetype=apache

View File

@ -0,0 +1,131 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
LUA_COMPAT=( lua5-{1..3} )
inherit autotools apache-module lua-single
MY_PN=modsecurity
MY_P=${MY_PN}-${PV}
DESCRIPTION="Application firewall and intrusion detection for Apache"
HOMEPAGE="https://github.com/SpiderLabs/ModSecurity"
SRC_URI="https://github.com/SpiderLabs/ModSecurity/releases/download/v${PV}/${MY_P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~x86 ~arm ~arm64"
IUSE="doc fuzzyhash geoip jit json lua mlogc pcre2"
REQUIRED_USE="lua? ( ${LUA_REQUIRED_USE} )"
DEPEND="dev-libs/apr:1=
dev-libs/apr-util:1[openssl]
dev-libs/expat
dev-libs/libxml2
dev-libs/libpcre[jit?]
net-misc/curl
sys-apps/util-linux
sys-libs/gdbm:=
virtual/libcrypt:=
fuzzyhash? ( app-crypt/ssdeep )
json? ( dev-libs/yajl )
lua? ( ${LUA_DEPS} )
mlogc? ( net-misc/curl )
pcre2? ( dev-libs/libpcre2:= )
www-servers/apache[apache2_modules_unique_id]"
BDEPEND="doc? ( app-doc/doxygen )"
RDEPEND="${DEPEND}
geoip? ( dev-libs/geoip )
mlogc? ( dev-lang/perl )"
PDEPEND=">=www-apache/modsecurity-crs-3.3.2"
S="${WORKDIR}/${MY_P}"
APACHE2_MOD_FILE="apache2/.libs/${PN}2.so"
APACHE2_MOD_CONF="79_${PN}"
APACHE2_MOD_DEFINE="SECURITY"
# Tests require symbols only defined within the Apache binary.
RESTRICT=test
PATCHES=(
"${FILESDIR}"/${PN}-2.9.3-autoconf_lua_package_name.patch
)
need_apache2
pkg_setup() {
_init_apache2
_init_apache2_late
use lua && lua-single_pkg_setup
}
src_prepare() {
default
eautoreconf
}
src_configure() {
local myconf=(
--disable-static
--enable-request-early
--with-apxs="${APXS}"
--with-pic
$(use_enable doc docs)
$(use_enable jit pcre-jit)
$(use_enable lua lua-cache)
$(use_enable mlogc)
$(use_with fuzzyhash ssdeep)
$(use_with json yajl)
$(use_with lua)
$(use_with pcre2)
)
econf ${myconf[@]}
}
src_compile() {
default
}
src_install() {
apache-module_src_install
dodoc CHANGES README.md modsecurity.conf-recommended unicode.mapping
if use doc; then
dodoc -r doc/apache/html
fi
if use mlogc; then
insinto /etc/
newins mlogc/mlogc-default.conf mlogc.conf
dobin mlogc/mlogc
dobin mlogc/mlogc-batch-load.pl
newdoc mlogc/INSTALL INSTALL-mlogc
fi
# Use /var/lib instead of /var/cache. This stuff is "persistent,"
# and isn't a cached copy of something that we can recreate.
# Bug 605496.
keepdir /var/lib/modsecurity
fowners apache:apache /var/lib/modsecurity
fperms 0750 /var/lib/modsecurity
for dir in data tmp upload; do
keepdir "/var/lib/modsecurity/${dir}"
fowners apache:apache "/var/lib/modsecurity/${dir}"
fperms 0750 "/var/lib/modsecurity/${dir}"
done
}
pkg_postinst() {
elog "The base configuration file has been renamed ${APACHE2_MOD_CONF}"
elog "so that you can put your own configuration in (for example)"
elog "90_modsecurity_local.conf."
elog ""
elog "That would be the correct place for site-global security rules."
elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs"
}