diff options
| author | araujo <araujo@FreeBSD.org> | 2008-06-25 08:41:42 +0800 |
|---|---|---|
| committer | araujo <araujo@FreeBSD.org> | 2008-06-25 08:41:42 +0800 |
| commit | 0fbece499ce154ba2ef8559fa92e5a527aafe1d6 (patch) | |
| tree | d77a6125286ab82494403bc8d8a8d487bdac1380 /www | |
| parent | 0493810c197db7864ac186f56206a5c4137ecadc (diff) | |
| download | freebsd-ports-gnome-0fbece499ce154ba2ef8559fa92e5a527aafe1d6.tar.gz freebsd-ports-gnome-0fbece499ce154ba2ef8559fa92e5a527aafe1d6.tar.zst freebsd-ports-gnome-0fbece499ce154ba2ef8559fa92e5a527aafe1d6.zip | |
- The branch 1.9 not is more supported, from now on mod_security receive a new series called 2.5.
x.
- Take maintainership.
Thanks to Alex Dupre which maintained this port by a long time.
PR: ports/124828, ports/124830
Submitted by: araujo (myself)
Approved by: Alex Dupre <ale@FreeBSD.org> (maintainer)
Thanks to: WIKTORZAK Cedric <cedric@synapse-interactive.fr>
Diffstat (limited to 'www')
| -rw-r--r-- | www/mod_security/Makefile | 87 | ||||
| -rw-r--r-- | www/mod_security/distinfo | 6 | ||||
| -rw-r--r-- | www/mod_security/files/mod_security2.conf.in | 3 | ||||
| -rw-r--r-- | www/mod_security/files/pkg-message.rules.in | 20 | ||||
| -rw-r--r-- | www/mod_security/pkg-descr | 14 | ||||
| -rw-r--r-- | www/mod_security/pkg-plist | 5 |
6 files changed, 98 insertions, 37 deletions
diff --git a/www/mod_security/Makefile b/www/mod_security/Makefile index 5b064ac18ebd..f6d225796b5c 100644 --- a/www/mod_security/Makefile +++ b/www/mod_security/Makefile @@ -1,44 +1,87 @@ # New ports collection makefile for: mod_security # Date created: 4 June 2003 -# Whom: Alex Dupre <sysadmin@alexdupre.com> +# Whom: Marcelo Araujo <araujo@FreeBSD.org> # # $FreeBSD$ # PORTNAME= mod_security -PORTVERSION= 1.9.4 +PORTVERSION= 2.5.5 CATEGORIES= www security MASTER_SITES= http://www.modsecurity.org/download/ -DISTNAME= ${PORTNAME:S/_//}-apache_${PORTVERSION} +DISTNAME= ${PORTNAME:S/_//:S/2//}-apache_${PORTVERSION} -MAINTAINER= ale@FreeBSD.org +MAINTAINER= araujo@FreeBSD.org COMMENT= An intrusion detection and prevention engine -USE_APACHE= 1.3+ +LIB_DEPENDS+= pcre.0:${PORTSDIR}/devel/pcre \ + apr-1.2:${PORTSDIR}/devel/apr -.include <bsd.port.pre.mk> +USE_APACHE= 2.0+ +GNU_CONFIGURE= yes +AP_GENPLIST= yes +AP_EXTRAS+= -DWITH_LIBXML2 +AP_INC= ${LOCALBASE}/include/libxml2 +AP_LIB= ${LOCALBASE}/lib +USE_GNOME= libxml2 +MODULENAME= mod_security2 +WRKSRCTOP= ${WRKDIR}/${DISTNAME} +WRKSRC= ${WRKSRCTOP}/apache2 +SRC_FILE= *.c +PORTDOCS= * +DOCS= CHANGES LICENSE README.TXT modsecurity.conf-minimal +DOCSDIR= ${PREFIX}/share/doc/${MODULENAME} +SUB_FILES+= mod_security2.conf +SUB_LIST+= APACHEETCDIR="${APACHEETCDIR}" +PLIST_FILES+= ${APACHEMODDIR}/mod_security2.so + +.if !defined(SKIP_RULES) +SUB_FILES+= pkg-message.rules + +PLIST_DIRS+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules +PLIST_DIRS+= ${APACHEETCDIR}/Includes/mod_security2 + +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/CHANGELOG +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/LICENSE +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/README +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_23_request_limits.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_10_config.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_20_protocol_violations.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_21_protocol_anomalies.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_30_http_policy.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_35_bad_robots.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_40_generic_attacks.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_45_trojans.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_50_outbound.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_20_protocol_violations.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_21_protocol_anomalies.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_40_generic_attacks.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_42_comment_spam.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_42_tight_security.conf +PLIST_FILES+= ${APACHEETCDIR}/Includes/mod_security2/optional_rules/modsecurity_crs_55_marketing.conf -.if ${APACHE_VERSION} > 13 -APWRKSRC?= ${WRKSRC}/apache2 -.else -APWRKSRC?= ${WRKSRC}/apache1 .endif -DOCS= CHANGES INSTALL LICENSE README doc/modsecurity-manual.pdf -PORTDOCS= * +REINPLACE_ARGS= -i "" -do-build: - @cd ${APWRKSRC} && ${APXS} -c ${MODULENAME}.c +post-patch: + @${REINPLACE_CMD} -e '\ + s|SecRuleEngine On|SecRuleEngine DetectionOnly|; \ + s|SecAuditLog.*logs/modsec_audit.log|SecAuditLog /var/log/httpd-modsec2_audit.log|; \ + s|SecDebugLog.*logs/modsec_debug.log|SecDebugLog /var/log/httpd-modsec2_debug.log|; \ + s|SecServerSignature "Apache/2.2.0 (Fedora)"|SecServerSignature "Apache/${APACHE_VERSION:C/[0-9]/\0./g}x (${OPSYS})"|; \ + ' ${WRKSRCTOP}/rules/modsecurity_crs_10_config.conf -do-install: - ${APXS} -i -a -n ${SHORTMODNAME} ${APWRKSRC}/${MODULENAME}.${AP_BUILDEXT} - @${MKDIR} ${EXAMPLESDIR} - @${INSTALL_DATA} ${WRKSRC}/httpd.conf.example-* ${EXAMPLESDIR} +post-install: .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} -.for f in ${DOCS} - @${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR} -.endfor + @(cd ${WRKSRCTOP} && ${COPYTREE_SHARE} "doc rules" ${DOCSDIR}/) +.endif +.if !defined(SKIP_RULES) + @${INSTALL_DATA} ${WRKDIR}/mod_security2.conf ${PREFIX}/${APACHEETCDIR}/Includes/ + @cd ${WRKSRCTOP} && ${PAX} -rw -pe -s +rules+mod_security2+ rules ${PREFIX}/${APACHEETCDIR}/Includes + @${CAT} ${PKGMESSAGE} .endif -.include <bsd.port.post.mk> +.include <bsd.port.mk> diff --git a/www/mod_security/distinfo b/www/mod_security/distinfo index 6c6d93001c93..3b6104a4817b 100644 --- a/www/mod_security/distinfo +++ b/www/mod_security/distinfo @@ -1,3 +1,3 @@ -MD5 (modsecurity-apache_1.9.4.tar.gz) = 74d2317781bab619cd7b6b376b978107 -SHA256 (modsecurity-apache_1.9.4.tar.gz) = 9ca6e614c58783faec9b14f58f569a96de420b25ab23063387a1ab51ce3f5171 -SIZE (modsecurity-apache_1.9.4.tar.gz) = 496805 +MD5 (modsecurity-apache_2.5.5.tar.gz) = 8bd027fe079ff2516e3c722a3be6cd4c +SHA256 (modsecurity-apache_2.5.5.tar.gz) = 626909c8408e2fd9e387f592f49e9d2c6501513b4cdc18dd89a8e9f3e124d959 +SIZE (modsecurity-apache_2.5.5.tar.gz) = 1073723 diff --git a/www/mod_security/files/mod_security2.conf.in b/www/mod_security/files/mod_security2.conf.in new file mode 100644 index 000000000000..9553e12a1cc2 --- /dev/null +++ b/www/mod_security/files/mod_security2.conf.in @@ -0,0 +1,3 @@ +<IfModule security2_module> + Include %%APACHEETCDIR%%/Includes/mod_security2/*.conf +</IfModule> diff --git a/www/mod_security/files/pkg-message.rules.in b/www/mod_security/files/pkg-message.rules.in new file mode 100644 index 000000000000..3622ef8cbad7 --- /dev/null +++ b/www/mod_security/files/pkg-message.rules.in @@ -0,0 +1,20 @@ + +The modsecurity 2 Core Rules have been installed in + + %%PREFIX%%/%%APACHEETCDIR%%/Includes/mod_security2/ + +and run in "DetectionOnly" mode as not to disturb operatings. + +Please read http://www.modsecurity.org/projects/rules/index.html + +ModSecurity requires mod_unique_id to be actived. +This line must be present in your apache configuration file. + +LoadModule unique_id_module libexec/apache22/mod_unique_id.so + +You must add the following to your Apache configuration file for +activate mod_security: + +LoadModule security2_module libexec/apache22/mod_security2.so + +Logging is done to /var/log/httpd-modsec2*.log diff --git a/www/mod_security/pkg-descr b/www/mod_security/pkg-descr index b1eae38145e7..91757c63af8d 100644 --- a/www/mod_security/pkg-descr +++ b/www/mod_security/pkg-descr @@ -1,9 +1,9 @@ -ModSecurity is an open source intrustion detection and -prevention engine for web applications. It operates embedded -into the web server, acting as a powerful umbrella - shielding -web applications from attacks. +ModSecurity is an embeddable web application firewall. It provides +protection from a range of attacks against web applications and allows +for HTTP traffic monitoring and real-time analysis with no changes to +existing infrastructure. -WWW: http://www.modsecurity.org/ +It is also an open source project that aims to make the web application +firewall technology available to everyone. -- Alex Dupre -ale@FreeBSD.org +WWW: http://www.modsecurity.org/ diff --git a/www/mod_security/pkg-plist b/www/mod_security/pkg-plist deleted file mode 100644 index ee7534043358..000000000000 --- a/www/mod_security/pkg-plist +++ /dev/null @@ -1,5 +0,0 @@ -%%APACHEMODDIR%%/%%AP_MODULE%% -@exec %D/sbin/apxs -e -a -n security %D/%F -@unexec %D/sbin/apxs -e -A -n security %D/%F -%%EXAMPLESDIR%%/httpd.conf.example-minimal -@dirrm %%EXAMPLESDIR%% |