Attachment #169368 for bug #208144




# $FreeBSD$

PORTNAME=	mod_security
PORTVERSION=	2.9.1
CATEGORIES=	www security
MASTER_SITES=	http://www.modsecurity.org/tarball/${PORTVERSION}/
PKGNAMEPREFIX=	${APACHE_PKGNAMEPREFIX}


SUB_FILES+=	pkg-message
SUB_FILES+=	README
SUB_FILES+=	${APMOD_FILE}.sample
APMOD_FILE=	280_${PORTNAME}.conf
SUB_LIST+=	APMOD_FILE=${APMOD_FILE}

PLIST_SUB+=	APXS="${APXS}"
PLIST_SUB+=	APACHEMODDIR="${APACHEMODDIR}"

OPTIONS_DEFINE=	DOCS FUZZYHASH LUA MLOGC
OPTIONS_SUB=	yes

LUA_CONFIGURE_ON=	--with-lua=${LOCALBASE}
LUA_CONFIGURE_OFF+=	--without-lua
LUA_USES=		lua:51+

MLOGC_DESC=		Build ModSecurity Log Collector
MLOGC_CONFIGURE_ON=	--disable-errors

	(cd ${WRKSRC} && ${COPYTREE_SHARE} doc ${STAGEDIR}${DOCSDIR})
	${INSTALL_DATA} ${WRKDIR}/README ${STAGEDIR}${DOCSDIR}

	@${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d
	${INSTALL_DATA} ${WRKDIR}/${APMOD_FILE}.sample ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d

.include <bsd.port.mk>

Lines 1-2 Link Here

(-)distinfo (-2 / +2 lines)
1	SHA256 (modsecurity-2.9.0.tar.gz) = e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434	1	SHA256 (modsecurity-2.9.1.tar.gz) = 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24
2	SIZE (modsecurity-2.9.0.tar.gz) = 4246467	2	SIZE (modsecurity-2.9.1.tar.gz) = 4261212




## $FreeBSD$
## vim: set filetype=apache:
##
## module file for mod_security
##
## PROVIDE: mod_security2
## REQUIRE: mod_unique_id

##
## To enable ModSecurity in Apache, enable the modules
##  mod_unique_id (in httpd.conf) and
##  mod_security2 in this config file
##
## Additionally, load configuration and rules with an Include line from
##  %%ETCDIR%%/*.conf
##
## Most users will use the signatures from the OWASP Core Rule Set (CRS).
## For configuration instructions, see %%DOCSDIR%%/README.
##

## apache modules for mod_security
#LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so
#LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so
#Include %%ETCDIR%%/*.conf





Configuring ModSecurity on FreeBSD
----------------------------------

To enable ModSecurity in Apache, follow the instructions in

 %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%
  Include etc/modsecurity/*.conf

ModSecurity has various configuration options.
To change them, edit the following file:

 %%ETCDIR%%/modsecurity.conf

Getting the Core Rule Set
-------------------------


under it.

  pkg install git
  cd %%ETCDIR%%
  git clone https://github.com/SpiderLabs/owasp-modsecurity-crs
  cp owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example \
    crs.conf

The CRS has various config options. To change them, edit crs.conf.

To activate the CRS base rules, add the following to your httpd.conf:

  Include etc/modsecurity/owasp-modsecurity-crs/base_rules/*.conf

You probably want to keep the CRS updated from time to time. You can
do this with Git:

  cd %%ETCDIR%%/owasp-modsecurity-crs
  git pull
  apachectl restart

Lines 1-9 Link Here

(-)files/pkg-message.in (-3 / +2 lines)
1		1
2	You have installed ModSecurity.	2	You have installed ModSecurity.
3	To enable ModSecurity in Apache, add the following to your httpd.conf:	3	To enable ModSecurity in Apache, follow the instructions in
4		4
5	LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so	5	%%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%
6	Include etc/modsecurity/*.conf
7		6
8	Most users will use the signatures from the OWASP Core Rule Set (CRS).	7	Most users will use the signatures from the OWASP Core Rule Set (CRS).
9	For configuration instructions, see %%DOCSDIR%%/README.	8	For configuration instructions, see %%DOCSDIR%%/README.

Lines 1-8 Link Here

(-)pkg-plist (-5 / +5 lines)
		1	%%MLOGC%%bin/mlogc
		2	%%MLOGC%%bin/mlogc-batch-load.pl
1	bin/rules-updater.pl	3	bin/rules-updater.pl
2	lib/mod_security2.so	4	@sample %%APACHEETCDIR%%/modules.d/280_mod_security.conf.sample
3	%%APACHEMODDIR%%/mod_security2.so
4	@comment @exec %%APXS%% -e -n unique_id -a %%APACHEMODDIR%%/mod_unique_id.so
5	@sample %%ETCDIR%%/modsecurity.conf.sample	5	@sample %%ETCDIR%%/modsecurity.conf.sample
6	%%ETCDIR%%/unicode.mapping	6	%%ETCDIR%%/unicode.mapping
7	%%MLOGC%%bin/mlogc	7	lib/%%AP_MODULE%%
8	%%MLOGC%%bin/mlogc-batch-load.pl	8	%%APACHEMODDIR%%/%%AP_MODULE%%

Return to bug 208144

Lines 1-7 Link Here

(-)Makefile (-7 / +8 lines)
1	# $FreeBSD$	1	# $FreeBSD$
2		2
3	PORTNAME= mod_security	3	PORTNAME= mod_security
4	PORTVERSION= 2.9.0	4	PORTVERSION= 2.9.1
5	CATEGORIES= www security	5	CATEGORIES= www security
6	MASTER_SITES= http://www.modsecurity.org/tarball/${PORTVERSION}/	6	MASTER_SITES= http://www.modsecurity.org/tarball/${PORTVERSION}/
7	PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX}	7	PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX}
Lines 34-51 Link Here
34		34
35	SUB_FILES+= pkg-message	35	SUB_FILES+= pkg-message
36	SUB_FILES+= README	36	SUB_FILES+= README
37	SUB_LIST+= APACHEETCDIR="${APACHEETCDIR}"	37	SUB_FILES+= ${APMOD_FILE}.sample
38	SUB_LIST+= APACHEMODDIR="${APACHEMODDIR}"	38	APMOD_FILE= 280_${PORTNAME}.conf
		39	SUB_LIST+= APMOD_FILE=${APMOD_FILE}
39		40
40	PLIST_SUB+= APXS="${APXS}"
41	PLIST_SUB+= APACHEMODDIR="${APACHEMODDIR}"
42
43	OPTIONS_DEFINE= DOCS FUZZYHASH LUA MLOGC	41	OPTIONS_DEFINE= DOCS FUZZYHASH LUA MLOGC
44	OPTIONS_SUB= yes	42	OPTIONS_SUB= yes
45		43
46	LUA_CONFIGURE_ON= --with-lua=${LOCALBASE}	44	LUA_CONFIGURE_ON= --with-lua=${LOCALBASE}
47	LUA_CONFIGURE_OFF+= --without-lua	45	LUA_CONFIGURE_OFF+= --without-lua
48	LUA_USES= lua:51	46	LUA_USES= lua:51+
49		47
50	MLOGC_DESC= Build ModSecurity Log Collector	48	MLOGC_DESC= Build ModSecurity Log Collector
51	MLOGC_CONFIGURE_ON= --disable-errors	49	MLOGC_CONFIGURE_ON= --disable-errors
Lines 79-82 Link Here
79	(cd ${WRKSRC} && ${COPYTREE_SHARE} doc ${STAGEDIR}${DOCSDIR})	77	(cd ${WRKSRC} && ${COPYTREE_SHARE} doc ${STAGEDIR}${DOCSDIR})
80	${INSTALL_DATA} ${WRKDIR}/README ${STAGEDIR}${DOCSDIR}	78	${INSTALL_DATA} ${WRKDIR}/README ${STAGEDIR}${DOCSDIR}
81		79
		80	@${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d
		81	${INSTALL_DATA} ${WRKDIR}/${APMOD_FILE}.sample ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d
		82
82	.include <bsd.port.mk>	83	.include <bsd.port.mk>

Line 0 Link Here

(-)files/280_mod_security.conf.sample.in (+25 lines)
	1	## $FreeBSD$
	2	## vim: set filetype=apache:
	3	##
	4	## module file for mod_security
	5	##
	6	## PROVIDE: mod_security2
	7	## REQUIRE: mod_unique_id
	8
	9	##
	10	## To enable ModSecurity in Apache, enable the modules
	11	## mod_unique_id (in httpd.conf) and
	12	## mod_security2 in this config file
	13	##
	14	## Additionally, load configuration and rules with an Include line from
	15	## %%ETCDIR%%/*.conf
	16	##
	17	## Most users will use the signatures from the OWASP Core Rule Set (CRS).
	18	## For configuration instructions, see %%DOCSDIR%%/README.
	19	##
	20
	21	## apache modules for mod_security
	22	#LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so
	23	#LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so
	24	#Include %%ETCDIR%%/*.conf
	25

Lines 1-11 Link Here

(-)files/README.in (-5 / +11 lines)
1	Configuring ModSecurity on FreeBSD	1	Configuring ModSecurity on FreeBSD
2	----------------------------------	2	----------------------------------
3		3
4	To enable ModSecurity in Apache, add the following to your httpd.conf:	4	To enable ModSecurity in Apache, follow the instructions in
5		5
6	LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so	6	%%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%
7	Include etc/modsecurity/*.conf
8		7
		8	ModSecurity has various configuration options.
		9	To change them, edit the following file:
		10
		11	%%ETCDIR%%/modsecurity.conf
		12
9	Getting the Core Rule Set	13	Getting the Core Rule Set
10	-------------------------	14	-------------------------
11		15
Lines 16-26 Link Here
16	under it.	20	under it.
17		21
18	pkg install git	22	pkg install git
19	cd /usr/local/etc/modsecurity	23	cd %%ETCDIR%%
20	git clone https://github.com/SpiderLabs/owasp-modsecurity-crs	24	git clone https://github.com/SpiderLabs/owasp-modsecurity-crs
21	cp owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example \	25	cp owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example \
22	crs.conf	26	crs.conf
23		27
		28	The CRS has various config options. To change them, edit crs.conf.
		29
24	To activate the CRS base rules, add the following to your httpd.conf:	30	To activate the CRS base rules, add the following to your httpd.conf:
25		31
26	Include etc/modsecurity/owasp-modsecurity-crs/base_rules/*.conf	32	Include etc/modsecurity/owasp-modsecurity-crs/base_rules/*.conf
Lines 78-83 Link Here
78	You probably want to keep the CRS updated from time to time. You can	84	You probably want to keep the CRS updated from time to time. You can
79	do this with Git:	85	do this with Git:
80		86
81	cd /usr/local/etc/modsecurity/owasp-modsecurity-crs	87	cd %%ETCDIR%%/owasp-modsecurity-crs
82	git pull	88	git pull
83	apachectl restart	89	apachectl restart