Bug 109855 - Update www/mod_security2 to version 2.1.0 and install core rules
Summary: Update www/mod_security2 to version 2.1.0 and install core rules
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Rong-En Fan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-04 16:10 UTC by ruben
Modified: 2007-03-06 07:40 UTC (History)
0 users

See Also:


Attachments
file.diff (4.61 KB, patch)
2007-03-04 16:10 UTC, ruben
no flags Details | Diff
PR109855.2.patch (4.70 KB, patch)
2007-03-04 20:20 UTC, Dominic Mitchell
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description ruben 2007-03-04 16:10:04 UTC
	The enclosed patch updates www/mod_security2 to version 2.1.0 and install
	the core rules in "DetectionOnly" mode with logging in
	/var/log/httpd-modsec-*.log. Can be disabled with SKIP_RULES=yes (knob name subject to discussion)
Comment 1 Edwin Groothuis freebsd_committer 2007-03-04 16:10:13 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback
Comment 2 ruben 2007-03-04 18:22:55 UTC
There is a small nit in the patch

- It should be mod_security2.c for the IfModule. www/apache20 wants this, tested
  with www/apache22 originally
- Copy and paste error for the REINPLACE_CMD substitution of the logfile
  locations.

Please use the new patch, apologies.

Regards,
	Ruben


diff -Nur mod_security2.orig/Makefile mod_security2/Makefile
--- mod_security2.orig/Makefile	Sun Mar  4 13:34:56 2007
+++ mod_security2/Makefile	Sun Mar  4 16:34:59 2007
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	mod_security2
-PORTVERSION=	2.0.4
+PORTVERSION=	2.1.0
 CATEGORIES=	www security
 MASTER_SITES=	http://www.modsecurity.org/download/
 DISTNAME=	${PORTNAME:S/_//:S/2//}-apache_${PORTVERSION}
@@ -24,6 +24,32 @@
 PORTDOCS=	*
 DOCS=		CHANGES LICENSE README.TXT modsecurity.conf-minimal doc
 DOCSDIR=	${TARGETDIR}/share/doc/${MODULENAME}
+SUB_FILES+=mod_security2.conf
+SUB_LIST+=APACHEETCDIR="${APACHEETCDIR}"
+
+.if !defined(SKIP_RULES)
+SUB_FILES+=pkg-message.rules
+
+PLIST_DIRS+=${APACHEETCDIR}/Includes/mod_security2/blocking
+PLIST_DIRS+=${APACHEETCDIR}/Includes/mod_security2
+
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/CHANGELOG
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/LICENSE
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/README
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/blocking/modsecurity_crs_20_protocol_violations.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/blocking/modsecurity_crs_21_protocol_anomalies.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/blocking/modsecurity_crs_40_generic_attacks.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_10_config.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_20_protocol_violations.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_21_protocol_anomalies.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_30_http_policy.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_35_bad_robots.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_40_generic_attacks.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_45_trojans.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_50_outbound.conf
+PLIST_FILES+=${APACHEETCDIR}/Includes/mod_security2/modsecurity_crs_55_marketing.conf
+.endif
 
 .if defined(WITH_LIBXML2)
 AP_EXTRAS+=	-DWITH_LIBXML2
@@ -32,10 +58,22 @@
 USE_GNOME=	libxml2
 .endif
 
+post-patch:
+	@${REINPLACE_CMD}	-e 's|SecRuleEngine On|SecRuleEngine DetectionOnly|' \
+						-e 's|SecAuditLog.*logs/modsec_audit.log|SecAuditLog /var/log/httpd-modsec2_audit.log|' \
+						-e 's|SecDebugLog.*logs/modsec_debug.log|SecDebugLog /var/log/httpd-modsec2_debug.log|' \
+						-e 's|SecServerSignature "Apache/2.2.0 (Fedora)"|SecServerSignature "Apache/${APACHE_VERSION:C/[0-9]/\0./g}x (${OPSYS})"|' \
+		${WRKSRCTOP}/rules/modsecurity_crs_10_config.conf
+
 post-install:
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 	@(cd ${WRKSRCTOP} && ${TAR} cf - ${DOCS}) | (cd ${DOCSDIR} && ${TAR} xpof -)
+.endif
+.if !defined(SKIP_RULES)
+	@${INSTALL_DATA} ${WRKDIR}/mod_security2.conf ${PREFIX}/${APACHEETCDIR}/Includes/
+	@cd ${WRKSRCTOP} && ${PAX} -rw -pe -s +rules+mod_security2+ rules  ${PREFIX}/${APACHEETCDIR}/Includes
+	@${CAT} ${PKGMESSAGE}
 .endif
 
 .include <bsd.port.mk>
diff -Nur mod_security2.orig/distinfo mod_security2/distinfo
--- mod_security2.orig/distinfo	Sun Mar  4 13:34:56 2007
+++ mod_security2/distinfo	Sun Mar  4 13:35:49 2007
@@ -1,3 +1,3 @@
-MD5 (modsecurity-apache_2.0.4.tar.gz) = b63f093c7a24b766e6e8c9c8ffc13084
-SHA256 (modsecurity-apache_2.0.4.tar.gz) = 622c3478515c951189334aa9a60ae7e71dfbbc671d983bf2f4b732a5fdd230a1
-SIZE (modsecurity-apache_2.0.4.tar.gz) = 303477
+MD5 (modsecurity-apache_2.1.0.tar.gz) = 2e919766f2878c4ee46334816004dd15
+SHA256 (modsecurity-apache_2.1.0.tar.gz) = fd37d64f7ffe193101da20f6e6e2016105de62948f3976aceaa96f636606fe74
+SIZE (modsecurity-apache_2.1.0.tar.gz) = 650133
diff -Nur mod_security2.orig/files/mod_security2.conf.in mod_security2/files/mod_security2.conf.in
--- mod_security2.orig/files/mod_security2.conf.in	Thu Jan  1 01:00:00 1970
+++ mod_security2/files/mod_security2.conf.in	Sun Mar  4 15:27:21 2007
@@ -0,0 +1,5 @@
+<IfModule mod_security2.c>
+
+        Include %%APACHEETCDIR%%/Includes/mod_security2/*.conf
+
+</IfModule>
diff -Nur mod_security2.orig/files/pkg-message.rules.in mod_security2/files/pkg-message.rules.in
--- mod_security2.orig/files/pkg-message.rules.in	Thu Jan  1 01:00:00 1970
+++ mod_security2/files/pkg-message.rules.in	Sun Mar  4 16:01:17 2007
@@ -0,0 +1,10 @@
+
+The modsecurity 2 Core Rules have been installed in 
+
+%%PREFIX%%/%%APACHEETCDIR%%/Includes/mod_security2/
+
+and run in "DetectionOnly" mode as not to disturb operatings.
+
+Please read http://www.modsecurity.org/projects/rules/index.html
+
+logging is done to /var/log/httpd-modsec-*.log
Comment 3 Dominic Mitchell 2007-03-04 20:20:54 UTC
Edwin Groothuis wrote:
> Maintainer of www/mod_security2,
> 
> Please note that PR ports/109855 has just been submitted.
> 
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.

I include a slightly reworked form of the patch (just reformatting). 
Please apply that.

Thanks,
-Dom
Comment 4 Rong-En Fan freebsd_committer 2007-03-05 15:23:19 UTC
Responsible Changed
From-To: freebsd-ports-bugs->rafan

Eat.
Comment 5 Rong-En Fan freebsd_committer 2007-03-05 15:28:18 UTC
State Changed
From-To: feedback->open

Maintainer's patch received.
Comment 6 Rong-En Fan freebsd_committer 2007-03-06 07:37:25 UTC
State Changed
From-To: open->closed

Committed. Thanks!
Comment 7 dfilter service freebsd_committer 2007-03-06 07:37:26 UTC
rafan       2007-03-06 07:37:20 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_security2    Makefile distinfo 
  Log:
  - Update to 2.1.0
  - Install core rules in DetectionOnly mode with logging in log files only.
    If you don't want to install rules, define SKIP_RULES
  
  PR:             ports/109855
  Submitted by:   Ruben van Staveren <ruben at verweg.com>
  Approved by:    Dominic Mitchell <dom at happygiraffe.net> (maintainer)
  
  Revision  Changes    Path
  1.4       +43 -2     ports/www/mod_security2/Makefile
  1.3       +3 -3      ports/www/mod_security2/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"