summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/modsecurity-apache/README12
-rw-r--r--network/modsecurity-apache/doinst.sh1
-rw-r--r--network/modsecurity-apache/modsecurity-apache.SlackBuild35
-rw-r--r--network/modsecurity-apache/modsecurity-apache.info10
4 files changed, 41 insertions, 17 deletions
diff --git a/network/modsecurity-apache/README b/network/modsecurity-apache/README
index cdf88372f3..d3d2338b7c 100644
--- a/network/modsecurity-apache/README
+++ b/network/modsecurity-apache/README
@@ -12,11 +12,15 @@ architecture):
LoadModule security2_module lib/httpd/modules/mod_security2.so
Include /etc/httpd/extra/modsecurity-recommended.conf
-This SlackBuild will also verify the package's PGP signature
-if the following conditions are met:
+Also refer to the file /etc/httpd/crs/INSTALL for information on how to get the
+Core Rule Set (CRS) up and running.
+
+This SlackBuild will also verify the PGP signature of the packages if the
+following conditions are met:
- You have GnuPG installed
- You have the appropriate public PGP key (0x6980F8B0)
- in your trustedkeys.gpg keyring
-- You have downloaded the sig file from
+ in your trustedkeys.gpg keyring (and 0x9624FCD2 for CRS)
+- You have downloaded the sig files from
http://www.modsecurity.org/download/modsecurity-apache_${VERSION}.tar.gz.asc
+ http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.4.tar.gz.asc
diff --git a/network/modsecurity-apache/doinst.sh b/network/modsecurity-apache/doinst.sh
index 4edf9ce1c2..be6e4845ed 100644
--- a/network/modsecurity-apache/doinst.sh
+++ b/network/modsecurity-apache/doinst.sh
@@ -12,4 +12,5 @@ config() {
}
config etc/httpd/extra/modsecurity-recommended.conf.new
+config etc/httpd/crs/modsecurity_crs_10_config.conf.new
diff --git a/network/modsecurity-apache/modsecurity-apache.SlackBuild b/network/modsecurity-apache/modsecurity-apache.SlackBuild
index e065cf877e..807071a71e 100644
--- a/network/modsecurity-apache/modsecurity-apache.SlackBuild
+++ b/network/modsecurity-apache/modsecurity-apache.SlackBuild
@@ -5,10 +5,12 @@
# Written by pyllyukko
PRGNAM=modsecurity-apache
-VERSION=${VERSION:-2.6.1}
+VERSION=${VERSION:-2.6.5}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
+CRS_VERSION="2.2.4"
+
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) ARCH=i486 ;;
@@ -36,13 +38,6 @@ else
LIBDIRSUFFIX=""
fi
-set -e
-
-rm -rf $PKG
-mkdir -p $TMP $PKG $OUTPUT
-cd $TMP
-rm -rf ${PRGNAM}_${VERSION}
-
# The package can be verified with Breno Silva Pinto's PGP key (0x6980F8B0)
# If we have GPG installed, we try to verify the signature.
if [ -x "/usr/bin/gpg" -a -x "/usr/bin/gpgv" ]
@@ -60,10 +55,28 @@ then
then
/usr/bin/gpgv "${CWD}/${PRGNAM}_${VERSION}.tar.gz.asc"
fi
+
+ # Verify the Core Rule Set package.
+ set +e
+ /usr/bin/gpg --keyring trustedkeys.gpg --no-default-keyring --list-keys 0x9624FCD2 &>/dev/null
+ GPG_RET=${?}
+ set -e
+ if [ ${GPG_RET} -eq 0 -a \
+ -f "${CWD}/modsecurity-crs_${CRS_VERSION}.tar.gz.asc" ]
+ then
+ /usr/bin/gpgv "${CWD}/modsecurity-crs_${CRS_VERSION}.tar.gz.asc"
+ fi
fi
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf ${PRGNAM}_${VERSION}
tar xvf $CWD/${PRGNAM}_${VERSION}.tar.gz
cd ${PRGNAM}_${VERSION}
+tar xvf $CWD/modsecurity-crs_${CRS_VERSION}.tar.gz
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
@@ -104,6 +117,12 @@ cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
mkdir -p $PKG/etc/httpd/extra
cat modsecurity.conf-recommended > $PKG/etc/httpd/extra/modsecurity-recommended.conf.new
+# The Core Rule Set
+mkdir -p ${PKG}/etc/httpd/crs
+cp -Rv modsecurity-crs_${CRS_VERSION}/* ${PKG}/etc/httpd/crs
+cat modsecurity-crs_${CRS_VERSION}/modsecurity_crs_10_config.conf.example > \
+ ${PKG}/etc/httpd/crs/modsecurity_crs_10_config.conf.new
+
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh
diff --git a/network/modsecurity-apache/modsecurity-apache.info b/network/modsecurity-apache/modsecurity-apache.info
index 9663bb63b4..891e3732e7 100644
--- a/network/modsecurity-apache/modsecurity-apache.info
+++ b/network/modsecurity-apache/modsecurity-apache.info
@@ -1,10 +1,10 @@
PRGNAM="modsecurity-apache"
-VERSION="2.6.1"
-HOMEPAGE="http://www.modsecurity.org/"
-DOWNLOAD="http://www.modsecurity.org/download/modsecurity-apache_2.6.1.tar.gz http://www.modsecurity.org/download/modsecurity-apache_2.6.1.tar.gz.asc"
-MD5SUM="762d2d1fcd47dd0d348bea737a956dac 8bade09a8fe680f7e217bafd3d142cde"
+VERSION="2.6.5"
+HOMEPAGE="http://www.modsecurity.org/ https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project"
+DOWNLOAD="http://www.modsecurity.org/download/modsecurity-apache_2.6.5.tar.gz http://www.modsecurity.org/download/modsecurity-apache_2.6.5.tar.gz.asc http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.4.tar.gz http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.4.tar.gz.asc"
+MD5SUM="2e1c6456f0dacae7206021d0ae8674e1 38e82e92f9f6215dbbcfe06bdcc15490 160321534ba4859ccdb04ae1648fb51d 4a9211dba233730186e2a10ee39230c2"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
MAINTAINER="pyllyukko"
EMAIL="pyllyukko AT maimed dot org"
-APPROVED="Niels Horn"
+APPROVED="dsomero"