diff options
-rw-r--r-- | network/modsecurity-apache/README | 12 | ||||
-rw-r--r-- | network/modsecurity-apache/doinst.sh | 1 | ||||
-rw-r--r-- | network/modsecurity-apache/modsecurity-apache.SlackBuild | 35 | ||||
-rw-r--r-- | network/modsecurity-apache/modsecurity-apache.info | 10 |
4 files changed, 41 insertions, 17 deletions
diff --git a/network/modsecurity-apache/README b/network/modsecurity-apache/README index cdf88372f3..d3d2338b7c 100644 --- a/network/modsecurity-apache/README +++ b/network/modsecurity-apache/README @@ -12,11 +12,15 @@ architecture): LoadModule security2_module lib/httpd/modules/mod_security2.so Include /etc/httpd/extra/modsecurity-recommended.conf -This SlackBuild will also verify the package's PGP signature -if the following conditions are met: +Also refer to the file /etc/httpd/crs/INSTALL for information on how to get the +Core Rule Set (CRS) up and running. + +This SlackBuild will also verify the PGP signature of the packages if the +following conditions are met: - You have GnuPG installed - You have the appropriate public PGP key (0x6980F8B0) - in your trustedkeys.gpg keyring -- You have downloaded the sig file from + in your trustedkeys.gpg keyring (and 0x9624FCD2 for CRS) +- You have downloaded the sig files from http://www.modsecurity.org/download/modsecurity-apache_${VERSION}.tar.gz.asc + http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.4.tar.gz.asc diff --git a/network/modsecurity-apache/doinst.sh b/network/modsecurity-apache/doinst.sh index 4edf9ce1c2..be6e4845ed 100644 --- a/network/modsecurity-apache/doinst.sh +++ b/network/modsecurity-apache/doinst.sh @@ -12,4 +12,5 @@ config() { } config etc/httpd/extra/modsecurity-recommended.conf.new +config etc/httpd/crs/modsecurity_crs_10_config.conf.new diff --git a/network/modsecurity-apache/modsecurity-apache.SlackBuild b/network/modsecurity-apache/modsecurity-apache.SlackBuild index e065cf877e..807071a71e 100644 --- a/network/modsecurity-apache/modsecurity-apache.SlackBuild +++ b/network/modsecurity-apache/modsecurity-apache.SlackBuild @@ -5,10 +5,12 @@ # Written by pyllyukko PRGNAM=modsecurity-apache -VERSION=${VERSION:-2.6.1} +VERSION=${VERSION:-2.6.5} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} +CRS_VERSION="2.2.4" + if [ -z "$ARCH" ]; then case "$( uname -m )" in i?86) ARCH=i486 ;; @@ -36,13 +38,6 @@ else LIBDIRSUFFIX="" fi -set -e - -rm -rf $PKG -mkdir -p $TMP $PKG $OUTPUT -cd $TMP -rm -rf ${PRGNAM}_${VERSION} - # The package can be verified with Breno Silva Pinto's PGP key (0x6980F8B0) # If we have GPG installed, we try to verify the signature. if [ -x "/usr/bin/gpg" -a -x "/usr/bin/gpgv" ] @@ -60,10 +55,28 @@ then then /usr/bin/gpgv "${CWD}/${PRGNAM}_${VERSION}.tar.gz.asc" fi + + # Verify the Core Rule Set package. + set +e + /usr/bin/gpg --keyring trustedkeys.gpg --no-default-keyring --list-keys 0x9624FCD2 &>/dev/null + GPG_RET=${?} + set -e + if [ ${GPG_RET} -eq 0 -a \ + -f "${CWD}/modsecurity-crs_${CRS_VERSION}.tar.gz.asc" ] + then + /usr/bin/gpgv "${CWD}/modsecurity-crs_${CRS_VERSION}.tar.gz.asc" + fi fi +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf ${PRGNAM}_${VERSION} tar xvf $CWD/${PRGNAM}_${VERSION}.tar.gz cd ${PRGNAM}_${VERSION} +tar xvf $CWD/modsecurity-crs_${CRS_VERSION}.tar.gz chown -R root:root . find . \ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ @@ -104,6 +117,12 @@ cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild mkdir -p $PKG/etc/httpd/extra cat modsecurity.conf-recommended > $PKG/etc/httpd/extra/modsecurity-recommended.conf.new +# The Core Rule Set +mkdir -p ${PKG}/etc/httpd/crs +cp -Rv modsecurity-crs_${CRS_VERSION}/* ${PKG}/etc/httpd/crs +cat modsecurity-crs_${CRS_VERSION}/modsecurity_crs_10_config.conf.example > \ + ${PKG}/etc/httpd/crs/modsecurity_crs_10_config.conf.new + mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh diff --git a/network/modsecurity-apache/modsecurity-apache.info b/network/modsecurity-apache/modsecurity-apache.info index 9663bb63b4..891e3732e7 100644 --- a/network/modsecurity-apache/modsecurity-apache.info +++ b/network/modsecurity-apache/modsecurity-apache.info @@ -1,10 +1,10 @@ PRGNAM="modsecurity-apache" -VERSION="2.6.1" -HOMEPAGE="http://www.modsecurity.org/" -DOWNLOAD="http://www.modsecurity.org/download/modsecurity-apache_2.6.1.tar.gz http://www.modsecurity.org/download/modsecurity-apache_2.6.1.tar.gz.asc" -MD5SUM="762d2d1fcd47dd0d348bea737a956dac 8bade09a8fe680f7e217bafd3d142cde" +VERSION="2.6.5" +HOMEPAGE="http://www.modsecurity.org/ https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" +DOWNLOAD="http://www.modsecurity.org/download/modsecurity-apache_2.6.5.tar.gz http://www.modsecurity.org/download/modsecurity-apache_2.6.5.tar.gz.asc http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.4.tar.gz http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.4.tar.gz.asc" +MD5SUM="2e1c6456f0dacae7206021d0ae8674e1 38e82e92f9f6215dbbcfe06bdcc15490 160321534ba4859ccdb04ae1648fb51d 4a9211dba233730186e2a10ee39230c2" DOWNLOAD_x86_64="" MD5SUM_x86_64="" MAINTAINER="pyllyukko" EMAIL="pyllyukko AT maimed dot org" -APPROVED="Niels Horn" +APPROVED="dsomero" |