diff options
Diffstat (limited to 'network/mod_evasive')
-rw-r--r-- | network/mod_evasive/README | 39 | ||||
-rw-r--r-- | network/mod_evasive/mod_evasive.SlackBuild | 65 | ||||
-rw-r--r-- | network/mod_evasive/mod_evasive.info | 8 | ||||
-rw-r--r-- | network/mod_evasive/slack-desc | 19 |
4 files changed, 131 insertions, 0 deletions
diff --git a/network/mod_evasive/README b/network/mod_evasive/README new file mode 100644 index 0000000000..5cebd45147 --- /dev/null +++ b/network/mod_evasive/README @@ -0,0 +1,39 @@ +mod_evasive maneuvers module for Apache to provide evasive action in the event +of an HTTP DoS or DDoS attack or brute force attack. It is also designed +to be a detection and network management tool, and can be easily configured +to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently +reports abuses via email and syslog facilities. + +Detection is performed by creating an internal dynamic hash table of IP +Addresses and URIs, and denying any single IP address from any of the +following: + + + * Requesting the same page more than a few times per second + * Making more than 50 concurrent requests on the same child per second + * Making any requests while temporarily blacklisted (on a blocking list) + + +To enable it edit /etc/httpd/httpd.conf to have like the following: + +LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so + +<IfModule mod_evasive20.c> + DOSHashTableSize 3097 + DOSPageCount 2 + DOSSiteCount 50 + DOSPageInterval 1 + DOSSiteInterval 1 + DOSBlockingPeriod 10 +</IfModule> + + +To test enter the following command: + + perl /usr/doc/mod_evasive-$VERSION/test.pl | more + +Which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden + +mod_evasive is fully tweakable through the Apache configuration file, see +the READE file in /usr/doc/mod_evasive-$VERSION for configuration details. + diff --git a/network/mod_evasive/mod_evasive.SlackBuild b/network/mod_evasive/mod_evasive.SlackBuild new file mode 100644 index 0000000000..607e2e5e58 --- /dev/null +++ b/network/mod_evasive/mod_evasive.SlackBuild @@ -0,0 +1,65 @@ +#!/bin/sh + +# Slackware build script for mod_evasive (an Apache DoS protection module) + +# Written by Menno E. Duursma + +# This program is free software. It comes without any warranty. +# Granted WTFPL, Version 2, as published by Sam Hocevar. See +# http://sam.zoy.org/wtfpl/COPYING for more details. + +# Modified by SlackBuilds.org + +PRGNAM=mod_evasive +VERSION=1.10.1 +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} +CWD=`pwd` +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +fi + +set -e # exit on most errors + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM +tar -xzvf $CWD/${PRGNAM}_${VERSION}.tar.gz +cd $PRGNAM +chown -R root:root . +chmod -R a-s,u+w,go+r-w . + +# Create target dir +mkdir -p $PKG/usr/lib/httpd/modules + +# Compile module as DSO (dynmically shared object) +CFLAGS="$SLACKFLAGS" \ +apxs -ca mod_evasive20.c + +# copy into place +cp -v .libs/mod_evasive20.so $PKG/usr/lib/httpd/modules + +( cd $PKG || exit 1 + find . -type f | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a CHANGELOG LICENSE README test.pl $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +find $PKG/usr/doc -type f -exec chmod 0644 {} \; + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/network/mod_evasive/mod_evasive.info b/network/mod_evasive/mod_evasive.info new file mode 100644 index 0000000000..f8e629f3e8 --- /dev/null +++ b/network/mod_evasive/mod_evasive.info @@ -0,0 +1,8 @@ +PRGNAM="mod_evasive" +VERSION="1.10.1" +HOMEPAGE="http://www.zdziarski.com/projects/mod_evasive/" +DOWNLOAD="http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz" +MD5SUM="784fca4a124f25ccff5b48c7a69a65e5" +MAINTAINER="Menno E. Duursma" +EMAIL="druiloor@zonnet.nl" +APPROVED="Erik Hanson" diff --git a/network/mod_evasive/slack-desc b/network/mod_evasive/slack-desc new file mode 100644 index 0000000000..054e67d7be --- /dev/null +++ b/network/mod_evasive/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +mod_evasive: mod_evasive (an Apache anti-DoS module) +mod_evasive: +mod_evasive: mod_evasive is an evasive maneuvers module for Apache to +mod_evasive: provide evasive action in the event of an HTTP DoS or DDoS +mod_evasive: attack or brute force attack. +mod_evasive: +mod_evasive: mod_evasive is maintained by Jonathan A. Zdziarski. +mod_evasive: +mod_evasive: +mod_evasive: +mod_evasive: |