From 46e038ecd35e767749e11ad8362446cea38758ad Mon Sep 17 00:00:00 2001 From: "Menno E. Duursma" Date: Thu, 13 May 2010 00:37:16 +0200 Subject: network/mod_hosts_access: Updated for version 1.1.0 --- network/mod_hosts_access/README | 6 +++--- network/mod_hosts_access/doinst.sh | 15 +++++++++++++ .../mod_hosts_access/mod_hosts_access.SlackBuild | 25 +++++++++++++++------- network/mod_hosts_access/mod_hosts_access.conf | 17 +++++++++++++++ network/mod_hosts_access/mod_hosts_access.info | 4 +++- network/mod_hosts_access/slack-desc | 10 ++++----- 6 files changed, 60 insertions(+), 17 deletions(-) create mode 100644 network/mod_hosts_access/doinst.sh create mode 100644 network/mod_hosts_access/mod_hosts_access.conf (limited to 'network/mod_hosts_access') diff --git a/network/mod_hosts_access/README b/network/mod_hosts_access/README index 2486db84ec..2fab50ad9e 100644 --- a/network/mod_hosts_access/README +++ b/network/mod_hosts_access/README @@ -1,14 +1,14 @@ mod_hosts_access This is a DSO (dynamically shared object) module for the Apache webserver -that uses libwrap (TCP Wrapper) to check if the connecting hosts is allowed. +that uses libwrap (TCP Wrappers) to check if the connecting hosts is allowed. This system works well with dynamic blocking scripts, such as DenyHosts, and configfile distribution systems, such as Cfengine. Especially if other blocking methods differ between hosts at a site (e.g. kernel-level firewalling means). -At an appropriate place (i.e. where other modules are loaded similarly), -add to /etc/httpd/httpd.conf following line: +You'll need to add the following line to /etc/httpd/httpd.conf: + Include /etc/httpd/mod_hosts_access.conf LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so diff --git a/network/mod_hosts_access/doinst.sh b/network/mod_hosts_access/doinst.sh new file mode 100644 index 0000000000..d32f2a6362 --- /dev/null +++ b/network/mod_hosts_access/doinst.sh @@ -0,0 +1,15 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +config etc/mod_hosts_access.conf.new + diff --git a/network/mod_hosts_access/mod_hosts_access.SlackBuild b/network/mod_hosts_access/mod_hosts_access.SlackBuild index 905266cf97..dd9c76d4d2 100644 --- a/network/mod_hosts_access/mod_hosts_access.SlackBuild +++ b/network/mod_hosts_access/mod_hosts_access.SlackBuild @@ -13,17 +13,21 @@ VERSION=1.1.0 ARCH=${ARCH:-i486} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} -CWD=`pwd` + +CWD=$(pwd) TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} if [ "$ARCH" = "i486" ]; then SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" fi set -e # exit on most errors @@ -32,23 +36,27 @@ rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP rm -rf $PRGNAM-$VERSION -tar -xzvf $CWD/$PRGNAM-$VERSION.tar.gz || exit 1 +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz || exit 1 cd $PRGNAM-$VERSION chown -R root:root . chmod -R a-s,u+w,go+r-w . # Create target dir -mkdir -p $PKG/usr/lib/httpd/modules +mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules # Compile module as DSO (dynmically shared object) -CFLAGS="$SLACKFLAGS" \ -apxs -ca mod_hosts_access.c -lwrap -lnsl +CFLAGS="$SLACKFLAGS" apxs -ca mod_hosts_access.c -lwrap -lnsl # copy into place -cp .libs/mod_hosts_access.so $PKG/usr/lib/httpd/modules +cp .libs/mod_hosts_access.so $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules + +mkdir -p $PKG/etc/httpd +sed "s%@baselibdir@%lib${LIBDIRSUFFIX}%" $CWD/mod_hosts_access.conf > \ + $PKG/etc/httpd/mod_hosts_access.conf.new ( cd $PKG || exit 1 - find . -type f | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . -type f | xargs file | grep -e "executable" -e "shared object" | \ + grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null ) mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION @@ -57,6 +65,7 @@ cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/mod_hosts_access/mod_hosts_access.conf b/network/mod_hosts_access/mod_hosts_access.conf new file mode 100644 index 0000000000..da8e6b3a76 --- /dev/null +++ b/network/mod_hosts_access/mod_hosts_access.conf @@ -0,0 +1,17 @@ +# Apache config for mod_hosts_access + +LoadModule hosts_access_module @baselibdir@/httpd/modules/mod_hosts_access.so + + + HostsAccess On + Options FollowSymLinks + AllowOverride None + + +# To test, restart apache for it to load the module; edit /etc/hosts.allow +# adding a line like the following: +# httpd: localhost: deny +# Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting +# the index page should fail, to verify try: +# lynx -dump localhost +# The same can be done in a .htaccess file if AllowOverride Limit has been set. diff --git a/network/mod_hosts_access/mod_hosts_access.info b/network/mod_hosts_access/mod_hosts_access.info index 5c6bdb1b36..e0f9c8064c 100644 --- a/network/mod_hosts_access/mod_hosts_access.info +++ b/network/mod_hosts_access/mod_hosts_access.info @@ -3,6 +3,8 @@ VERSION="1.1.0" HOMEPAGE="http://www.klomp.org/mod_hosts_access/" DOWNLOAD="http://downloads.sourceforge.net/httpd-garage/mod_hosts_access-1.1.0.tar.gz" MD5SUM="2e4fd22e778c8d98d433344a46421eb7" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" MAINTAINER="Menno E. Duursma" EMAIL="druiloor@zonnet.nl" -APPROVED="robw810,Erik Hanson" +APPROVED="rworkman,Erik Hanson" diff --git a/network/mod_hosts_access/slack-desc b/network/mod_hosts_access/slack-desc index 16ec11ff64..33a0d81cb3 100644 --- a/network/mod_hosts_access/slack-desc +++ b/network/mod_hosts_access/slack-desc @@ -5,15 +5,15 @@ # make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. - |-----handy-ruler------------------------------------------------------| + |-----handy-ruler------------------------------------------------------| mod_hosts_access: mod_hosts_access (Apache hosts ACL module) mod_hosts_access: -mod_hosts_access: Httpd support for Wietse Venema's TCP Wrapper (libwrap) -mod_hosts_access: hosts based access control system +mod_hosts_access: This module provides httpd support for Wietse Venema's TCP Wrappers +mod_hosts_access: (libwrap) hosts-based access control system. mod_hosts_access: -mod_hosts_access: mod_hosts_access is developed by -mod_hosts_access: Vincent Partington, Ken Coar +mod_hosts_access: mod_hosts_access is developed by Vincent Partington and Ken Coar. mod_hosts_access: mod_hosts_access: Please see the README for instructions no how to enable it. mod_hosts_access: mod_hosts_access: +mod_hosts_access: -- cgit v1.2.3