Date: Sat, 16 Apr 2016 17:29:07 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r413465 - in head/www/mod_security: . files Message-ID: <201604161729.u3GHT7Nl061349@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ohauer Date: Sat Apr 16 17:29:07 2016 New Revision: 413465 URL: https://svnweb.freebsd.org/changeset/ports/413465 Log: - update to 2.9.1 - install etc/apache2x/modules.d/280_mod_security.conf.sample - adjust README and pkg-message to reflect new module activation - adjust and sort pkg-plist Changes: - ModSecurity: update to 2.9.1 - Add support for Lua 5.1 or higher (was 5.1 only) - pkg-plist: bring back mod_unique_id activation, fix deprecated @exec - README: point user to configuration files PR: 208144 Submitted by: Walter Hop (maintainer) MFH: 2016Q2 Added: head/www/mod_security/files/280_mod_security.conf.sample.in (contents, props changed) Modified: head/www/mod_security/Makefile head/www/mod_security/distinfo head/www/mod_security/files/README.in head/www/mod_security/files/pkg-message.in head/www/mod_security/pkg-plist Modified: head/www/mod_security/Makefile ============================================================================== --- head/www/mod_security/Makefile Sat Apr 16 17:27:05 2016 (r413464) +++ head/www/mod_security/Makefile Sat Apr 16 17:29:07 2016 (r413465) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= mod_security -PORTVERSION= 2.9.0 +PORTVERSION= 2.9.1 CATEGORIES= www security MASTER_SITES= http://www.modsecurity.org/tarball/${PORTVERSION}/ PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX} @@ -34,18 +34,16 @@ DOCSDIR= ${PREFIX}/share/doc/${MODULENAM SUB_FILES+= pkg-message SUB_FILES+= README -SUB_LIST+= APACHEETCDIR="${APACHEETCDIR}" -SUB_LIST+= APACHEMODDIR="${APACHEMODDIR}" - -PLIST_SUB+= APXS="${APXS}" -PLIST_SUB+= APACHEMODDIR="${APACHEMODDIR}" +SUB_FILES+= ${APMOD_FILE}.sample +APMOD_FILE= 280_${PORTNAME}.conf +SUB_LIST+= APMOD_FILE=${APMOD_FILE} OPTIONS_DEFINE= DOCS FUZZYHASH LUA MLOGC OPTIONS_SUB= yes LUA_CONFIGURE_ON= --with-lua=${LOCALBASE} LUA_CONFIGURE_OFF+= --without-lua -LUA_USES= lua:51 +LUA_USES= lua:51+ MLOGC_DESC= Build ModSecurity Log Collector MLOGC_CONFIGURE_ON= --disable-errors @@ -79,4 +77,7 @@ post-install: (cd ${WRKSRC} && ${COPYTREE_SHARE} doc ${STAGEDIR}${DOCSDIR}) ${INSTALL_DATA} ${WRKDIR}/README ${STAGEDIR}${DOCSDIR} + @${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d + ${INSTALL_DATA} ${WRKDIR}/${APMOD_FILE}.sample ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d + .include <bsd.port.mk> Modified: head/www/mod_security/distinfo ============================================================================== --- head/www/mod_security/distinfo Sat Apr 16 17:27:05 2016 (r413464) +++ head/www/mod_security/distinfo Sat Apr 16 17:29:07 2016 (r413465) @@ -1,2 +1,2 @@ -SHA256 (modsecurity-2.9.0.tar.gz) = e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 -SIZE (modsecurity-2.9.0.tar.gz) = 4246467 +SHA256 (modsecurity-2.9.1.tar.gz) = 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 +SIZE (modsecurity-2.9.1.tar.gz) = 4261212 Added: head/www/mod_security/files/280_mod_security.conf.sample.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/mod_security/files/280_mod_security.conf.sample.in Sat Apr 16 17:29:07 2016 (r413465) @@ -0,0 +1,25 @@ +## $FreeBSD$ +## vim: set filetype=apache: +## +## module file for mod_security +## +## PROVIDE: mod_security2 +## REQUIRE: mod_unique_id + +## +## To enable ModSecurity in Apache, enable the modules +## mod_unique_id (in httpd.conf) and +## mod_security2 in this config file +## +## Additionally, load configuration and rules with an Include line from +## %%ETCDIR%%/*.conf +## +## Most users will use the signatures from the OWASP Core Rule Set (CRS). +## For configuration instructions, see %%DOCSDIR%%/README. +## + +## apache modules for mod_security +#LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so +#LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so +#Include %%ETCDIR%%/*.conf + Modified: head/www/mod_security/files/README.in ============================================================================== --- head/www/mod_security/files/README.in Sat Apr 16 17:27:05 2016 (r413464) +++ head/www/mod_security/files/README.in Sat Apr 16 17:29:07 2016 (r413465) @@ -1,10 +1,14 @@ Configuring ModSecurity on FreeBSD ---------------------------------- -To enable ModSecurity in Apache, add the following to your httpd.conf: +To enable ModSecurity in Apache, follow the instructions in - LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so - Include etc/modsecurity/*.conf + %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% + +ModSecurity has various configuration options. +To change them, edit the following file: + + %%ETCDIR%%/modsecurity.conf Getting the Core Rule Set ------------------------- @@ -16,11 +20,13 @@ for all our ModSecurity related stuff, a under it. pkg install git - cd /usr/local/etc/modsecurity + cd %%ETCDIR%% git clone https://github.com/SpiderLabs/owasp-modsecurity-crs cp owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example \ crs.conf +The CRS has various config options. To change them, edit crs.conf. + To activate the CRS base rules, add the following to your httpd.conf: Include etc/modsecurity/owasp-modsecurity-crs/base_rules/*.conf @@ -78,6 +84,6 @@ exceptions. You probably want to keep the CRS updated from time to time. You can do this with Git: - cd /usr/local/etc/modsecurity/owasp-modsecurity-crs + cd %%ETCDIR%%/owasp-modsecurity-crs git pull apachectl restart Modified: head/www/mod_security/files/pkg-message.in ============================================================================== --- head/www/mod_security/files/pkg-message.in Sat Apr 16 17:27:05 2016 (r413464) +++ head/www/mod_security/files/pkg-message.in Sat Apr 16 17:29:07 2016 (r413465) @@ -1,9 +1,8 @@ You have installed ModSecurity. -To enable ModSecurity in Apache, add the following to your httpd.conf: +To enable ModSecurity in Apache, follow the instructions in - LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so - Include etc/modsecurity/*.conf + %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% Most users will use the signatures from the OWASP Core Rule Set (CRS). For configuration instructions, see %%DOCSDIR%%/README. Modified: head/www/mod_security/pkg-plist ============================================================================== --- head/www/mod_security/pkg-plist Sat Apr 16 17:27:05 2016 (r413464) +++ head/www/mod_security/pkg-plist Sat Apr 16 17:29:07 2016 (r413465) @@ -1,8 +1,8 @@ +%%MLOGC%%bin/mlogc +%%MLOGC%%bin/mlogc-batch-load.pl bin/rules-updater.pl -lib/mod_security2.so -%%APACHEMODDIR%%/mod_security2.so -@comment @exec %%APXS%% -e -n unique_id -a %%APACHEMODDIR%%/mod_unique_id.so +@sample %%APACHEETCDIR%%/modules.d/280_mod_security.conf.sample @sample %%ETCDIR%%/modsecurity.conf.sample %%ETCDIR%%/unicode.mapping -%%MLOGC%%bin/mlogc -%%MLOGC%%bin/mlogc-batch-load.pl +lib/%%AP_MODULE%% +%%APACHEMODDIR%%/%%AP_MODULE%%
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604161729.u3GHT7Nl061349>