From owner-svn-ports-all@freebsd.org Sat Apr 16 18:10:48 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 859C9B110D0; Sat, 16 Apr 2016 18:10:48 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4411312CB; Sat, 16 Apr 2016 18:10:48 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u3GIAlr8076101; Sat, 16 Apr 2016 18:10:47 GMT (envelope-from ohauer@FreeBSD.org) Received: (from ohauer@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u3GIAk5x076094; Sat, 16 Apr 2016 18:10:46 GMT (envelope-from ohauer@FreeBSD.org) Message-Id: <201604161810.u3GIAk5x076094@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ohauer set sender to ohauer@FreeBSD.org using -f From: Olli Hauer Date: Sat, 16 Apr 2016 18:10:46 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r413475 - in branches/2016Q2/www/mod_security: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Apr 2016 18:10:48 -0000 Author: ohauer Date: Sat Apr 16 18:10:46 2016 New Revision: 413475 URL: https://svnweb.freebsd.org/changeset/ports/413475 Log: MFH: r413465 - update to 2.9.1 - install etc/apache2x/modules.d/280_mod_security.conf.sample - adjust README and pkg-message to reflect new module activation - adjust and sort pkg-plist Changes: - ModSecurity: update to 2.9.1 - Add support for Lua 5.1 or higher (was 5.1 only) - pkg-plist: bring back mod_unique_id activation, fix deprecated @exec - README: point user to configuration files PR: 208144 Submitted by: Walter Hop (maintainer) Approved by: ports-secteam (jason) Added: branches/2016Q2/www/mod_security/files/280_mod_security.conf.sample.in - copied unchanged from r413465, head/www/mod_security/files/280_mod_security.conf.sample.in Modified: branches/2016Q2/www/mod_security/Makefile branches/2016Q2/www/mod_security/distinfo branches/2016Q2/www/mod_security/files/README.in branches/2016Q2/www/mod_security/files/pkg-message.in branches/2016Q2/www/mod_security/pkg-plist Directory Properties: branches/2016Q2/ (props changed) Modified: branches/2016Q2/www/mod_security/Makefile ============================================================================== --- branches/2016Q2/www/mod_security/Makefile Sat Apr 16 18:08:55 2016 (r413474) +++ branches/2016Q2/www/mod_security/Makefile Sat Apr 16 18:10:46 2016 (r413475) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= mod_security -PORTVERSION= 2.9.0 +PORTVERSION= 2.9.1 CATEGORIES= www security MASTER_SITES= http://www.modsecurity.org/tarball/${PORTVERSION}/ PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX} @@ -34,18 +34,16 @@ DOCSDIR= ${PREFIX}/share/doc/${MODULENAM SUB_FILES+= pkg-message SUB_FILES+= README -SUB_LIST+= APACHEETCDIR="${APACHEETCDIR}" -SUB_LIST+= APACHEMODDIR="${APACHEMODDIR}" - -PLIST_SUB+= APXS="${APXS}" -PLIST_SUB+= APACHEMODDIR="${APACHEMODDIR}" +SUB_FILES+= ${APMOD_FILE}.sample +APMOD_FILE= 280_${PORTNAME}.conf +SUB_LIST+= APMOD_FILE=${APMOD_FILE} OPTIONS_DEFINE= DOCS FUZZYHASH LUA MLOGC OPTIONS_SUB= yes LUA_CONFIGURE_ON= --with-lua=${LOCALBASE} LUA_CONFIGURE_OFF+= --without-lua -LUA_USES= lua:51 +LUA_USES= lua:51+ MLOGC_DESC= Build ModSecurity Log Collector MLOGC_CONFIGURE_ON= --disable-errors @@ -79,4 +77,7 @@ post-install: (cd ${WRKSRC} && ${COPYTREE_SHARE} doc ${STAGEDIR}${DOCSDIR}) ${INSTALL_DATA} ${WRKDIR}/README ${STAGEDIR}${DOCSDIR} + @${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d + ${INSTALL_DATA} ${WRKDIR}/${APMOD_FILE}.sample ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d + .include Modified: branches/2016Q2/www/mod_security/distinfo ============================================================================== --- branches/2016Q2/www/mod_security/distinfo Sat Apr 16 18:08:55 2016 (r413474) +++ branches/2016Q2/www/mod_security/distinfo Sat Apr 16 18:10:46 2016 (r413475) @@ -1,2 +1,2 @@ -SHA256 (modsecurity-2.9.0.tar.gz) = e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 -SIZE (modsecurity-2.9.0.tar.gz) = 4246467 +SHA256 (modsecurity-2.9.1.tar.gz) = 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24 +SIZE (modsecurity-2.9.1.tar.gz) = 4261212 Copied: branches/2016Q2/www/mod_security/files/280_mod_security.conf.sample.in (from r413465, head/www/mod_security/files/280_mod_security.conf.sample.in) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q2/www/mod_security/files/280_mod_security.conf.sample.in Sat Apr 16 18:10:46 2016 (r413475, copy of r413465, head/www/mod_security/files/280_mod_security.conf.sample.in) @@ -0,0 +1,25 @@ +## $FreeBSD$ +## vim: set filetype=apache: +## +## module file for mod_security +## +## PROVIDE: mod_security2 +## REQUIRE: mod_unique_id + +## +## To enable ModSecurity in Apache, enable the modules +## mod_unique_id (in httpd.conf) and +## mod_security2 in this config file +## +## Additionally, load configuration and rules with an Include line from +## %%ETCDIR%%/*.conf +## +## Most users will use the signatures from the OWASP Core Rule Set (CRS). +## For configuration instructions, see %%DOCSDIR%%/README. +## + +## apache modules for mod_security +#LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so +#LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so +#Include %%ETCDIR%%/*.conf + Modified: branches/2016Q2/www/mod_security/files/README.in ============================================================================== --- branches/2016Q2/www/mod_security/files/README.in Sat Apr 16 18:08:55 2016 (r413474) +++ branches/2016Q2/www/mod_security/files/README.in Sat Apr 16 18:10:46 2016 (r413475) @@ -1,10 +1,14 @@ Configuring ModSecurity on FreeBSD ---------------------------------- -To enable ModSecurity in Apache, add the following to your httpd.conf: +To enable ModSecurity in Apache, follow the instructions in - LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so - Include etc/modsecurity/*.conf + %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% + +ModSecurity has various configuration options. +To change them, edit the following file: + + %%ETCDIR%%/modsecurity.conf Getting the Core Rule Set ------------------------- @@ -16,11 +20,13 @@ for all our ModSecurity related stuff, a under it. pkg install git - cd /usr/local/etc/modsecurity + cd %%ETCDIR%% git clone https://github.com/SpiderLabs/owasp-modsecurity-crs cp owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example \ crs.conf +The CRS has various config options. To change them, edit crs.conf. + To activate the CRS base rules, add the following to your httpd.conf: Include etc/modsecurity/owasp-modsecurity-crs/base_rules/*.conf @@ -78,6 +84,6 @@ exceptions. You probably want to keep the CRS updated from time to time. You can do this with Git: - cd /usr/local/etc/modsecurity/owasp-modsecurity-crs + cd %%ETCDIR%%/owasp-modsecurity-crs git pull apachectl restart Modified: branches/2016Q2/www/mod_security/files/pkg-message.in ============================================================================== --- branches/2016Q2/www/mod_security/files/pkg-message.in Sat Apr 16 18:08:55 2016 (r413474) +++ branches/2016Q2/www/mod_security/files/pkg-message.in Sat Apr 16 18:10:46 2016 (r413475) @@ -1,9 +1,8 @@ You have installed ModSecurity. -To enable ModSecurity in Apache, add the following to your httpd.conf: +To enable ModSecurity in Apache, follow the instructions in - LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so - Include etc/modsecurity/*.conf + %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%% Most users will use the signatures from the OWASP Core Rule Set (CRS). For configuration instructions, see %%DOCSDIR%%/README. Modified: branches/2016Q2/www/mod_security/pkg-plist ============================================================================== --- branches/2016Q2/www/mod_security/pkg-plist Sat Apr 16 18:08:55 2016 (r413474) +++ branches/2016Q2/www/mod_security/pkg-plist Sat Apr 16 18:10:46 2016 (r413475) @@ -1,8 +1,8 @@ +%%MLOGC%%bin/mlogc +%%MLOGC%%bin/mlogc-batch-load.pl bin/rules-updater.pl -lib/mod_security2.so -%%APACHEMODDIR%%/mod_security2.so -@comment @exec %%APXS%% -e -n unique_id -a %%APACHEMODDIR%%/mod_unique_id.so +@sample %%APACHEETCDIR%%/modules.d/280_mod_security.conf.sample @sample %%ETCDIR%%/modsecurity.conf.sample %%ETCDIR%%/unicode.mapping -%%MLOGC%%bin/mlogc -%%MLOGC%%bin/mlogc-batch-load.pl +lib/%%AP_MODULE%% +%%APACHEMODDIR%%/%%AP_MODULE%%