Merge pull request #149591 from Izorkin/update-modsecurity

update modsecurity packages
This commit is contained in:
Stig 2022-02-14 19:56:50 +01:00 committed by GitHub
commit 3ad52fcdd6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 79 additions and 13 deletions

View file

@ -252,8 +252,8 @@ in
name = "modsecurity-nginx";
owner = "SpiderLabs";
repo = "ModSecurity-nginx";
rev = "v1.0.1";
sha256 = "0cbb3g3g4v6q5zc6an212ia5kjjad62bidnkm8b70i4qv1615pzf";
rev = "v1.0.2";
sha256 = "sha256-UXiitc3jZlgXlCsDPS+xEFLNRVgRbn8BCCXUEqAWlII=";
};
inputs = [ pkgs.curl pkgs.geoip pkgs.libmodsecurity pkgs.libxml2 pkgs.lmdb pkgs.yajl ];
};

View file

@ -1,34 +1,57 @@
{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config
, doxygen, perl, valgrind
, curl, geoip, libxml2, lmdb, lua, pcre, yajl }:
{ lib, stdenv, fetchFromGitHub
, autoreconfHook, bison, flex, pkg-config
, curl, geoip, libmaxminddb, libxml2, lmdb, lua, pcre
, ssdeep, valgrind, yajl
}:
stdenv.mkDerivation rec {
pname = "libmodsecurity";
version = "3.0.4";
version = "3.0.6";
src = fetchFromGitHub {
owner = "SpiderLabs";
repo = "ModSecurity";
fetchSubmodules = true;
rev = "v${version}";
sha256 = "07vry10cdll94sp652hwapn0ppjv3mb7n2s781yhy7hssap6f2vp";
sha256 = "sha256-V+NBT2YN8qO3Px8zEzSA2ZsjSf1pv8+VlLxYlrpqfGg=";
fetchSubmodules = true;
};
nativeBuildInputs = [ autoreconfHook pkg-config doxygen ];
nativeBuildInputs = [ autoreconfHook bison flex pkg-config ];
buildInputs = [ curl geoip libmaxminddb libxml2 lmdb lua pcre ssdeep valgrind yajl ];
buildInputs = [ perl valgrind curl geoip libxml2 lmdb lua pcre yajl ];
outputs = [ "out" "dev" ];
configureFlags = [
"--enable-static"
"--enable-parser-generation"
"--with-curl=${curl.dev}"
"--with-libxml=${libxml2.dev}"
"--with-lmdb=${lmdb.out}"
"--with-maxmind=${libmaxminddb}"
"--with-pcre=${pcre.dev}"
"--with-yajl=${yajl}"
"--with-ssdeep=${ssdeep}"
];
postPatch = ''
substituteInPlace build/lmdb.m4 \
--replace "\''${path}/include/lmdb.h" "${lmdb.dev}/include/lmdb.h" \
--replace "lmdb_inc_path=\"\''${path}/include\"" "lmdb_inc_path=\"${lmdb.dev}/include\""
substituteInPlace build/ssdeep.m4 \
--replace "/usr/local/libfuzzy" "${ssdeep}/lib" \
--replace "\''${path}/include/fuzzy.h" "${ssdeep}/include/fuzzy.h" \
--replace "ssdeep_inc_path=\"\''${path}/include\"" "ssdeep_inc_path=\"${ssdeep}/include\""
substituteInPlace modsecurity.conf-recommended \
--replace "SecUnicodeMapFile unicode.mapping 20127" "SecUnicodeMapFile $out/share/modsecurity/unicode.mapping 20127"
'';
postInstall = ''
mkdir -p $out/share/modsecurity
cp ${src}/{AUTHORS,CHANGES,LICENSE,README.md,modsecurity.conf-recommended,unicode.mapping} $out/share/modsecurity
'';
enableParallelBuilding = true;
meta = with lib; {
homepage = "https://github.com/SpiderLabs/ModSecurity";
description = ''
ModSecurity v3 library component.
'';
@ -40,7 +63,6 @@ stdenv.mkDerivation rec {
the ModSecurity SecRules format and apply them to HTTP content provided
by your application via Connectors.
'';
homepage = "https://modsecurity.org/";
license = licenses.asl20;
platforms = platforms.all;
maintainers = with maintainers; [ izorkin ];

View file

@ -0,0 +1,42 @@
{ lib, stdenv, fetchFromGitHub }:
stdenv.mkDerivation rec {
version = "3.3.2";
pname = "modsecurity-crs";
src = fetchFromGitHub {
owner = "coreruleset";
repo = "coreruleset";
rev = "v${version}";
sha256 = "sha256-m/iVLhk2y5BpYu8EwC2adrrDnbaVCQ0SE25ltvMokCw=";
};
installPhase = ''
install -D -m444 -t $out/rules ${src}/rules/*.conf
install -D -m444 -t $out/rules ${src}/rules/*.data
install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/*.md
install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/{CHANGES,INSTALL,LICENSE}
install -D -m444 -t $out/share/modsecurity-crs ${src}/rules/*.example
install -D -m444 -t $out/share/modsecurity-crs ${src}/crs-setup.conf.example
cat > $out/share/modsecurity-crs/modsecurity-crs.load.example <<EOF
##
## This is a sample file for loading OWASP CRS's rules.
##
Include /etc/modsecurity/crs/crs-setup.conf
IncludeOptional /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
Include $out/rules/*.conf
IncludeOptional /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
EOF
'';
meta = with lib; {
homepage = "https://coreruleset.org";
description = ''
The OWASP ModSecurity Core Rule Set is a set of generic attack detection
rules for use with ModSecurity or compatible web application firewalls.
'';
license = licenses.asl20;
platforms = platforms.all;
maintainers = with maintainers; [ izorkin ];
};
}

View file

@ -7883,6 +7883,8 @@ with pkgs;
modsecurity_standalone = callPackage ../tools/security/modsecurity { };
modsecurity-crs = callPackage ../tools/security/modsecurity-crs { };
molly-guard = callPackage ../os-specific/linux/molly-guard { };
molotov = callPackage ../applications/video/molotov {};