From b63b184751271c7f4b9dd849543cd569ceb49003 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Sat, 9 Nov 2013 01:37:53 -0200 Subject: Apache-modsecurity-dev - fix modsecurity update rules, bump apache version to 2.2.23. --- config/apache_mod_security-dev/apache.template | 2 +- .../apache_mod_security.inc | 36 ++++++++++------------ 2 files changed, 17 insertions(+), 21 deletions(-) (limited to 'config') diff --git a/config/apache_mod_security-dev/apache.template b/config/apache_mod_security-dev/apache.template index 69ffb9c7..93de58af 100644 --- a/config/apache_mod_security-dev/apache.template +++ b/config/apache_mod_security-dev/apache.template @@ -176,7 +176,7 @@ LoadModule status_module libexec/apache22/mod_status.so LoadModule autoindex_module libexec/apache22/mod_autoindex.so LoadModule asis_module libexec/apache22/mod_asis.so LoadModule info_module libexec/apache22/mod_info.so -LoadModule cgi_module libexec/apache22/mod_cgi.so +#LoadModule cgi_module libexec/apache22/mod_cgi.so LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so LoadModule negotiation_module libexec/apache22/mod_negotiation.so LoadModule dir_module libexec/apache22/mod_dir.so diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 8ca5b4e3..76208c70 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -35,7 +35,7 @@ if ($pf_version > 2.0) else define('APACHEDIR', '/usr/local'); // End of system check -define ('MODSECURITY_DIR','modsecurity-crs_2.2.5'); +define ('MODSECURITY_DIR','crs'); // Rules directory location define("rules_directory", APACHEDIR . "/". MODSECURITY_DIR); function apache_textarea_decode($base64){ @@ -57,10 +57,6 @@ function apache_get_real_interface_address($iface) { // Ensure NanoBSD can write. pkg_mgr will remount RO conf_mount_rw(); -// Needed mod_security directories -if(!is_dir(APACHEDIR . "/". MODSECURITY_DIR)) - safe_mkdir(APACHEDIR . "/". MODSECURITY_DIR); - // Startup function function apache_mod_security_start() { exec(APACHEDIR . "/sbin/httpd -D NOHTTPACCEPT -k start"); @@ -127,23 +123,23 @@ function apache_mod_security_resync() { global $config, $g; apache_mod_security_install(); $dirs=array("base", "experimental","optional", "slr"); - $ms_file="/usr/local/pkg/modsecurity-crs_2.2.5.tar.gz"; - if (file_exists($ms_file)){ - if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")) - exec ("tar -xzf $ms_file -C ".APACHEDIR); - $write_config=0; - foreach ($dirs as $dir){ - if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) { - $write_config++; - $config['installedpackages']["modsecurityfiles{$dir}"]['config']=array(); - while (false !== ($entry = readdir($handle))) { - if (preg_match("/(\S+).conf/",$entry,$matches)) - $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]); - } - closedir($handle); + if (! file_exists(APACHEDIR ."/". MODSECURITY_DIR . "/LICENSE")){ + exec ("/usr/local/bin/git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git ".APACHEDIR."/".MODSECURITY_DIR); + //chdir (APACHEDIR."/".MODSECURITY_DIR); + //exec ("/usr/local/bin/git checkout -q 2.2.8"); + } + $write_config=0; + foreach ($dirs as $dir){ + if ($handle = opendir(APACHEDIR ."/".MODSECURITY_DIR."/{$dir}_rules")) { + $write_config++; + $config['installedpackages']["modsecurityfiles{$dir}"]['config']=array(); + while (false !== ($entry = readdir($handle))) { + if (preg_match("/(\S+).conf/",$entry,$matches)) + $config["installedpackages"]["modsecurityfiles{$dir}"]["config"][]=array("file"=>$matches[1]); } + closedir($handle); + } } - } if ($write_config > 0) write_config(); apache_mod_security_checkconfig(); -- cgit v1.2.3