blob: 56863d340cc37a581f56eb6458e86eca1874e912 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# Maintainer: AlphaJack <alphajack at tuta dot io>
# Maintainer: Vladislav Minakov <v@minakov.pro>
pkgname="modsecurity-crs"
pkgver=4.9.0
pkgrel=1
pkgdesc="OWASP ModSecurity Core Rule Set"
url="https://github.com/coreruleset/coreruleset"
license=("Apache-2.0")
arch=("any")
depends=("libmodsecurity")
optdepends=("geoip-database: for coutry-based rules"
"nginx: HTTP server"
"angie: HTTP server"
"apache: HTTP server")
source=("https://github.com/coreruleset/coreruleset/archive/refs/tags/v$pkgver.tar.gz"
"https://raw.githubusercontent.com/owasp-modsecurity/ModSecurity/v3/master/modsecurity.conf-recommended"
"https://raw.githubusercontent.com/owasp-modsecurity/ModSecurity/v3/master/unicode.mapping")
sha512sums=('89bd32374b7f156e0d98fadec1f2178ba296bf06fc966ed4220352b6d6fd73b4304564812a676532914bac46152824a5414ebe6bd2c9edeb8cc30e6be72fce92'
'402a6b4f462ffd73f4bfc636d279337db0be6c260981b94312053c6e787cc81831cc5f702b42344f59cc9d31ac5dffb9dcd1595a78b7d45abe534ff63cb81867'
'da4a211a1791e4fc68b7cf18917c892d72fd6e1c22b312a21ae21ff8fba25365a9efeee4a9a00352ada25b3b0f6226e844f7f9bbedbcb7ab6424349841c3d42e')
backup=("etc/modsecurity/modsecurity.conf"
"etc/modsecurity/crs/crs-setup.conf"
"etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf"
"etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf")
options=("!strip")
install="modsecurity-crs.install"
prepare(){
# activate response, disable audit log, disable telemetry
sed -i "$srcdir/modsecurity.conf-recommended" \
-e "s|SecRuleEngine DetectionOnly|#&\nSecRuleEngine On|" \
-e "s|SecAuditEngine RelevantOnly|#&\nSecAuditEngine Off|" \
-e "s|SecStatusEngine On|#&\nSecStatusEngine Off|"
echo "
Include /etc/modsecurity/crs/crs-setup.conf
Include /usr/share/modsecurity/crs/plugins/*-config.conf
Include /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
Include /usr/share/modsecurity/crs/rules/*.conf
Include /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf" >> "$srcdir/modsecurity.conf-recommended"
}
package(){
cd "coreruleset-$pkgver"
# custom configurations
# https://coreruleset.org/docs/deployment/quick_start/#setting-up-the-main-configuration-file
install -D -m 644 "$srcdir/modsecurity.conf-recommended" "$pkgdir/etc/modsecurity/modsecurity.conf"
install -D -m 644 "$srcdir/unicode.mapping" "$pkgdir/etc/modsecurity/unicode.mapping"
install -D -m 644 "crs-setup.conf.example" "$pkgdir/etc/modsecurity/crs/crs-setup.conf"
mv "rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example" "$pkgdir/etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf"
mv "rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example" "$pkgdir/etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf"
# community rules
install -d "$pkgdir/usr/share/modsecurity/crs"
cp -r "rules" "$pkgdir/usr/share/modsecurity/crs"
cp -r "util" "$pkgdir/usr/share/modsecurity/crs"
cp -r "regex-assembly" "$pkgdir/usr/share/modsecurity/crs"
cp -r "plugins" "$pkgdir/usr/share/modsecurity/crs"
}
|