blob: a6c971ced7022a38cce1951efb3e7557d5c3a7f7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# Maintainer: AlphaJack <alphajack at tuta dot io>
# Maintainer: Vladislav Minakov <v@minakov.pro>
pkgname="modsecurity-crs"
pkgver=4.16.0
pkgrel=1
pkgdesc="OWASP ModSecurity Core Rule Set"
url="https://github.com/coreruleset/coreruleset"
license=("Apache-2.0")
arch=("any")
depends=("libmodsecurity")
optdepends=("geoip-database: for coutry-based rules"
"nginx: HTTP server"
"angie: HTTP server"
"apache: HTTP server")
source=("https://github.com/coreruleset/coreruleset/archive/refs/tags/v$pkgver.tar.gz"
"https://raw.githubusercontent.com/owasp-modsecurity/ModSecurity/v3/master/modsecurity.conf-recommended"
"https://raw.githubusercontent.com/owasp-modsecurity/ModSecurity/v3/master/unicode.mapping")
b2sums=('6803922fcae519b4e820d2c56f31c17c86832468c74386e498f40c2f76570c11bf43c5820a32c4c143108d72be193474a10a1e26ffcdd79f45c3546526ee25db'
'378937cb32877e1bb22a2e08389da144be8004233e6d77c917c848ecfba5897cae85bd5c921e5a8eefb14a12b07050e6cd642c485351d25b6e9e8aef9ab84c1f'
'81760f570952b472dcdd3a5b5a2214136e21d1a1cdf65b6d16c615ef4ac6df056b37eebe9ce1f175aa72c664fa7405b1e6edc57847e64511cc64d969ad4490e7')
backup=("etc/modsecurity/modsecurity.conf"
"etc/modsecurity/crs/crs-setup.conf"
"etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf"
"etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf")
options=("!strip")
install="modsecurity-crs.install"
prepare(){
# activate response, disable audit log, disable telemetry
sed -i "$srcdir/modsecurity.conf-recommended" \
-e "s|SecRuleEngine DetectionOnly|#&\nSecRuleEngine On|" \
-e "s|SecAuditEngine RelevantOnly|#&\nSecAuditEngine Off|" \
-e "s|SecStatusEngine On|#&\nSecStatusEngine Off|"
echo "
Include /etc/modsecurity/crs/crs-setup.conf
Include /usr/share/modsecurity/crs/plugins/*-config.conf
Include /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
Include /usr/share/modsecurity/crs/rules/*.conf
Include /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf" >> "$srcdir/modsecurity.conf-recommended"
}
package(){
cd "coreruleset-$pkgver"
# custom configurations
# https://coreruleset.org/docs/deployment/quick_start/#setting-up-the-main-configuration-file
install -D -m 644 "$srcdir/modsecurity.conf-recommended" "$pkgdir/etc/modsecurity/modsecurity.conf"
install -D -m 644 "$srcdir/unicode.mapping" "$pkgdir/etc/modsecurity/unicode.mapping"
install -D -m 644 "crs-setup.conf.example" "$pkgdir/etc/modsecurity/crs/crs-setup.conf"
mv "rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example" "$pkgdir/etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf"
mv "rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example" "$pkgdir/etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf"
# community rules
install -d "$pkgdir/usr/share/modsecurity/crs"
cp -r "rules" "$pkgdir/usr/share/modsecurity/crs"
cp -r "util" "$pkgdir/usr/share/modsecurity/crs"
cp -r "regex-assembly" "$pkgdir/usr/share/modsecurity/crs"
cp -r "plugins" "$pkgdir/usr/share/modsecurity/crs"
}
|