Modsecurity module added to Nginx. Archive directory created

fedora/SPECS/libmodsecurity.spec

@@ -0,0 +1,94 @@
+
+Name: libmodsecurity
+Version: 3.0.2
+Release: 1%{?dist}
+Summary: A library that loads/interprets rules written in the ModSecurity SecRules 
+
+License: ASL 2.0
+URL: https://www.modsecurity.org/
+
+Source0: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz
+
+BuildRequires: gcc-c++
+BuildRequires: make
+BuildRequires: flex
+BuildRequires: bison 
+BuildRequires: git-core
+BuildRequires: ssdeep-devel
+BuildRequires: yajl-devel
+BuildRequires: libcurl-devel
+BuildRequires: lmdb-devel
+BuildRequires: pkgconfig(libxml-2.0)
+BuildRequires: pkgconfig(yajl)
+BuildRequires: pkgconfig(libcurl)
+BuildRequires: pkgconfig(geoip)
+BuildRequires: pkgconfig(libpcre)
+BuildRequires: pkgconfig(lmdb)
+
+# libinjection is supposed to be bundled (same as with mod_security 2.x)
+# See: https://github.com/client9/libinjection#embedding
+Provides: bundled(libinjection) = 3.9.2
+
+%description
+Libmodsecurity is one component of the ModSecurity v3 project.
+The library codebase serves as an interface to ModSecurity Connectors 
+taking in web traffic and applying traditional ModSecurity processing.
+In general, it provides the capability to load/interpret rules written 
+in the ModSecurity SecRules format and apply them to HTTP content provided
+by your application via Connectors.
+
+
+%package devel
+Summary: Development files for %{name}
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+%package static
+Summary: Development files for %{name}
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description static
+The %{name}-static package contains static libraries for developing
+applications that use %{name}.
+
+
+%prep
+%autosetup -n modsecurity-v%{version}
+
+%build
+%configure --libdir=%{_libdir}
+%make_build
+
+%install
+%make_install
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%doc README.md AUTHORS
+%{_libdir}/*.so.*
+%{_bindir}/*
+%license LICENSE
+
+%files devel
+%doc README.md AUTHORS
+%{_includedir}/*
+%{_libdir}/*.so
+%license LICENSE
+
+%files static
+%{_libdir}/*.a
+%{_libdir}/*.la
+
+%clean
+[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}/*
+[ "%{_builddir}" != "/" ] && [ -d "%{_builddir}" ] && rm -rf %{_builddir}/*
+
+%changelog
+* Sun Apr 15 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 3.0.2-1
+- Initial build for Fedora 27

fedora/SPECS/nginx.spec

@@ -1,6 +1,8 @@
 %global  _hardened_build            1
 %global  nginx_user                 nginx
 %global  with_ldap_module           1
+%global  with_modsecurity_module    1
+%global  modsecver                  3.0.2
 
 # gperftools exist only on selected arches
 %ifnarch s390 s390x
@@ -16,7 +18,7 @@
 Name:              nginx
 Epoch:             1
 Version:           1.13.12
-Release:           2%{?dist}
+Release:           3%{?dist}
 
 Summary:           A high performance web server and reverse proxy server
 Group:             System Environment/Daemons
@@ -27,6 +29,9 @@ URL:               http://nginx.org/
 
 Source0:           https://nginx.org/download/nginx-%{version}.tar.gz
 Source1:           ngx_http_auth_ldap_module.tar.gz
+Source2:           modsecurity-nginx-%{modsecver}.tar.gz
+Source3:           modsecurity.conf
+Source4:           main.conf
 Source10:          nginx.service
 Source11:          nginx.logrotate
 Source12:          nginx.conf
@@ -146,7 +151,7 @@ Requires:          perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $ve
 
 %package mod-http-xslt-filter
 Group:             System Environment/Daemons
-Summary:           Nginx XSLT module
+Summary:           Nginx XSLT modul
 BuildRequires:     libxslt-devel
 Requires:          nginx
 
@@ -155,7 +160,7 @@ Requires:          nginx
 
 %package mod-mail
 Group:             System Environment/Daemons
-Summary:           Nginx mail modules
+Summary:           Nginx mail module
 Requires:          nginx
 
 %description mod-mail
@@ -163,7 +168,7 @@ Requires:          nginx
 
 %package mod-stream
 Group:             System Environment/Daemons
-Summary:           Nginx stream modules
+Summary:           Nginx stream module
 Requires:          nginx
 
 %description mod-stream
@@ -172,7 +177,7 @@ Requires:          nginx
 %if 0%{?with_ldap_module}
 %package mod-auth-ldap
 Group:             System Environment/Daemons
-Summary:           Nginx ldap auth modules
+Summary:           Nginx ldap auth module
 Requires:          nginx
 BuildRequires:     openldap-devel
 
@@ -180,10 +185,21 @@ BuildRequires:     openldap-devel
 LDAP auth module for nginx
 %endif
 
+%if 0%{?with_modsecurity_module}
+%package mod-security
+Group:             System Environment/Daemons
+Summary:           Nginx modsecurity module
+Requires:          nginx libmodsecurity
+BuildRequires:     libmodsecurity-devel
+
+%description mod-security
+Modsecurity module for nginx
+%endif
 
 %prep
 %if 0%{?with_ldap_module}
 %setup -q -b 1 -n ngx_http_auth_ldap_module
+%setup -q -b 2 -n modsecurity-nginx-%{modsecver}
 %endif
 %setup -q
 %patch0 -p0
@@ -252,6 +268,10 @@ export DESTDIR=%{buildroot}
 %endif
 %if 0%{?with_ldap_module}
     --add-dynamic-module=%{_builddir}/ngx_http_auth_ldap_module \
+%endif
+%if 0%{?with_modsecurity_module}
+    --add-dynamic-module=%{_builddir}/modsecurity-nginx-%{modsecver} \
+    --with-compat \
 %endif
     --with-debug \
     --with-cc-opt="%{optflags} $(pcre-config --cflags)" \
@@ -289,6 +309,15 @@ install -m 0755 ./objs/ngx_http_auth_ldap_module.so %{buildroot}%{_libdir}/nginx
 install -p -D -m 0644 %{_builddir}/ngx_http_auth_ldap_module/example.conf %{buildroot}%{_defaultdocdir}/%{name}/auth_ldap_example.conf
 %endif
 
+%if 0%{?with_modsecurity_module}
+install -m 0755 ./objs/ngx_http_modsecurity_module.so %{buildroot}%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so
+install -p -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/nginx/modsec/modsecurity.conf
+install -p -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/nginx/modsec/main.conf
+for f in CHANGES AUTHORS README.md LICENSE; do
+	install -p -D -m 0644 %{_builddir}/modsecurity-nginx-%{modsecver}/$f %{buildroot}%{_defaultdocdir}/%{name}-mod-security/$f
+done
+%endif
+
 install -p -m 0644 ./nginx.conf \
     %{buildroot}%{_sysconfdir}/nginx
 install -p -m 0644 %{SOURCE100} \
@@ -329,6 +358,10 @@ echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
 echo 'load_module "%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so";' \
     > %{buildroot}%{_datadir}/nginx/modules/mod-http_auth-ldap.conf
 %endif
+%if 0%{?with_modsecurity_module}
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-http_modsecurity.conf
+%endif
 
 %pre filesystem
 getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
@@ -461,10 +494,23 @@ fi
 %{_defaultdocdir}/%{name}/auth_ldap_example.conf
 %endif
 
+%if 0%{?with_modsecurity_module}
+%files mod-security
+%{_defaultdocdir}/%{name}-mod-security/*
+%config(noreplace) %{_sysconfdir}/nginx/modsec/modsecurity.conf
+%config(noreplace) %{_sysconfdir}/nginx/modsec/main.conf
+%{_datadir}/nginx/modules/mod-http_modsecurity.conf
+%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so
+%endif
+
 %clean
-[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}
+[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}/*
+[ "%{_builddir}" != "/" ] && [ -d "%{_builddir}" ] && rm -rf %{_builddir}/*
 
 %changelog
-* Sat Apr 14 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 1.13.12-2
-- Auth-ldap module added for basic auth over LDAP.
+* Sun Apr 15 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 1.13.12-3
+- Modsecurity module added as a shared module.
+
+* Sat Apr 14 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 1.13.12-2
+- Auth-ldap module added for basic auth over LDAP as a shared module.