debian/0000755000000000000000000000000012167753715007204 5ustar debian/source/0000755000000000000000000000000011730662216010472 5ustar debian/source/format0000644000000000000000000000001411730662216011700 0ustar 3.0 (quilt) debian/dirs0000644000000000000000000000003311730662216010052 0ustar usr/share/modsecurity-crs/ debian/rules0000755000000000000000000000273612167753715010274 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ override_dh_compress: dh_compress --exclude=common.c override_dh_auto_install: cp modsecurity_crs_10_setup.conf.example debian/modsecurity-crs/usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf cp -r base_rules/ debian/modsecurity-crs/usr/share/modsecurity-crs/ cp -r experimental_rules/ debian/modsecurity-crs/usr/share/modsecurity-crs/ cp -r lua/ debian/modsecurity-crs/usr/share/modsecurity-crs/ cp -r optional_rules/ debian/modsecurity-crs/usr/share/modsecurity-crs/ cp -r activated_rules/ debian/modsecurity-crs/usr/share/modsecurity-crs/ cp -r slr_rules/ debian/modsecurity-crs/usr/share/modsecurity-crs/ cp -r util/ debian/modsecurity-crs/usr/share/modsecurity-crs/ override_dh_fixperms: dh_fixperms chmod 755 debian/modsecurity-crs/usr/share/modsecurity-crs/util/rule-management/remove-2.7-actions.pl chmod 755 debian/modsecurity-crs/usr/share/modsecurity-crs/util/regression-tests/testserver.cgi find debian/modsecurity-crs/usr/share/modsecurity-crs/util \( -name '*.c' -o -name '*.h' -o -name '*.tests' \) -exec chmod a-x {} \; debian/README.Debian0000644000000000000000000000216211730667135011241 0ustar modsecurity-crs for Debian -------------------------- New way ------- There's a new way to handle which CRS rules are included in the ModSecurity configuration. A new directory /usr/share/modsecurity-crs/activated_rules/ would contain symlinks to those rules you want to use. There's a README file in that dir with all the details. If you'd rather use this way, your configuration file should include CRS rules as: Include /usr/share/modsecurity-crs/*.conf Include /usr/share/modsecurity-crs/activated_rules/*.conf You may, of course, keep doing it the "old way". :-) Old way ------- If you want to use modsecurity's CRS rules just include the following configuration snippet in your modsecurity configuration (usually under /etc/modsecurity): Include /usr/share/modsecurity-crs/*.conf Include /usr/share/modsecurity-crs/base_rules/*.conf Under /usr/share/modsecurity-crs/ you may also find other *_rules/ directories with more experimental or "violent" rules. -- Alberto Gonzalez Iniesta Fri, 16 Mar 2012 17:32:01 +0100 debian/changelog0000644000000000000000000000342612167750773011064 0ustar modsecurity-crs (2.2.8-1) unstable; urgency=low * New upstream version * Update perl_path patch * Fix path to GeoLiteCity.dat (Closes: #705248) * Add geoip-database-contrib to Suggests * Fix path to arachni_integration.lua (Closes: #705249) * Fix path to appsensor_request_exception_enforce.lua (Closes: #705250) * Update debian/rules and debian/watch -- Alberto Gonzalez Iniesta Fri, 12 Jul 2013 10:36:51 +0200 modsecurity-crs (2.2.5-2) unstable; urgency=low * Update debian/copyright with right license. -- Alberto Gonzalez Iniesta Mon, 02 Jul 2012 17:18:35 +0200 modsecurity-crs (2.2.5-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 18 Jun 2012 11:44:26 +0200 modsecurity-crs (2.2.4-1) unstable; urgency=low * New upstream release * Include activated_rules/ directory for alternate way to handle rules inclusion * Bumped Standards-Version to 3.9.3 -- Alberto Gonzalez Iniesta Fri, 16 Mar 2012 17:23:57 +0100 modsecurity-crs (2.2.3-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Tue, 20 Dec 2011 07:47:43 +0100 modsecurity-crs (2.2.2-1) unstable; urgency=low * New upstream release * Added >= 2.6.0 to libapache2-modsecurity dependency (Closes: #640837) -- Alberto Gonzalez Iniesta Sun, 02 Oct 2011 12:16:35 +0200 modsecurity-crs (2.2.0-1) unstable; urgency=low * New upstream release * Bumped Standards-Version to 3.9.2 -- Alberto Gonzalez Iniesta Thu, 16 Jun 2011 17:55:02 +0200 modsecurity-crs (2.1.2-1) unstable; urgency=low * Initial release (Closes: #620252) -- Alberto Gonzalez Iniesta Thu, 31 Mar 2011 16:42:48 +0200 debian/control0000644000000000000000000000212612167752115010601 0ustar Source: modsecurity-crs Section: httpd Priority: extra Maintainer: Alberto Gonzalez Iniesta Build-Depends: debhelper (>= 7.0.50~) Standards-Version: 3.9.4 Homepage: http://www.modsecurity.org Package: modsecurity-crs Architecture: all Depends: libapache2-modsecurity (>= 2.6.0), ${misc:Depends} Suggests: lua, geoip-database-contrib, ruby Description: modsecurity's Core Rule Set modsecurity provides critical protections against attacks across most every web architecture. CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded. . Core Rules use the following techniques: HTTP request validation, HTTP protocol anomalies, Global constraints, HTTP Usage policy, Malicious client software detection, Generic Attack Detection (SQL injection, Cross Site Scripting, OS Command Injection, ColdFusion, PHP and ASP injection, etc.), Trojans & Backdoors Detection, Error Detection, XML Protection, Search Engine Monitoring. debian/watch0000644000000000000000000000014012167750646010230 0ustar version=3 http://github.com/SpiderLabs/owasp-modsecurity-crs/releases .*/v?(\d[\d\.]+)\.tar\.gz debian/patches/0000755000000000000000000000000012167751710010624 5ustar debian/patches/series0000644000000000000000000000021412167745530012041 0ustar appsensor_request_exception_enforce.lua_path.patch arachni_integration.lua_path.patch GeoLiteCity_path.patch lua_path.patch perl_path.patch debian/patches/lua_path.patch0000644000000000000000000000326212167751674013456 0ustar Description: Set path to lua to /usr/bin/lua Author: Alberto Gonzalez Iniesta Index: modsecurity-crs-2.2.0/lua/advanced_filter_converter.lua =================================================================== --- modsecurity-crs-2.2.0.orig/lua/advanced_filter_converter.lua 2010-12-29 17:46:58.000000000 +0100 +++ modsecurity-crs-2.2.0/lua/advanced_filter_converter.lua 2011-06-16 17:55:18.000000000 +0200 @@ -1,4 +1,4 @@ -#!/opt/local/bin/lua +#!/usr/bin/lua local rex = require "rex_pcre" local B = require "bit" Index: modsecurity-crs-2.2.0/lua/profile_page_scripts.lua =================================================================== --- modsecurity-crs-2.2.0.orig/lua/profile_page_scripts.lua 2011-01-07 21:29:52.000000000 +0100 +++ modsecurity-crs-2.2.0/lua/profile_page_scripts.lua 2011-06-16 17:55:18.000000000 +0200 @@ -1,4 +1,4 @@ -#!/opt/local/bin/lua +#!/usr/bin/lua function main() Index: modsecurity-crs-2.2.0/lua/gather_ip_data.lua =================================================================== --- modsecurity-crs-2.2.0.orig/lua/gather_ip_data.lua 2011-06-16 18:02:19.384955523 +0200 +++ modsecurity-crs-2.2.0/lua/gather_ip_data.lua 2011-06-16 18:02:29.417830093 +0200 @@ -1,4 +1,4 @@ -#!/opt/local/bin/lua +#!/usr/bin/lua require("io"); function main() Index: modsecurity-crs-2.2.0/lua/osvdb.lua =================================================================== --- modsecurity-crs-2.2.0.orig/lua/osvdb.lua 2011-06-16 18:02:52.415542584 +0200 +++ modsecurity-crs-2.2.0/lua/osvdb.lua 2011-06-16 18:03:02.504416454 +0200 @@ -1,4 +1,4 @@ -#!/opt/local/bin/lua +#!/usr/bin/lua local request_filename = m.getvar("REQUEST_FILENAME", "none") local args = {}; debian/patches/GeoLiteCity_path.patch0000644000000000000000000000523112167751625015050 0ustar Description: Fix path to GeoLiteCity.dat Author: Alberto Gonzalez Iniesta Bug-Debian: http://bugs.debian.org/705248 Index: modsecurity-crs/experimental_rules/modsecurity_crs_11_proxy_abuse.conf =================================================================== --- modsecurity-crs.orig/experimental_rules/modsecurity_crs_11_proxy_abuse.conf 2013-07-12 11:21:29.047096111 +0200 +++ modsecurity-crs/experimental_rules/modsecurity_crs_11_proxy_abuse.conf 2013-07-12 11:21:29.043096099 +0200 @@ -21,7 +21,7 @@ # # You then need to define the proper path for the SecGeoLookupDb directive # -SecGeoLookupDb /usr/local/apache/conf/modsec/GeoLiteCity.dat +SecGeoLookupDb /usr/share/GeoIP/GeoLiteCity.dat SecRule REQUEST_HEADERS:X-Forwarded-For "^\b\d{1,3}(? Bug-Debian: http://bugs.debian.org/705249 Index: modsecurity-crs/experimental_rules/modsecurity_crs_16_scanner_integration.conf =================================================================== --- modsecurity-crs.orig/experimental_rules/modsecurity_crs_16_scanner_integration.conf 2013-07-12 10:36:43.377778587 +0200 +++ modsecurity-crs/experimental_rules/modsecurity_crs_16_scanner_integration.conf 2013-07-12 11:23:40.503747975 +0200 @@ -29,5 +29,5 @@ # Update the path to the arachni_integration.lua script # #SecRule &RESOURCE:ARACHNI_SCAN_COMPLETED "@eq 0" "chain,id:'900031',phase:5,t:none,log,pass" -# SecRule &ARGS "@gt 0" "exec:/etc/apache2/modsecurity-crs/lua/arachni_integration.lua" +# SecRule &ARGS "@gt 0" "exec:/usr/share/modsecurity-crs/lua/arachni_integration.lua" debian/patches/perl_path.patch0000644000000000000000000000367512167751710013636 0ustar Description: Set path to perl to /usr/bin/perl Author: Alberto Gonzalez Iniesta Index: modsecurity-crs/util/regression-tests/rulestest.pl =================================================================== --- modsecurity-crs.orig/util/regression-tests/rulestest.pl 2013-07-12 10:36:43.553779466 +0200 +++ modsecurity-crs/util/regression-tests/rulestest.pl 2013-07-12 11:16:26.037593539 +0200 @@ -1,4 +1,4 @@ -#!/opt/local/bin/perl +#!/usr/bin/perl # # Copyright (C) 2006-2011 Trustwave All rights reserved. # Index: modsecurity-crs/util/rule-management/remove-2.7-actions.pl =================================================================== --- modsecurity-crs.orig/util/rule-management/remove-2.7-actions.pl 2013-07-12 10:36:43.425778828 +0200 +++ modsecurity-crs/util/rule-management/remove-2.7-actions.pl 2013-07-12 11:16:21.221569665 +0200 @@ -1,4 +1,4 @@ -#!/opt/local/bin/perl +#!/usr/bin/perl ############################################# # -=[ Virtual Patching Converter Script ]=- # Index: modsecurity-crs/util/virtual-patching/arachni2modsec.pl =================================================================== --- modsecurity-crs.orig/util/virtual-patching/arachni2modsec.pl 2013-07-12 10:36:43.553779466 +0200 +++ modsecurity-crs/util/virtual-patching/arachni2modsec.pl 2013-07-12 11:16:16.501546275 +0200 @@ -1,4 +1,4 @@ -#!/opt/local/bin/perl -T +#!/usr/bin/perl -T ############################################# # -=[ Virtual Patching Converter Script ]=- # Index: modsecurity-crs/util/virtual-patching/zap2modsec.pl =================================================================== --- modsecurity-crs.orig/util/virtual-patching/zap2modsec.pl 2013-07-12 10:36:43.553779466 +0200 +++ modsecurity-crs/util/virtual-patching/zap2modsec.pl 2013-07-12 11:16:12.129524594 +0200 @@ -1,4 +1,4 @@ -#!/opt/local/bin/perl -T +#!/usr/bin/perl -T ############################################# # -=[ Virtual Patching Converter Script ]=- # debian/patches/appsensor_request_exception_enforce.lua_path.patch0000644000000000000000000000225312167751515023007 0ustar Description: Fix path to appsensor_request_exception_enforce.lua Author: Alberto Gonzalez Iniesta Bug-Debian: http://bugs.debian.org/705250 Index: modsecurity-crs/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf =================================================================== --- modsecurity-crs.orig/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf 2013-07-12 10:36:43.377778587 +0200 +++ modsecurity-crs/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf 2013-07-12 11:25:29.532288592 +0200 @@ -27,7 +27,7 @@ # If the resource.enforce_profile parameter is not set, then we skip enforcement. # SecRule &RESOURCE:ENFORCE_RE_PROFILE "@eq 0" "phase:2,id:'981085',t:none,nolog,pass,skipAfter:END_RE_PROFILE_ENFORCEMENT" -SecRule &RESOURCE:ENFORCE_RE_PROFILE "@eq 1" "phase:2,id:'981086',t:none,nolog,pass,exec:/opt/modsecurity/etc/crs/lua/appsensor_request_exception_enforce.lua" +SecRule &RESOURCE:ENFORCE_RE_PROFILE "@eq 1" "phase:2,id:'981086',t:none,nolog,pass,exec:/usr/share/modsecurity-crs/lua/appsensor_request_exception_enforce.lua" # debian/docs0000644000000000000000000000001212167747065010051 0ustar README.md debian/compat0000644000000000000000000000000211730662216010370 0ustar 7 debian/copyright0000644000000000000000000000242111774336242011131 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: modsecurity-crs Source: http://www.modsecurity.org Files: * Copyright: (c) 2006-2012 Trustwave Holdings, Inc. License: ASLv2 The ModSecurity Core Rule Set is provided to you under the terms and conditions of Apache Software License Version 2 (ASLv2). . On Debian systems, the complete text of the Apache Software License Version 2 can be found in "/usr/share/common-licenses/Apache-2.0". Files: debian/* Copyright: 2011 Alberto Gonzalez Iniesta License: GPL-2 This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".