public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #10023 from offlinehacker/pkgs/modsecurity/add

Browse Source 
modsecurity: add modsecurity, and create nginx plugin
This commit is contained in:
Jaka Hudoklin 2015-09-30 00:19:38 +02:00
commit ea4850ca64
3 changed files with 58 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkgs/servers/http/nginx/default.nix
View File

@ -1,11 +1,13 @@
{ stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat { stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat
, gd, geoip, luajit , gd, geoip, luajit
, curl, apr, aprutil, apacheHttpd, yajl, libcap, modsecurity_standalone
, rtmp ? false , rtmp ? false
, fullWebDAV ? false , fullWebDAV ? false
, syslog ? false , syslog ? false
, moreheaders ? false , moreheaders ? false
, echo ? false , echo ? false
, ngx_lua ? false , modsecurity ? false
, ngx_lua ? modsecurity || false
, set_misc ? false , set_misc ? false
, fluent ? false , fluent ? false
, extraModules ? [] , extraModules ? []
@ -48,6 +50,8 @@ let
sha256 = "01wkqhk8mk8jgmzi7jbzmg5kamffx3lmhj5yfwryvnvs6xqs74wn"; sha256 = "01wkqhk8mk8jgmzi7jbzmg5kamffx3lmhj5yfwryvnvs6xqs74wn";
}; };
modsecurity-ext = modsecurity_standalone.nginx;
echo-ext = fetchFromGitHub { echo-ext = fetchFromGitHub {
owner = "openresty"; owner = "openresty";
repo = "echo-nginx-module"; repo = "echo-nginx-module";
@ -93,7 +97,8 @@ stdenv.mkDerivation rec {
buildInputs = buildInputs =
[ openssl zlib pcre libxml2 libxslt gd geoip [ openssl zlib pcre libxml2 libxslt gd geoip
] ++ optional fullWebDAV expat ] ++ optional fullWebDAV expat
++ optional ngx_lua luajit; ++ optional ngx_lua luajit
++ optionals modsecurity [ curl apr aprutil apacheHttpd yajl ];
LUAJIT_LIB = if ngx_lua then "${luajit}/lib" else ""; LUAJIT_LIB = if ngx_lua then "${luajit}/lib" else "";
LUAJIT_INC = if ngx_lua then "${luajit}/include/luajit-2.0" else ""; LUAJIT_INC = if ngx_lua then "${luajit}/include/luajit-2.0" else "";
@ -132,14 +137,17 @@ stdenv.mkDerivation rec {
++ optional echo "--add-module=${echo-ext}" ++ optional echo "--add-module=${echo-ext}"
++ optional ngx_lua "--add-module=${develkit-ext} --add-module=${lua-ext}" ++ optional ngx_lua "--add-module=${develkit-ext} --add-module=${lua-ext}"
++ optional set_misc "--add-module=${set-misc-ext}" ++ optional set_misc "--add-module=${set-misc-ext}"
++ optionals (elem stdenv.system (with platforms; linux ++ freebsd)) ++ optionals (elem stdenv.system (with platforms; linux ++ freebsd))
[ "--with-file-aio" "--with-aio_module" ] [ "--with-file-aio" "--with-aio_module" ]
++ optional fluent "--add-module=${fluentd}" ++ optional fluent "--add-module=${fluentd}"
++ optional modsecurity "--add-module=${modsecurity-ext}/nginx/modsecurity"
++ (map (m: "--add-module=${m}") extraModules); ++ (map (m: "--add-module=${m}") extraModules);
additionalFlags = optionalString stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized"; additionalFlags = optionalString stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized";
NIX_CFLAGS_COMPILE = optionalString modsecurity "-I${aprutil}/include/apr-1 -I${apacheHttpd}/include -I${apr}/include/apr-1 -I${yajl}/include";
preConfigure = '' preConfigure = ''
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${libxml2}/include/libxml2 $additionalFlags" export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${libxml2}/include/libxml2 $additionalFlags"
''; '';

45
pkgs/tools/security/modsecurity/default.nix Normal file
View File

@ -0,0 +1,45 @@
{ stdenv, lib, fetchurl
, curl, apacheHttpd, pcre, apr, aprutil, libxml2 }:
with lib;
stdenv.mkDerivation rec {
name = "modsecurity-${version}";
version = "2.9.0";
src = fetchurl {
url = "https://www.modsecurity.org/tarball/${version}/${name}.tar.gz";
sha256 = "e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434";
};
buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ];
configureFlags = [
"--enable-standalone-module"
"--enable-static"
"--with-curl=${curl}"
"--with-apxs=${apacheHttpd}/bin/apxs"
"--with-pcre=${pcre}"
"--with-apr=${apr}"
"--with-apu=${aprutil}/bin/apu-1-config"
"--with-libxml=${libxml2}"
];
outputs = ["out" "nginx"];
preBuild = ''
substituteInPlace apache2/Makefile.in --replace "install -D " "# install -D"
'';
postInstall = ''
mkdir -p $nginx
cp -R * $nginx
'';
meta = {
description = "Open source, cross-platform web application firewall (WAF)";
license = licenses.asl20;
homepage = https://www.modsecurity.org/;
maintainers = with maintainers; [offline];
platforms = with platforms; linux;
};
}

2
pkgs/top-level/all-packages.nix
View File

@ -2227,6 +2227,8 @@ let
modemmanager = callPackage ../tools/networking/modemmanager {}; modemmanager = callPackage ../tools/networking/modemmanager {};
modsecurity_standalone = callPackage ../tools/security/modsecurity { };
monit = callPackage ../tools/system/monit { }; monit = callPackage ../tools/system/monit { };
moreutils = callPackage ../tools/misc/moreutils { moreutils = callPackage ../tools/misc/moreutils {