diff options
Diffstat (limited to 'pkgs/tools/security/modsecurity-crs/default.nix')
-rw-r--r-- | pkgs/tools/security/modsecurity-crs/default.nix | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/pkgs/tools/security/modsecurity-crs/default.nix b/pkgs/tools/security/modsecurity-crs/default.nix new file mode 100644 index 0000000000000..124eca09ca482 --- /dev/null +++ b/pkgs/tools/security/modsecurity-crs/default.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + version = "3.3.2"; + pname = "modsecurity-crs"; + + src = fetchFromGitHub { + owner = "coreruleset"; + repo = "coreruleset"; + rev = "v${version}"; + sha256 = "sha256-m/iVLhk2y5BpYu8EwC2adrrDnbaVCQ0SE25ltvMokCw="; + }; + + installPhase = '' + install -D -m444 -t $out/rules ${src}/rules/*.conf + install -D -m444 -t $out/rules ${src}/rules/*.data + install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/*.md + install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/{CHANGES,INSTALL,LICENSE} + install -D -m444 -t $out/share/modsecurity-crs ${src}/rules/*.example + install -D -m444 -t $out/share/modsecurity-crs ${src}/crs-setup.conf.example + cat > $out/share/modsecurity-crs/modsecurity-crs.load.example <<EOF + ## + ## This is a sample file for loading OWASP CRS's rules. + ## + Include /etc/modsecurity/crs/crs-setup.conf + IncludeOptional /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf + Include $out/rules/*.conf + IncludeOptional /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf + EOF + ''; + + meta = with lib; { + homepage = "https://coreruleset.org"; + description = '' + The OWASP ModSecurity Core Rule Set is a set of generic attack detection + rules for use with ModSecurity or compatible web application firewalls. + ''; + license = licenses.asl20; + platforms = platforms.all; + maintainers = with maintainers; [ izorkin ]; + }; +} |