pkgs/tools/security/modsecurity-crs/default.nix at 24.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / pkgs / tools / security / modsecurity-crs / default.nix

at 24.05-pre 42 lines 1.5 kB view raw

 1{ lib, stdenv, fetchFromGitHub }:
 2
 3stdenv.mkDerivation rec {
 4  version = "3.3.4";
 5  pname = "modsecurity-crs";
 6
 7  src = fetchFromGitHub {
 8    owner = "coreruleset";
 9    repo = "coreruleset";
10    rev = "v${version}";
11    sha256 = "sha256-WDJW4K85YdHrw9cys3LrnZUoTxc0WhiuCW6CiC1cAbk=";
12  };
13
14  installPhase = ''
15    install -D -m444 -t $out/rules ${src}/rules/*.conf
16    install -D -m444 -t $out/rules ${src}/rules/*.data
17    install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/*.md
18    install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/{CHANGES,INSTALL,LICENSE}
19    install -D -m444 -t $out/share/modsecurity-crs ${src}/rules/*.example
20    install -D -m444 -t $out/share/modsecurity-crs ${src}/crs-setup.conf.example
21    cat > $out/share/modsecurity-crs/modsecurity-crs.load.example <<EOF
22    ##
23    ## This is a sample file for loading OWASP CRS's rules.
24    ##
25    Include /etc/modsecurity/crs/crs-setup.conf
26    IncludeOptional /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
27    Include $out/rules/*.conf
28    IncludeOptional /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
29    EOF
30  '';
31
32  meta = with lib; {
33    homepage = "https://coreruleset.org";
34    description = ''
35      The OWASP ModSecurity Core Rule Set is a set of generic attack detection
36      rules for use with ModSecurity or compatible web application firewalls.
37    '';
38    license = licenses.asl20;
39    platforms = platforms.all;
40    maintainers = with maintainers; [ izorkin ];
41  };
42}