tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / mo / modsecurity-crs / package.nix
at devShellTools-shell 46 lines 1.5 kB view raw
1{ 2 lib, 3 stdenv, 4 fetchFromGitHub, 5}: 6 7stdenv.mkDerivation rec { 8 version = "3.3.4"; 9 pname = "modsecurity-crs"; 10 11 src = fetchFromGitHub { 12 owner = "coreruleset"; 13 repo = "coreruleset"; 14 rev = "v${version}"; 15 sha256 = "sha256-WDJW4K85YdHrw9cys3LrnZUoTxc0WhiuCW6CiC1cAbk="; 16 }; 17 18 installPhase = '' 19 install -D -m444 -t $out/rules ${src}/rules/*.conf 20 install -D -m444 -t $out/rules ${src}/rules/*.data 21 install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/*.md 22 install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/{CHANGES,INSTALL,LICENSE} 23 install -D -m444 -t $out/share/modsecurity-crs ${src}/rules/*.example 24 install -D -m444 -t $out/share/modsecurity-crs ${src}/crs-setup.conf.example 25 cat > $out/share/modsecurity-crs/modsecurity-crs.load.example <<EOF 26 ## 27 ## This is a sample file for loading OWASP CRS's rules. 28 ## 29 Include /etc/modsecurity/crs/crs-setup.conf 30 IncludeOptional /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf 31 Include $out/rules/*.conf 32 IncludeOptional /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf 33 EOF 34 ''; 35 36 meta = with lib; { 37 homepage = "https://coreruleset.org"; 38 description = '' 39 The OWASP ModSecurity Core Rule Set is a set of generic attack detection 40 rules for use with ModSecurity or compatible web application firewalls. 41 ''; 42 license = licenses.asl20; 43 platforms = platforms.all; 44 maintainers = with maintainers; [ izorkin ]; 45 }; 46}