From ec48dc950b35445e2c742e644d62e4fc5425705a Mon Sep 17 00:00:00 2001 From: Dragan Dosen Date: Tue, 3 Sep 2013 16:43:22 +0200 Subject: [PATCH] Prva inacica paketa za Debian wheezy distribuciju. --- README.CARNet | 7 ++++--- debian/changelog | 16 ++++++++++++++++ debian/compat | 2 +- debian/control | 11 ++++++----- debian/copyright | 2 +- debian/po/templates.pot | 9 +++++---- debian/source/format | 1 + debian/templates | 5 +++-- mod-security-cn.conf | 2 +- rbl_lookup.conf | 10 ++++++---- 10 files changed, 44 insertions(+), 21 deletions(-) create mode 100644 debian/source/format diff --git a/README.CARNet b/README.CARNet index 368aad0..4550414 100644 --- a/README.CARNet +++ b/README.CARNet @@ -43,8 +43,9 @@ RBL posluzitelj koji se koristi za provjeru je: xbl.dnsbl-sh.carnet.hr Zbog licencnih razloga pristup CARNetovom RBL posluzitelju je -dopusten samo sa CARNetove mreze (161.53.0.0/16, 193.198.0.0/16 i -82.132.0.0/17). +dopusten samo iz CARNetove mreze (161.53.0.0/16, 193.198.0.0/16, +192.84.91.0/24, 192.84.92.0/24, 192.84.105.0/24, 192.84.106.0/24, +31.147.0.0/16, 82.132.0.0/17 i 2001:b68::/32). VAZNA NAPOMENA @@ -54,4 +55,4 @@ preporuca se da NE brisete i da ne uredjujete navedene konfiguracijske datoteke, osim ako znate sto cinite. - -- Dragan Dosen Sat, 30 Apr 2011 12:45:56 +0200 + -- Dragan Dosen Fri, 4 May 2012 15:55:20 +0200 diff --git a/debian/changelog b/debian/changelog index 573b5e6..a10bc45 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,19 @@ +mod-security-cn (2.6.6+1) stable; urgency=low + + * Prva inacica paketa za Debian wheezy distribuciju. + * Azurirane datoteke debian/README.CARNet, debian/copyright, + debian/templates, debian/compat i ovisnosti unutar + debian/control. + * Dodana datoteka debian/source/format. + * rbl_lookup.conf datoteka: + + dodatni adresni blokovi iz CARNet mreze za koje se + preskace RBL provjera (192.84.91.0/24, 192.84.92.0/24, + 192.84.105.0/24, 192.84.106.0/24, 31.147.0.0/16 i + 2001:b68::/32). + + reorganizacija SecRule direktiva za RBL provjeru. + + -- Dragan Dosen Tue, 3 Sep 2013 16:40:47 +0200 + mod-security-cn (2.5.12+2) stable; urgency=low * Promjena e-mail adrese odrzavatelja paketa. diff --git a/debian/compat b/debian/compat index 7f8f011..45a4fb7 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -7 +8 diff --git a/debian/control b/debian/control index fc2c151..1afe6b2 100644 --- a/debian/control +++ b/debian/control @@ -2,16 +2,17 @@ Source: mod-security-cn Section: httpd Priority: optional Maintainer: Dragan Dosen -Build-Depends: debhelper (>= 7), po-debconf -Standards-Version: 3.9.1 +Build-Depends: debhelper (>= 8.0.0), po-debconf +Standards-Version: 3.9.3 Package: mod-security-cn Architecture: all -Pre-Depends: libapache-mod-security (>= 2.5.12-1), mod-security-common (>= 2.5.12-1) -Depends: carnet-tools-cn (>= 3.0.0), ${misc:Depends} +Pre-Depends: libapache2-modsecurity (>= 2.6.6-6+deb7u1) +Depends: carnet-tools-cn (>= 3.0.4), ${misc:Depends} Description: Tighten web applications security for Apache - Mod_security is an Apache module whose purpose is to tighten the Web + Modsecurity is an Apache module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention system for the web server. . This package contains additional CARNet configuration. +Homepage: http://www.modsecurity.org/ diff --git a/debian/copyright b/debian/copyright index 5350ae7..dd9254d 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,4 +1,4 @@ -Copyright 2011 CARNet +Copyright 2013 CARNet You are free to distribute this software package under the terms of the GNU General Public License. diff --git a/debian/po/templates.pot b/debian/po/templates.pot index 48f1fa0..f02bda6 100644 --- a/debian/po/templates.pot +++ b/debian/po/templates.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" +"Project-Id-Version: mod-security-cn\n" "Report-Msgid-Bugs-To: mod-security-cn@packages.debian.org\n" -"POT-Creation-Date: 2011-06-13 12:43+0200\n" +"POT-Creation-Date: 2013-09-03 16:39+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -45,6 +45,7 @@ msgstr "" #: ../templates:1001 msgid "" "VAZNO: Zbog licencnih razloga pristup CARNetovom RBL posluzitelju je " -"dopusten samo sa CARNetove mreze (161.53.0.0/16, 193.198.0.0/16 i " -"82.132.0.0/17)." +"dopusten samo iz CARNetove mreze (161.53.0.0/16, 193.198.0.0/16, " +"192.84.91.0/24, 192.84.92.0/24, 192.84.105.0/24, 192.84.106.0/24, " +"31.147.0.0/16, 82.132.0.0/17 i 2001:b68::/32)." msgstr "" diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/debian/templates b/debian/templates index 62e7102..d49362a 100644 --- a/debian/templates +++ b/debian/templates @@ -12,5 +12,6 @@ _Description: Zelite li aktivirati RBL? RBL posluzitelj koji se koristi za provjeru je xbl.dnsbl-sh.carnet.hr. . VAZNO: Zbog licencnih razloga pristup CARNetovom RBL posluzitelju je - dopusten samo sa CARNetove mreze (161.53.0.0/16, 193.198.0.0/16 i - 82.132.0.0/17). + dopusten samo iz CARNetove mreze (161.53.0.0/16, 193.198.0.0/16, + 192.84.91.0/24, 192.84.92.0/24, 192.84.105.0/24, 192.84.106.0/24, + 31.147.0.0/16, 82.132.0.0/17 i 2001:b68::/32). diff --git a/mod-security-cn.conf b/mod-security-cn.conf index 2a151c9..9481df6 100644 --- a/mod-security-cn.conf +++ b/mod-security-cn.conf @@ -5,7 +5,7 @@ # ## End - Generated by CARNet package mod-security-cn - + # Basic configuration options # diff --git a/rbl_lookup.conf b/rbl_lookup.conf index ebca5a3..a6d3080 100644 --- a/rbl_lookup.conf +++ b/rbl_lookup.conf @@ -5,12 +5,14 @@ # ## End - Generated by CARNet package mod-security-cn - + - # Skip RBL lookup for localhost, 161.53.0.0/16, 193.198.0.0/16 and 82.132.0.0/17 - SecRule REMOTE_ADDR "^(127\.0\.0\.1|161\.53\.\d{1,3}\.\d{1,3}|193\.198\.\d{1,3}\.\d{1,3}|82\.132\.(\d{1,2}|10\d{1}|11\d{1}|12[0-7]{1})\.\d{1,3})$" "phase:2,pass,nolog,t:none,skip:1" + # Skip RBL lookup for localhost, 161.53.0.0/16, 193.198.0.0/16, + # 192.84.91.0/24, 192.84.92.0/24, 192.84.105.0/24, 192.84.106.0/24, + # 31.147.0.0/16, 82.132.0.0/17 and 2001:b68::/32. + SecRule REMOTE_ADDR "!@rx ^(\:\:1|127\.0\.0\.1|161\.53\.\d{1,3}\.\d{1,3}|193\.198\.\d{1,3}\.\d{1,3}|192\.84\.(91|92|105|106)\.\d{1,3}|31\.147\.\d{1,3}\.\d{1,3}|82\.132\.(\d{1,2}|10\d{1}|11\d{1}|12[0-7]{1})\.\d{1,3}|2001\:b68\:.+)$" "phase:1,deny,log,status:500,t:none,msg:'RBL: xbl.dnsbl-sh.carnet.hr',severity:CRITICAL,chain" # RBL lookup using xbl.dnsbl-sh.carnet.hr - SecRule REMOTE_ADDR "@rbl xbl.dnsbl-sh.carnet.hr" "phase:2,deny,log,status:500,t:none,msg:'RBL: xbl.dnsbl-sh.carnet.hr',severity:'1'" + SecRule REMOTE_ADDR "@rbl xbl.dnsbl-sh.carnet.hr" -- 1.7.10.4