CVS commit: pkgsrc/security

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security
From: "Jan Schaumann" <jschauma%netbsd.org@localhost>
Date: Fri, 30 May 2025 17:31:49 +0000

Module Name:    pkgsrc
Committed By:   jschauma
Date:           Fri May 30 17:31:49 UTC 2025

Modified Files:
        pkgsrc/security: Makefile
Added Files:
        pkgsrc/security/ap24-evasive: DESCR MESSAGE Makefile PLIST distinfo
        pkgsrc/security/ap24-evasive/patches: patch-mod_evasive24.c

Log Message:
add mod_evasive

mod_evasive is an evasive maneuvers module for Apache
to provide evasive action in the event of an HTTP DoS
or DDoS attack or brute force attack. It is also
designed to be a detection tool, and can be easily
configured to talk to ipchains, firewalls, routers,
and etcetera.

Detection is performed by creating an internal dynamic
hash table of IP Addresses and URIs, and denying any
single IP address from any of the following:

* Requesting the same page more than a few times per
  second

* Making more than 50 concurrent requests on the same
  child per second

* Making any requests while temporarily blacklisted
  (on a blocking list)


To generate a diff of this commit:
cvs rdiff -u -r1.980 -r1.981 pkgsrc/security/Makefile
cvs rdiff -u -r0 -r1.1 pkgsrc/security/ap24-evasive/DESCR \
    pkgsrc/security/ap24-evasive/MESSAGE \
    pkgsrc/security/ap24-evasive/Makefile pkgsrc/security/ap24-evasive/PLIST \
    pkgsrc/security/ap24-evasive/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/ap24-evasive/patches/patch-mod_evasive24.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/Makefile
diff -u pkgsrc/security/Makefile:1.980 pkgsrc/security/Makefile:1.981
--- pkgsrc/security/Makefile:1.980      Fri May 23 13:19:38 2025
+++ pkgsrc/security/Makefile    Fri May 30 17:31:48 2025
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.980 2025/05/23 13:19:38 wiz Exp $
+# $NetBSD: Makefile,v 1.981 2025/05/30 17:31:48 jschauma Exp $
 #
 
 COMMENT=       Security and cryptography tools and libraries
@@ -31,6 +31,7 @@ SUBDIR+=      amap
 SUBDIR+=       amass
 SUBDIR+=       antonym
 SUBDIR+=       ap-modsecurity2
+SUBDIR+=       ap24-evasive
 SUBDIR+=       apg
 SUBDIR+=       argon2
 SUBDIR+=       arirang

Added files:

Index: pkgsrc/security/ap24-evasive/DESCR
diff -u /dev/null pkgsrc/security/ap24-evasive/DESCR:1.1
--- /dev/null   Fri May 30 17:31:49 2025
+++ pkgsrc/security/ap24-evasive/DESCR  Fri May 30 17:31:48 2025
@@ -0,0 +1,19 @@
+mod_evasive is an evasive maneuvers module for Apache
+to provide evasive action in the event of an HTTP DoS
+or DDoS attack or brute force attack. It is also
+designed to be a detection tool, and can be easily
+configured to talk to ipchains, firewalls, routers,
+and etcetera.
+
+Detection is performed by creating an internal dynamic
+hash table of IP Addresses and URIs, and denying any
+single IP address from any of the following:
+
+* Requesting the same page more than a few times per
+  second
+
+* Making more than 50 concurrent requests on the same
+  child per second
+
+* Making any requests while temporarily blacklisted
+  (on a blocking list)
Index: pkgsrc/security/ap24-evasive/MESSAGE
diff -u /dev/null pkgsrc/security/ap24-evasive/MESSAGE:1.1
--- /dev/null   Fri May 30 17:31:49 2025
+++ pkgsrc/security/ap24-evasive/MESSAGE        Fri May 30 17:31:48 2025
@@ -0,0 +1,21 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2025/05/30 17:31:48 jschauma Exp $
+
+In order to use this module in your Apache installation, you will need
+to add the following to your httpd.conf file:
+
+  LoadModule evasive_module lib/httpd/mod_evasive.so
+
+In addition to this you will need to specify mod_evasive configuration
+directives in your httpd.conf.  This can be achieved by adding the
+following to your httpd.conf:
+
+  <IfModule mod_evasive.c>
+      Include ${PKG_SYSCONFDIR}/httpd/mod_evasive.conf
+  </IfModule>
+
+An example configuration file for mod_evasive can be found in:
+
+  ${PREFIX}/share/examples/httpd/
+
+===========================================================================
Index: pkgsrc/security/ap24-evasive/Makefile
diff -u /dev/null pkgsrc/security/ap24-evasive/Makefile:1.1
--- /dev/null   Fri May 30 17:31:49 2025
+++ pkgsrc/security/ap24-evasive/Makefile       Fri May 30 17:31:48 2025
@@ -0,0 +1,45 @@
+# $NetBSD: Makefile,v 1.1 2025/05/30 17:31:48 jschauma Exp $
+
+DISTNAME=      ${GITHUB_PROJECT}-2.4.0
+PKGNAME=       ${DISTNAME:S/mod/${APACHE_PKG_PREFIX}/:S/_/-/g}
+CATEGORIES=    security www
+MASTER_SITES=  ${MASTER_SITE_GITHUB:=jvdmr/}
+GITHUB_PROJECT=        mod_evasive
+GITHUB_TAG=    refs/tags/${PKGVERSION_NOREV}
+WRKSRC=                ${WRKDIR}/${DISTNAME}
+
+MAINTAINER=    jschauma%NetBSD.org@localhost
+HOMEPAGE=      https://github.com/jvdmr/mod_evasive
+COMMENT=       Apache Evasive Maneuvers Module
+LICENSE=       gnu-gpl-v2
+
+AP_VERSION=    24
+
+APACHE_MODULE=         YES
+APACHE_MODULE_NAME=    ${DISTNAME:C|-.*||}.so
+APACHE_MODULE_SRC=     ${DISTNAME:C|-.*||}.c
+APACHE_MODULE_LA=      ${DISTNAME:C|-.*||}.la
+
+USE_TOOLS+=            mail
+
+SUBST_CLASSES+=                mailer
+SUBST_STAGE.mailer=    pre-configure
+SUBST_FILES.mailer=    ${GITHUB_PROJECT}${AP_VERSION}.c
+SUBST_SED.mailer=      -e s,/bin/mail,${MAIL_CMD},
+SUBST_MESSAGE.mailer=  Fixing mail command path.
+
+do-build:
+       mv ${WRKSRC}/${DISTNAME:C|-.*||}${AP_VERSION}.c ${WRKSRC}/${APACHE_MODULE_SRC}
+       cd ${WRKSRC} && ${APXS} -c -n ${APACHE_MODULE_NAME} ${APACHE_MODULE_SRC}
+
+do-install:
+       ${INSTALL_DATA_DIR} ${DESTDIR}/${PREFIX}/lib/httpd
+       cd ${WRKSRC} && ${APXS} -S LIBEXECDIR=${DESTDIR}${PREFIX}/lib/httpd -i -n ${APACHE_MODULE_NAME} ${APACHE_MODULE_LA}
+       ${INSTALL_DATA_DIR} ${DESTDIR}/${PREFIX}/share/examples/httpd/
+       ${INSTALL_DATA_DIR} ${DESTDIR}/${PREFIX}/share/httpd/manual/mod
+       ${INSTALL_DATA} ${WRKSRC}/mod_evasive.conf ${DESTDIR}/${PREFIX}/share/examples/httpd/mod_evasive.conf
+       ${INSTALL_DATA} ${WRKSRC}/README.md ${DESTDIR}/${PREFIX}/share/httpd/manual/mod/mod_evasive.md
+
+.include "../../mk/apache.mk"
+.include "../../devel/pcre2/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/ap24-evasive/PLIST
diff -u /dev/null pkgsrc/security/ap24-evasive/PLIST:1.1
--- /dev/null   Fri May 30 17:31:49 2025
+++ pkgsrc/security/ap24-evasive/PLIST  Fri May 30 17:31:48 2025
@@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.1 2025/05/30 17:31:48 jschauma Exp $
+lib/httpd/mod_evasive.so
+share/examples/httpd/mod_evasive.conf
+share/httpd/manual/mod/mod_evasive.md
Index: pkgsrc/security/ap24-evasive/distinfo
diff -u /dev/null pkgsrc/security/ap24-evasive/distinfo:1.1
--- /dev/null   Fri May 30 17:31:49 2025
+++ pkgsrc/security/ap24-evasive/distinfo       Fri May 30 17:31:48 2025
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.1 2025/05/30 17:31:48 jschauma Exp $
+
+BLAKE2s (mod_evasive-2.4.0.tar.gz) = 07b3a67d6f1c4a8728ad11e5c776f836298d5696ad4830d3b2aec14ff2939725
+SHA512 (mod_evasive-2.4.0.tar.gz) = ca3a10e3b18f077100066a44fb8cb9d1f308af341347ba0145d27dbfe7933823aaacd027157c1db761faa5a1b53f0c0595bf5a50f760f046d99d06414790bbef
+Size (mod_evasive-2.4.0.tar.gz) = 101716 bytes
+SHA1 (patch-mod_evasive24.c) = 634a7ec5dafb42669fadf49f1ffd11cb2bcad9ec

Index: pkgsrc/security/ap24-evasive/patches/patch-mod_evasive24.c
diff -u /dev/null pkgsrc/security/ap24-evasive/patches/patch-mod_evasive24.c:1.1
--- /dev/null   Fri May 30 17:31:49 2025
+++ pkgsrc/security/ap24-evasive/patches/patch-mod_evasive24.c  Fri May 30 17:31:48 2025
@@ -0,0 +1,33 @@
+$NetBSD: patch-mod_evasive24.c,v 1.1 2025/05/30 17:31:48 jschauma Exp $
+
+Patch in an s6_addr32 definition for NetBSD, and specify
+sendmail(1) as the mailer, since the module attempts to
+write headers to stdin.
+
+--- mod_evasive24.c.orig       2025-02-16 11:36:05.000000000 -0500
++++ mod_evasive24.c    2025-05-29 22:23:46.266203700 -0400
+@@ -31,6 +31,10 @@
+ #include <errno.h>
+ #include <unistd.h>  // getpid(2)
+ 
++#ifdef __NetBSD__
++#define s6_addr32 __u6_addr.__u6_addr32 /* XXX nonstandard */
++#endif
++
+ #define PCRE2_CODE_UNIT_WIDTH 8
+ #include <pcre2.h>
+ 
+@@ -45,7 +49,13 @@
+ 
+ AP_DECLARE_MODULE(evasive);
+ 
++/* NetBSD's mail(1) does not read headers from stdin,
++ * so default to sendmail(1) */
++#ifdef __NetBSD__
++#define MAILER  "/usr/sbin/sendmail -t"
++#else
+ #define MAILER  "/bin/mail %s"
++#endif
+ 
+ #define DEFAULT_HASH_TBL_SIZE   3079UL  // Default hash table size
+ #define DEFAULT_PAGE_COUNT      2       // Default maximum page hit count per interval

Prev by Date: CVS commit: pkgsrc/textproc/libxslt
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/textproc/libxslt
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index