diff options
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | mod_evasive.conf | 73 | ||||
| -rw-r--r-- | mod_evasive.spec | 108 |
3 files changed, 185 insertions, 0 deletions
diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1e65467 --- /dev/null +++ b/Makefile @@ -0,0 +1,4 @@ +SRCDIR := $(shell pwd) +NAME := $(shell basename $(SRCDIR)) +include ../common/Makefile + diff --git a/mod_evasive.conf b/mod_evasive.conf new file mode 100644 index 0000000..9215966 --- /dev/null +++ b/mod_evasive.conf @@ -0,0 +1,73 @@ +# mod_evasive configuration +LoadModule evasive20_module modules/mod_evasive20.so + +<IfModule mod_evasive20.c> + # The hash table size defines the number of top-level nodes for each + # child's hash table. Increasing this number will provide faster + # performance by decreasing the number of iterations required to get to the + # record, but consume more memory for table space. You should increase + # this if you have a busy web server. The value you specify will + # automatically be tiered up to the next prime number in the primes list + # (see mod_evasive.c for a list of primes used). + DOSHashTableSize 3097 + + # This is the threshhold for the number of requests for the same page (or + # URI) per page interval. Once the threshhold for that interval has been + # exceeded, the IP address of the client will be added to the blocking + # list. + DOSPageCount 2 + + # This is the threshhold for the total number of requests for any object by + # the same client on the same listener per site interval. Once the + # threshhold for that interval has been exceeded, the IP address of the + # client will be added to the blocking list. + DOSSiteCount 50 + + # The interval for the page count threshhold; defaults to 1 second + # intervals. + DOSPageInterval 1 + + # The interval for the site count threshhold; defaults to 1 second + # intervals. + DOSSiteInterval 1 + + # The blocking period is the amount of time (in seconds) that a client will + # be blocked for if they are added to the blocking list. During this time, + # all subsequent requests from the client will result in a 403 (Forbidden) + # and the timer being reset (e.g. another 10 seconds). Since the timer is + # reset for every subsequent request, it is not necessary to have a long + # blocking period; in the event of a DoS attack, this timer will keep + # getting reset. + DOSBlockingPeriod 10 + + # If this value is set, an email will be sent to the address specified + # whenever an IP address becomes blacklisted. A locking mechanism using + # /tmp prevents continuous emails from being sent. + # + # NOTE: Requires /bin/mail (provided by mailx) + #DOSEmailNotify you@yourdomain.com + + # If this value is set, the system command specified will be executed + # whenever an IP address becomes blacklisted. This is designed to enable + # system calls to ip filter or other tools. A locking mechanism using /tmp + # prevents continuous system calls. Use %s to denote the IP address of the + # blacklisted IP. + #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" + + # Choose an alternative temp directory By default "/tmp" will be used for + # locking mechanism, which opens some security issues if your system is + # open to shell users. + # + # http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01 + # + # In the event you have nonprivileged shell users, you'll want to create a + # directory writable only to the user Apache is running as (usually root), + # then set this in your httpd.conf. + #DOSLogDir "/var/lock/mod_evasive" + + # You can use whitelists to disable the module for certain ranges of + # IPs. Wildcards can be used on up to the last 3 octets if necessary. + # Multiple DOSWhitelist commands may be used in the configuration. + #DOSWhitelist 127.0.0.1 + #DOSWhitelist 192.168.0.* +</IfModule> diff --git a/mod_evasive.spec b/mod_evasive.spec new file mode 100644 index 0000000..09a89d6 --- /dev/null +++ b/mod_evasive.spec @@ -0,0 +1,108 @@ +Name: mod_evasive +Version: 1.10.1 +Release: 13%{?dist} +Summary: Denial of Service evasion module for Apache + +Group: System Environment/Daemons +License: GPLv2+ +URL: http://www.zdziarski.com/projects/mod_evasive/ +Source0: http://www.zdziarski.com/projects/mod_evasive/mod_evasive_%{version}.tar.gz +Source1: mod_evasive.conf +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: httpd-devel +Requires: httpd +Requires: httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing) + +%description +mod_evasive is an evasive maneuvers module for Apache to provide evasive +action in the event of an HTTP DoS or DDoS attack or brute force attack. It +is also designed to be a detection and network management tool, and can be +easily configured to talk to firewalls, routers, etc. mod_evasive presently +reports abuses via email and syslog facilities. + + +%prep +%setup -q -n %{name} + + +%build +# create apache httpd-2.4 version and compile it +sed 's/connection->remote_ip/connection->client_ip/' \ + < mod_evasive20.c > mod_evasive24.c +apxs -Wc,"%{optflags}" -c mod_evasive24.c + + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -pm 755 \ + $RPM_BUILD_ROOT%{_libdir}/httpd/modules \ + $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d +install -pm 755 .libs/mod_evasive24.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/ +install -pm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files +%defattr(-,root,root,-) +%doc README LICENSE CHANGELOG test.pl +%config(noreplace) %{_sysconfdir}/httpd/conf.d/* +%{_libdir}/httpd/modules/* + + +%changelog +* Sat Mar 31 2012 Remi Collet <RPMS@FamilleCollet.com> - 1.1.1-4 +- rebuild for remi repo and httpd 2.4 + +* Sat Mar 31 2012 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 1.10.1-13 +- adapt to httpd-2.4: changed remote_ip to client_ip + +* Thu Mar 29 2012 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 1.10.1-12 +- apxs moved to bindir, do not use sbindir macro + +* Tue Mar 27 2012 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 1.10.1-11 +- Rebuild for new httpd-mmn + +* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.10.1-6 +- fix license tag + +* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.10.1-5.1 +- Autorebuild for GCC 4.3 + +* Wed Sep 05 2007 Konstantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-4.1 +- Rebuild for APR changes + +* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 1.10.1-4 +- Rebuild for selinux ppc32 issue. + +* Tue Apr 10 2007 Konstantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-3 +- Modify the URL and finally import into extras. + +* Mon Jan 29 2007 Konstantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-2 +- The source moved to another domain since last year. +- use _sbindir macro for apxs. + +* Tue Dec 06 2005 Konstantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-1 +- Cleaning up description +- Cleaning up install +- Slight modification to default config (add DOSWhitelist entries) +- Disttagging +- Adding test.pl to docs + +* Wed Nov 16 2005 Kosntantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-0.1 +- Initial packaging. |