modsecurity-crs: init at 3.3.2

pkgs/tools/security/modsecurity-crs/default.nix

@@ -0,0 +1,42 @@
+{ lib, stdenv, fetchFromGitHub }:
+
+stdenv.mkDerivation rec {
+  version = "3.3.2";
+  pname = "modsecurity-crs";
+
+  src = fetchFromGitHub {
+    owner = "coreruleset";
+    repo = "coreruleset";
+    rev = "v${version}";
+    sha256 = "sha256-m/iVLhk2y5BpYu8EwC2adrrDnbaVCQ0SE25ltvMokCw=";
+  };
+
+  installPhase = ''
+    install -D -m444 -t $out/rules ${src}/rules/*.conf
+    install -D -m444 -t $out/rules ${src}/rules/*.data
+    install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/*.md
+    install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/{CHANGES,INSTALL,LICENSE}
+    install -D -m444 -t $out/share/modsecurity-crs ${src}/rules/*.example
+    install -D -m444 -t $out/share/modsecurity-crs ${src}/crs-setup.conf.example
+    cat > $out/share/modsecurity-crs/modsecurity-crs.load.example <<EOF
+    ##
+    ## This is a sample file for loading OWASP CRS's rules.
+    ##
+    Include /etc/modsecurity/crs/crs-setup.conf
+    IncludeOptional /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+    Include $out/rules/*.conf
+    IncludeOptional /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
+    EOF
+  '';
+
+  meta = with lib; {
+    homepage = "https://coreruleset.org";
+    description = ''
+      The OWASP ModSecurity Core Rule Set is a set of generic attack detection
+      rules for use with ModSecurity or compatible web application firewalls.
+    '';
+    license = licenses.asl20;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ izorkin ];
+  };
+}

pkgs/top-level/all-packages.nix

@@ -7881,6 +7881,8 @@ with pkgs;
 
   modsecurity_standalone = callPackage ../tools/security/modsecurity { };
 
+  modsecurity-crs = callPackage ../tools/security/modsecurity-crs { };
+
   molly-guard = callPackage ../os-specific/linux/molly-guard { };
 
   molotov = callPackage ../applications/video/molotov {};