diff --git a/network/mod_hosts_access/README b/network/mod_hosts_access/README index 2fab50ad9e..662c1acc43 100644 --- a/network/mod_hosts_access/README +++ b/network/mod_hosts_access/README @@ -3,37 +3,4 @@ mod_hosts_access This is a DSO (dynamically shared object) module for the Apache webserver that uses libwrap (TCP Wrappers) to check if the connecting hosts is allowed. -This system works well with dynamic blocking scripts, such as DenyHosts, and -configfile distribution systems, such as Cfengine. Especially if other blocking -methods differ between hosts at a site (e.g. kernel-level firewalling means). - -You'll need to add the following line to /etc/httpd/httpd.conf: - Include /etc/httpd/mod_hosts_access.conf - -LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so - -The /etc/hosts.{allow,deny} access control checking for the "httpd" service -can now be enabled or disabled on a per directory basis, by adding HostsAccess -directive to its declaration, e.g. again in /etc/httpd/httpd.conf: - -# First, we configure the "default" to be a very restrictive set of -# permissions. -# -# -# HostsAccess On -# Options FollowSymLinks -# AllowOverride None -# - -To test, restart apache for it to load the module; edit /etc/hosts.allow -adding a line like the following: - -httpd: localhost: deny - -Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting -the index page should fail, to verify try: - - lynx -dump localhost - -The same can be done in a .htaccess file if AllowOverride Limit has been set. - +See also: README.SLACKWARE diff --git a/network/mod_hosts_access/README.SLACKWARE b/network/mod_hosts_access/README.SLACKWARE new file mode 100644 index 0000000000..5881886dac --- /dev/null +++ b/network/mod_hosts_access/README.SLACKWARE @@ -0,0 +1,33 @@ +This system works well with dynamic blocking scripts, such as DenyHosts, and +configfile distribution systems, such as Cfengine. Especially if other blocking +methods differ between hosts at a site (e.g. kernel-level firewalling means). + +You'll need to add the following line to /etc/httpd/httpd.conf: + Include /etc/httpd/mod_hosts_access.conf + +LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so + +The /etc/hosts.{allow,deny} access control checking for the "httpd" service +can now be enabled or disabled on a per directory basis, by adding HostsAccess +directive to its declaration, e.g. again in /etc/httpd/httpd.conf: + +# First, we configure the "default" to be a very restrictive set of +# permissions. +# +# +# HostsAccess On +# Options FollowSymLinks +# AllowOverride None +# + +To test, restart apache for it to load the module; edit /etc/hosts.allow +adding a line like the following: + +httpd: localhost: deny + +Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting +the index page should fail, to verify try: + + lynx -dump localhost + +The same can be done in a .htaccess file if AllowOverride Limit has been set. diff --git a/network/mod_hosts_access/mod_hosts_access.conf b/network/mod_hosts_access/config/mod_hosts_access.conf similarity index 100% rename from network/mod_hosts_access/mod_hosts_access.conf rename to network/mod_hosts_access/config/mod_hosts_access.conf diff --git a/network/mod_hosts_access/doinst.sh b/network/mod_hosts_access/doinst.sh index d32f2a6362..ea1b3e0ca4 100644 --- a/network/mod_hosts_access/doinst.sh +++ b/network/mod_hosts_access/doinst.sh @@ -11,5 +11,4 @@ config() { # Otherwise, we leave the .new copy for the admin to consider... } -config etc/mod_hosts_access.conf.new - +config etc/httpd/mod_hosts_access.conf.new diff --git a/network/mod_hosts_access/mod_hosts_access.SlackBuild b/network/mod_hosts_access/mod_hosts_access.SlackBuild index c970f4e74f..e195a7f494 100644 --- a/network/mod_hosts_access/mod_hosts_access.SlackBuild +++ b/network/mod_hosts_access/mod_hosts_access.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for mod_hosts_access (libwrap support in Apache) -# Written by Menno E. Duursma +# Written by Menno Duursma # This program is free software. It comes without any warranty. # Granted WFTPL, Version 2, as published by Sam Hocevar. See @@ -10,15 +10,13 @@ PRGNAM=mod_hosts_access VERSION=1.1.0 -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} -# Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in i?86) ARCH=i486 ;; arm*) ARCH=arm ;; - # Unless $ARCH is already set, use uname -m for all other archs: *) ARCH=$( uname -m ) ;; esac fi @@ -53,27 +51,23 @@ cd $PRGNAM-$VERSION chown -R root:root . chmod -R a-s,u+w,go+r-w . -# Create target dir mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules -# Compile module as DSO (dynmically shared object) CFLAGS="$SLACKFLAGS" apxs -ca mod_hosts_access.c -lwrap -lnsl -# copy into place cp .libs/mod_hosts_access.so $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules mkdir -p $PKG/etc/httpd -sed "s%@baselibdir@%lib${LIBDIRSUFFIX}%" $CWD/mod_hosts_access.conf > \ +sed "s%@baselibdir@%lib${LIBDIRSUFFIX}%" $CWD/config/mod_hosts_access.conf > \ $PKG/etc/httpd/mod_hosts_access.conf.new -( cd $PKG || exit 1 - find . -type f | xargs file | grep -e "executable" -e "shared object" | \ - grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null -) +find $PKG -type f | xargs file | grep -e "executable" -e "shared object" | \ + grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION cp -a [A-Z]* $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc diff --git a/network/mod_hosts_access/mod_hosts_access.info b/network/mod_hosts_access/mod_hosts_access.info index e0f9c8064c..32895ed1ad 100644 --- a/network/mod_hosts_access/mod_hosts_access.info +++ b/network/mod_hosts_access/mod_hosts_access.info @@ -5,6 +5,6 @@ DOWNLOAD="http://downloads.sourceforge.net/httpd-garage/mod_hosts_access-1.1.0.t MD5SUM="2e4fd22e778c8d98d433344a46421eb7" DOWNLOAD_x86_64="" MD5SUM_x86_64="" -MAINTAINER="Menno E. Duursma" +MAINTAINER="Menno Duursma" EMAIL="druiloor@zonnet.nl" -APPROVED="rworkman,Erik Hanson" +APPROVED="Erik Hanson"