From 873c628b1ab8061eb4fdfa61c0c96aaed726ff3a Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Wed, 4 Dec 2013 23:39:35 -0800 Subject: [PATCH] Adds ssdeep support in our build system ssdeep will be used with the @fuzzyHash operator which is under development --- apache2/Makefile.am | 27 ++++++++---- build/find_ssdeep.m4 | 84 +++++++++++++++++++++++++++++++++++++ configure.ac | 2 + ext/Makefile.am | 8 ++-- nginx/modsecurity/config.in | 6 ++- standalone/Makefile.am | 31 +++++++++----- tests/Makefile.am | 9 ++-- 7 files changed, 140 insertions(+), 27 deletions(-) create mode 100644 build/find_ssdeep.m4 diff --git a/apache2/Makefile.am b/apache2/Makefile.am index 77a0884a..efb9b821 100644 --- a/apache2/Makefile.am +++ b/apache2/Makefile.am @@ -41,7 +41,8 @@ mod_security2_la_CFLAGS = @APR_CFLAGS@ \ @LUA_CFLAGS@ \ @MODSEC_EXTRA_CFLAGS@ \ @PCRE_CFLAGS@ \ - @YAJL_CFLAGS@ + @YAJL_CFLAGS@ \ + @SSDEEP_CFLAGS@ mod_security2_la_CPPFLAGS = @APR_CPPFLAGS@ \ @@ -63,7 +64,8 @@ mod_security2_la_LDFLAGS = -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if HPUX @@ -74,7 +76,8 @@ mod_security2_la_LDFLAGS = -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if MACOSX @@ -85,7 +88,8 @@ mod_security2_la_LDFLAGS = -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if SOLARIS @@ -96,7 +100,8 @@ mod_security2_la_LDFLAGS = -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if LINUX @@ -107,7 +112,8 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version -R @PCRE_LD_PATH @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if FREEBSD @@ -118,7 +124,8 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if OPENBSD @@ -129,7 +136,8 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if NETBSD @@ -140,7 +148,8 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if LINUX diff --git a/build/find_ssdeep.m4 b/build/find_ssdeep.m4 new file mode 100644 index 00000000..8279a452 --- /dev/null +++ b/build/find_ssdeep.m4 @@ -0,0 +1,84 @@ +dnl Check for SSDEEP Libraries +dnl CHECK_SSDEEP(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]) +dnl Sets: +dnl SSDEEP_CFLAGS +dnl SSDEEP_LDFLAGS + +AC_DEFUN([CHECK_SSDEEP], +[dnl + +SSDEEP_CFLAGS="" +SSDEEP_LDFLAGS="" +SSDEEP_LDADD="" + +AC_ARG_WITH( + ssdeep, + [AC_HELP_STRING([--with-ssdeep=PATH],[Path to ssdeep prefix])] + ,, with_ssdeep=yes) + +AS_CASE(["${with_ssdeep}"], + [no], [test_paths=], + [yes], [test_paths="/usr/lib /usr/local/lib /usr/local/libfuzzy /usr/local/fuzzy /usr/local /opt/libfuzzy /opt/fuzzy /opt /usr"]) + [test_paths="${with_ssdeep}"], + +AS_IF([test "x${test_paths}" != "x"], [ +AC_MSG_CHECKING([for ssdeep path]) + + SSDEEP_LIB_NAME="fuzzy" + SSDEEP_LIB_FILENAME="lib$SSDEEP_LIB_NAME.so" + + if test -z "$withssdeep" -o "$withssdeep" = "yes"; then + for i in ${test_paths}; do + if test -f "$i/$SSDEEP_LIB_FILENAME"; then + SSDEEP_LIB_DIR="$i" + fi + done + else + if test -f "$withssdeep/$SSDEEP_LIB_FILENAME"; then + SSDEEP_LIB_DIR="$withssdeep" + else + if test -f "$withssdeep/.libs/$SSDEEP_LIB_FILENAME"; then + SSDEEP_LIB_DIR="$withssdeep/.libs/" + fi + fi + fi + + SSDEEP_LDFLAGS="-l$SSDEEP_LIB_NAME" + SSDEEP_LDADD="-l$SSDEEP_LIB_NAME" + + if test -z "$withssdeep" -o "$withssdeep" = "yes"; then + for i in /usr/include /usr/local/include; do + if test -f "$i/$SSDEEP_LIB_NAME.h"; then + SSDEEP_CFLAGS="-I$i" + fi + done + else + if test -f "$withssdeep/../$SSDEEP_LIB_NAME.h"; then + SSDEEP_CFLAGS="-I$withssdeep/../" + else + if test -f "$withssdeep/$SSDEEP_LIB_NAME.h"; then + SSDEEP_CFLAGS="-I$withssdeep" + fi + fi + fi + +]) + + if test -z "${SSDEEP_CFLAGS}"; then + AC_MSG_RESULT([no]) + SSDEEP_LDFLAGS="" + SSDEEP_LDADD="" + #ifelse([$2], , AC_MSG_NOTICE([optional ssdeep library not found]), $2) + else + SSDEEP_CFLAGS="-DWITH_SSDEEP ${SSDEEP_CFLAGS}" + AC_MSG_RESULT([${SSDEEP_LDFLAGS} ${SSDEEP_CFLAGS}]) +#AC_MSG_NOTICE([using ssdeep: ${SSDEEP_CFLAGS} ${SSDEEP_LDFLAGS}]) +#ifelse([$1], , , $1) + fi + +AC_SUBST(SSDEEP_LDFLAGS) +AC_SUBST(SSDEEP_LDADD) +AC_SUBST(SSDEEP_CFLAGS) + + +]) diff --git a/configure.ac b/configure.ac index 2d7ac1c3..08d77373 100644 --- a/configure.ac +++ b/configure.ac @@ -701,6 +701,8 @@ fi # Check for YAJL libs (for JSON body processor) CHECK_YAJL() #AC_SEARCH_LIBS([yajl_alloc], [yajl]) +CHECK_SSDEEP() +AC_SEARCH_LIBS([fuzzy_hash_buf], [fuzzy]) AC_CONFIG_FILES([Makefile]) AC_CONFIG_FILES([tools/Makefile]) diff --git a/ext/Makefile.am b/ext/Makefile.am index c98ca38a..f0676438 100644 --- a/ext/Makefile.am +++ b/ext/Makefile.am @@ -4,7 +4,8 @@ EXT_CFLAGS = -I../apache2 \ @APU_CFLAGS@ \ @APXS_CFLAGS@ \ @LIBXML2_CFLAGS@ \ - @LUA_CFLAGS@ + @LUA_CFLAGS@ \ + @SSDEEP_CFLAGS@ EXT_CPPFLAGS = @APR_CPPFLAGS@ \ @LIBXML2_CPPFLAGS@ @@ -13,13 +14,14 @@ EXT_LIBADD = @APR_LDADD@ \ @APU_LDADD@ \ @LIBXML2_LDADD@ \ @LUA_LDADD@ - + EXT_LDFLAGS = -no-undefined -module -avoid-version \ @APR_LDFLAGS@ \ @APU_LDFLAGS@ \ @APXS_LDFLAGS@ \ @LIBXML2_LDFLAGS@ \ - @LUA_LDFLAGS@ + @LUA_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ pkglibdir = $(prefix)/lib diff --git a/nginx/modsecurity/config.in b/nginx/modsecurity/config.in index 753dbd6e..bfb6e218 100644 --- a/nginx/modsecurity/config.in +++ b/nginx/modsecurity/config.in @@ -8,7 +8,8 @@ CFLAGS="$CFLAGS \ @LUA_CFLAGS@ \ @MODSEC_EXTRA_CFLAGS@ \ @PCRE_CFLAGS@ \ - @YAJL_CFLAGS@" + @YAJL_CFLAGS@ \ + @SSDEEP_CFLAGS@" CORE_LIBS="$CORE_LIBS \ @@ -20,7 +21,8 @@ CORE_LIBS="$CORE_LIBS \ @LUA_LDADD@ \ @PCRE_LDADD@ \ @APXS_LIBS@ \ - @YAJL_LIBS@" + @YAJL_LIBS@ \ + @SSDEEP_LDFLAGS@" ngx_addon_name=ngx_http_modsecurity diff --git a/standalone/Makefile.am b/standalone/Makefile.am index c19b2f94..1e3875d5 100644 --- a/standalone/Makefile.am +++ b/standalone/Makefile.am @@ -51,7 +51,8 @@ standalone_la_CFLAGS = -DVERSION_NGINX \ @LUA_CFLAGS@ \ @MODSEC_EXTRA_CFLAGS@ \ @PCRE_CFLAGS@ \ - @YAJL_CFLAGS@ + @YAJL_CFLAGS@ \ + @SSDEEP_CFLAGS@ standalone_la_CPPFLAGS = @APR_CPPFLAGS@ \ @LIBXML2_CPPFLAGS@ \ @@ -62,7 +63,8 @@ standalone_la_LIBADD = @APR_LDADD@ \ @LIBXML2_LDADD@ \ @LUA_LDADD@ \ @PCRE_LDADD@ \ - @YAJL_LDADD@ + @YAJL_LDADD@ \ + @SSDEEP_CFLAGS@ if AIX standalone_la_LDFLAGS = -module -avoid-version \ @@ -72,7 +74,8 @@ standalone_la_LDFLAGS = -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if HPUX @@ -83,7 +86,8 @@ standalone_la_LDFLAGS = -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if MACOSX @@ -94,7 +98,8 @@ standalone_la_LDFLAGS = -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if SOLARIS @@ -105,7 +110,8 @@ standalone_la_LDFLAGS = -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if LINUX @@ -116,7 +122,8 @@ standalone_la_LDFLAGS = -no-undefined -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if FREEBSD @@ -127,7 +134,8 @@ standalone_la_LDFLAGS = -no-undefined -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if OPENBSD @@ -138,7 +146,8 @@ standalone_la_LDFLAGS = -no-undefined -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if NETBSD @@ -149,5 +158,7 @@ standalone_la_LDFLAGS = -no-undefined -module -avoid-version \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif + diff --git a/tests/Makefile.am b/tests/Makefile.am index e7a75dd2..4ed0e1bb 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -36,7 +36,8 @@ msc_test_CFLAGS = @APR_CFLAGS@ \ @LUA_CFLAGS@ \ @MODSEC_EXTRA_CFLAGS@ \ @PCRE_CFLAGS@ \ - @YAJL_CFLAGS@ + @YAJL_CFLAGS@ \ + @SSDEEP_CFLAGS@ msc_test_CPPFLAGS = -I$(top_srcdir)/apache2 \ @APR_CPPFLAGS@ \ @@ -48,7 +49,8 @@ msc_test_LDADD = @APR_LDADD@ \ @LIBXML2_LDADD@ \ @LUA_LDADD@ \ @PCRE_LDADD@ \ - @YAJL_LDADD@ + @YAJL_LDADD@ \ + @SSDEEP_CFLAGS@ msc_test_LDFLAGS = @APR_LDFLAGS@ \ @APU_LDFLAGS@ \ @@ -56,7 +58,8 @@ msc_test_LDFLAGS = @APR_LDFLAGS@ \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ check_SCRIPTS = run-unit-tests.pl TESTS = $(check_SCRIPTS)