X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fpostinst;h=02d680dd0e7dea823de8726c9f72a78cb1dcc2d9;hb=a452628cc701ed542bbf1272dc48616032acb644;hp=634d1077426fe841ca174dafde2c55ea26d2cc34;hpb=eae9627db45a5346d7c6ee014dfa626848410e65;p=mod-security-cn.git diff --git a/debian/postinst b/debian/postinst index 634d107..02d680d 100644 --- a/debian/postinst +++ b/debian/postinst @@ -5,18 +5,18 @@ set -e [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx case "$1" in - configure) - # continue below - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - exit 0 - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 0 - ;; + configure) + # continue below + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; esac @@ -28,12 +28,14 @@ esac PKG="mod-security-cn" A2DIR="/etc/apache2" +CONF="$A2DIR/apache2.conf" CONFDIR="$A2DIR/conf.d" -CONF="$CONFDIR/apache2.conf" A2MODEDIR="$A2DIR/mods-enabled" MODSECDIR="$A2DIR/mod-security" MODSECCONF="$MODSECDIR/mod-security-cn.conf" -MODSECTDIR="/usr/share/mod-security-cn" +MODSECRBL="$MODSECDIR/rbl_lookup.conf" +MODSECLNK="$CONFDIR/$(basename $MODSECCONF)" +MODSECTPL="/usr/share/mod-security-cn" temp_files= need_restart=0 @@ -44,16 +46,15 @@ need_restart=0 # Cleanup all temp files or directories. # cleanup () { + local item - local item - - if [ -n "$temp_files" ]; then - for item in $temp_files; do - if [ -e "$item" ]; then - rm -rf $item - fi - done - fi + if [ -n "$temp_files" ]; then + for item in $temp_files; do + if [ -e "$item" ]; then + rm -rf $item + fi + done + fi } # chk_conf_tag () @@ -64,43 +65,17 @@ cleanup () { # 2 - file exists, but it is not tagged # chk_conf_tag () { + local conf_file + conf_file="$1" + RET=1 - local conf_file - conf_file="$1" - RET=1 - - if [ -f "$conf_file" ]; then - if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then - RET=0 - else - RET=2 - fi - fi -} - -# install_conf() -# -# Install specified ModSecurity configuration file. -# -install_conf () { - - local conftmpl conf - conftmpl="$MODSECTDIR/$1" - conf="$MODSECDIR/$1" - - if [ ! -e "$conf" ]; then - cp_echo "CN: Creating new configuration file $conf" - cp "$conftmpl" "$conf" - need_restart=1 + if [ -f "$conf_file" ]; then + if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then + RET=0 else - if ! cmp -s "$conf" "$conftmpl"; then - cp_echo "CN: Updating configuration file $conf" - cp "$conftmpl" "$conf" - need_restart=1 - else - cp_echo "CN: $conf already exists." 1>&2 - fi + RET=2 fi + fi } @@ -112,79 +87,115 @@ trap cleanup 0 1 2 15 # Enable ModSecurity and unique_id Apache2 modules. # if [ -e "$CONF" ]; then - - # Enable mod-security.load - if [ ! -e "$A2MODEDIR/mod-security.load" ]; then - cp_echo "CN: Enabling ModSecurity module for Apache2 web server." - a2enmod mod-security >/dev/null || true - need_restart=1 - fi - - # Enable unique_id.load - if [ ! -e "$A2MODEDIR/unique_id.load" ]; then - cp_echo "CN: Enabling unique_id module for Apache2 web server." - a2enmod unique_id >/dev/null || true - need_restart=1 - fi + # Enable mod-security.load + if [ ! -e "$A2MODEDIR/mod-security.load" ]; then + cp_echo "CN: Enabling ModSecurity module for Apache2 web server." + a2enmod mod-security >/dev/null || true + need_restart=1 + fi + + # Enable unique_id.load + if [ ! -e "$A2MODEDIR/unique_id.load" ]; then + cp_echo "CN: Enabling unique_id module for Apache2 web server." + a2enmod unique_id >/dev/null || true + need_restart=1 + fi fi -# Generate ModSecurity configuration file and activate RBL lookup +# Generate ModSecurity configuration files and activate RBL lookup # for ModSecurity if needed. # chk_conf_tag "$MODSECCONF" if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - # Create /etc/apache2/conf.d/ directory if missing. - if [ ! -d "$CONFDIR" ]; then - cp_echo "CN: Creating configuration directory $CONFDIR/" - mkdir -p $CONFDIR/ - fi + # Create /etc/apache2/conf.d/ directory if missing. + if [ ! -d "$CONFDIR" ]; then + cp_echo "CN: Creating configuration directory $CONFDIR/" + mkdir -p $CONFDIR/ + fi - # Create /etc/apache2/mod-security/ directory if missing. - if [ ! -d "$MODSECDIR" ]; then - cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/" - mkdir -p $MODSECDIR/ - fi + # Create /etc/apache2/mod-security/ directory if missing. + if [ ! -d "$MODSECDIR" ]; then + cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/" + mkdir -p $MODSECDIR/ + fi - install_conf "mod-security-cn.conf" + out=$(mktemp $MODSECCONF.XXXXXX) + temp_files="${temp_files} ${out}" - db_get mod-security-cn/rbl || true - if [ "$RET" = "true" ]; then + db_get mod-security-cn/rbl || true + if [ "$RET" = "true" ]; then - cp_echo "CN: Enabling ModSecurity RBL lookup in $MODSECCONF" + # Add RBL configuration. + chk_conf_tag "$MODSECRBL" + if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - # Add RBL configuration. - chk_conf_tag "$MODSECDIR/rbl_lookup.conf" - if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - install_conf "rbl_lookup.conf" + if [ $RET -eq 1 ]; then + cp_echo "CN: Creating configuration file $MODSECRBL" + cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL" + need_restart=1 + else + if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then + cp_echo "CN: Updating configuration file $MODSECRBL" + cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL" + need_restart=1 + fi fi - else - - cp_echo "CN: Disabling ModSecurity RBL lookup in $MODSECCONF" + fi - # Remove RBL configuration. - out=$(mktemp $MODSECCONF.XXXXXX) - temp_files="${temp_files} ${out}" - sed -r "s/^([[:space:]]*)(Include[[:space:]]+\/etc\/apache2\/mod-security\/rbl_lookup\.conf)$/\1#\2/I" \ - "$MODSECCONF" > "$out" - mv -f "$out" "$MODSECCONF" - if [ -f "$out" ]; then rm -f $out; fi + sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \ + "$MODSECTPL/$(basename $MODSECCONF)" > "$out" - chk_conf_tag "$MODSECDIR/rbl_lookup.conf" - if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - rm -f "$MODSECDIR/rbl_lookup.conf" + if [ -e "$MODSECCONF" ]; then + if ! cmp -s "$MODSECCONF" "$out"; then + cp_echo "CN: Updating configuration file $MODSECCONF" + mv -f "$out" "$MODSECCONF" + cp_echo "CN: Enabled ModSecurity RBL lookup." + need_restart=1 fi + else + cp_echo "CN: Creating configuration file $MODSECCONF" + mv "$out" "$MODSECCONF" + cp_echo "CN: Enabled ModSecurity RBL lookup." + need_restart=1 + fi + else + # Remove RBL configuration. + sed "s,#RBLLOOKUP#,# DISABLED,g" \ + "$MODSECTPL/$(basename $MODSECCONF)" > "$out" + + if [ -e "$MODSECCONF" ]; then + if ! cmp -s "$MODSECCONF" "$out"; then + cp_echo "CN: Updating configuration file $MODSECCONF" + mv -f "$out" "$MODSECCONF" + cp_echo "CN: Disabled ModSecurity RBL lookup." + need_restart=1 + fi + else + cp_echo "CN: Creating configuration file $MODSECCONF" + mv "$out" "$MODSECCONF" + cp_echo "CN: Disabled ModSecurity RBL lookup." need_restart=1 fi - # Enable ModSecurity configuration. - if [ ! -e "$CONFDIR/mod-security-cn.conf" ]; then - cp_echo "CN: Enabling ModSecurity configuration." - ln -fs "$MODSECCONF" "$CONFDIR/." + chk_conf_tag "$MODSECRBL" + if [ $RET -eq 0 ]; then + cp_echo "CN: Removing configuration file $MODSECRBL" + rm -f "$MODSECRBL" need_restart=1 fi + fi + + if [ -f "$out" ]; then rm -f $out; fi + + # Enable ModSecurity configuration. + if [ ! -e "$MODSECLNK" ]; then + cp_echo "CN: Enabling ModSecurity configuration." + ln -fs "$MODSECCONF" "$MODSECLNK" + need_restart=1 + fi fi db_stop || true @@ -194,23 +205,14 @@ db_stop || true # if [ $need_restart -eq 1 ]; then - # Check Apache2 web server configuration. - if /usr/sbin/apache2ctl configtest 2>/dev/null; then - - # Restart Apache2 web server. - if [ -x "/etc/init.d/apache2" ]; then - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache2 restart || true - else - /etc/init.d/apache2 restart || true - fi - fi - else - - # Something is broken. - cp_echo "CN: Your Apache2 configuration is broken." - cp_echo "CN: Please, check the service after the installation finishes!" - fi + # Check Apache2 web server configuration. + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 force-reload || true + else + # Something is broken. + cp_echo "CN: Your Apache2 configuration is broken." + cp_echo "CN: Please, check the service after the installation finishes!" + fi fi @@ -218,4 +220,6 @@ fi # cp_mail "$PKG" +#DEBHELPER# + exit 0