X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fpostinst;h=a669349b552a071f0d5c4eaa17fe8a252d7872f5;hb=HEAD;hp=0635772a511581b6b7d755deeb2dc6017845f11f;hpb=d1db472dd7754d2fdb6e747d34f7ada708004bf2;p=fail2ban-cn.git diff --git a/debian/postinst b/debian/postinst index 0635772..a669349 100755 --- a/debian/postinst +++ b/debian/postinst @@ -1,59 +1,70 @@ #!/bin/sh -# postinst script for bind9-cn -# -# see: dh_installdeb(1) set -e +[ "$1" = "configure" ] || exit 0 +[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package -# - -case "$1" in - configure|reconfigure) - # continue below - ;; - - *) - exit 0 - ;; -esac - -# import CN-functions +# Load CARNET Tools . /usr/share/carnet-tools/functions.sh -CONF=/etc/fail2ban/jail.conf +CONF="/etc/fail2ban/jail.conf" if [ -e "$CONF" ]; then - # enable ssh and pam-generic services - perl -ne 'if (/\[(ssh|pam-generic)\]/ .. /enabled/) { $_ =~ s/enabled = false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \ - mv "$CONF.$$" "$CONF" + # enable ssh, pam-generic, sasl, proftpd and vsftpd service + echo "CN: Enabling SSH, PAM-generic, SASL and Dovecot support..." + perl -ne 'if (/^\[(ssh|pam-generic|sasl|dovecot)\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \ + cp_mv "$CONF.$$" "$CONF" rm -f "$CONF.$$" + if [ -f /var/log/vsftpd.log ]; then + echo "CN: Enabling vsftpd support..." + perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \ + cp_mv "$CONF.$$" "$CONF" + rm -f "$CONF.$$" + else + echo "CN: Disabling vsftpd support..." + perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled = false/gi }; print $_' "$CONF" > "$CONF.$$" && \ + cp_mv "$CONF.$$" "$CONF" + rm -f "$CONF.$$" + fi + + if [ -f /var/log/proftpd/proftpd.log ]; then + echo "CN: Enabling ProFTPD support..." + perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \ + cp_mv "$CONF.$$" "$CONF" + rm -f "$CONF.$$" + else + echo "CN: Disabling ProFTPD support..." + perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled = false/gi }; print $_' "$CONF" > "$CONF.$$" && \ + cp_mv "$CONF.$$" "$CONF" + rm -f "$CONF.$$" + fi + + # postfix-sasl in jessie, not sasl anymore + cp_check_and_sed 'filter[ ]*=[ ]*sasl' \ + 's/^filter[ ]*=[ ]*sasl/filter = postfix-sasl/gi' \ + "$CONF" && echo "CN: Fixing sasl to postfix-sasl..." || true + # add network address and class if needed cp_get_netaddr || true NETADDR="$RET" - IGNOREIP=$(grep '^ignoreip' "$CONF") - if ! echo "$IGNOREIP" | grep -q "$NETADDR"; then - cp_check_and_sed '^ignoreip' \ - "s;^\(ignoreip.*\)$;\1 $NETADDR;g" "$CONF" || true - fi + IGNOREIP=$(grep '^ignoreip' "$CONF" || true) + if grep -q '^ignoreip' "$CONF"; then + IGNOREIP=$(grep '^ignoreip' "$CONF") + if ! echo "$IGNOREIP" | grep -q "$NETADDR"; then + echo "CN: Enabling local IP ranges exclusion..." + cp_check_and_sed '^ignoreip' \ + "s;^\(ignoreip.*\)$;\1 $NETADDR;g" "$CONF" || true + fi + elif grep -q '^#ignoreip' "$CONF"; then + echo "CN: Enabling local IP ranges exclusion..." + cp_check_and_sed '^#ignoreip' \ + "s;^#ignoreip.*$;ignoreip = $NETADDR;g" "$CONF" || true + fi fi # restart the services -if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d fail2ban restart || exit $? -else - /etc/init.d/fail2ban restart || exit $? -fi +service fail2ban restart || exit $? # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts.