debian/postinst

   1 #!/bin/sh
   2 # postinst script for bind9-cn
   3 #
   4 # see: dh_installdeb(1)
   5
   6 set -e
   7 [ "$CARNET_SCRIPT_DEBUG" ] && set -vx
   8
   9 # summary of how this script can be called:
  10 #        * <postinst> `configure' <most-recently-configured-version>
  11 #        * <old-postinst> `abort-upgrade' <new version>
  12 #        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
  13 #          <new-version>
  14 #        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
  15 #          <failed-install-package> <version> `removing'
  16 #          <conflicting-package> <version>
  17 # for details, see http://www.debian.org/doc/debian-policy/ or
  18 # the debian-policy package
  19 #
  20
  21 case "$1" in
  22     configure|reconfigure)
  23       # continue below
  24     ;;
  25
  26     *)
  27         exit 0
  28     ;;
  29 esac
  30
  31 # import CN-functions
  32 . /usr/share/carnet-tools/functions.sh
  33
  34 CONF="/etc/fail2ban/jail.conf"
  35
  36 if [ -e "$CONF" ]; then
  37     # enable ssh, pam-generic, sasl, proftpd and vsftpd service
  38     echo "CN: Enabling SSH, PAM-generic, SASL and Dovecot support..."
  39     perl -ne 'if (/^\[(ssh|pam-generic|sasl|dovecot)\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled  = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
  40         cp_mv "$CONF.$$" "$CONF"
  41     rm -f "$CONF.$$"
  42
  43     if [ -f /var/log/vsftpd.log ]; then
  44       echo "CN: Enabling vsftpd support..."
  45       perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled  = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
  46           cp_mv "$CONF.$$" "$CONF"
  47       rm -f "$CONF.$$"
  48     else
  49       echo "CN: Disabling vsftpd support..."
  50       perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled  = false/gi }; print $_' "$CONF" > "$CONF.$$" && \
  51           cp_mv "$CONF.$$" "$CONF"
  52       rm -f "$CONF.$$"
  53     fi
  54
  55     if [ -f /var/log/proftpd/proftpd.log ]; then
  56       echo "CN: Enabling ProFTPD support..."
  57       perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled  = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
  58           cp_mv "$CONF.$$" "$CONF"
  59       rm -f "$CONF.$$"
  60    else
  61       echo "CN: Disabling ProFTPD support..."
  62       perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled  = false/gi }; print $_' "$CONF" > "$CONF.$$" && \
  63           cp_mv "$CONF.$$" "$CONF"
  64       rm -f "$CONF.$$"
  65     fi
  66
  67     # postfix-sasl in jessie, not sasl anymore
  68     cp_check_and_sed 'filter[ ]*=[ ]*sasl' \
  69                      's/^filter[ ]*=[ ]*sasl/filter     = postfix-sasl/gi' \
  70                      "$CONF" && echo "CN: Fixing sasl to postfix-sasl..." || true
  71
  72     # add network address and class if needed
  73     cp_get_netaddr || true
  74     NETADDR="$RET"
  75     IGNOREIP=$(grep '^ignoreip' "$CONF")
  76     if ! echo "$IGNOREIP" | grep -q "$NETADDR"; then
  77        echo "CN: Enabling local IP ranges exclusion..."
  78        cp_check_and_sed '^ignoreip' \
  79             "s;^\(ignoreip.*\)$;\1 $NETADDR;g" "$CONF" || true
  80     fi
  81 fi
  82
  83 # restart the services
  84 service fail2ban restart || exit $?
  85
  86 # dh_installdeb will replace this with shell code automatically
  87 # generated by other debhelper scripts.
  88
  89 #DEBHELPER#
  90
  91 exit 0