# see: dh_installdeb(1)
set -e
+[ "$CARNET_SCRIPT_DEBUG" ] && set -vx
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# import CN-functions
. /usr/share/carnet-tools/functions.sh
-CONF=/etc/fail2ban/jail.conf
+CONF="/etc/fail2ban/jail.conf"
if [ -e "$CONF" ]; then
# enable ssh, pam-generic, sasl, proftpd and vsftpd service
- perl -ne 'if (/^\[(ssh|pam-generic|sasl|proftpd|vsftpd)\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
+ echo "CN: Enabling SSH, PAM-generic, SASL and Dovecot support..."
+ perl -ne 'if (/^\[(ssh|pam-generic|sasl|dovecot)\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
cp_mv "$CONF.$$" "$CONF"
rm -f "$CONF.$$"
- # enable dovecot service
- cp -a "$CONF" "$CONF.$$"
- cp-update fail2ban-cn "$CONF.$$" <<EOF
-[dovecot]
+ if [ -f /var/log/vsftpd.log ]; then
+ echo "CN: Enabling vsftpd support..."
+ perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
+ cp_mv "$CONF.$$" "$CONF"
+ rm -f "$CONF.$$"
+ else
+ echo "CN: Disabling vsftpd support..."
+ perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled = false/gi }; print $_' "$CONF" > "$CONF.$$" && \
+ cp_mv "$CONF.$$" "$CONF"
+ rm -f "$CONF.$$"
+ fi
+
+ if [ -f /var/log/proftpd/proftpd.log ]; then
+ echo "CN: Enabling ProFTPD support..."
+ perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
+ cp_mv "$CONF.$$" "$CONF"
+ rm -f "$CONF.$$"
+ else
+ echo "CN: Disabling ProFTPD support..."
+ perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled = false/gi }; print $_' "$CONF" > "$CONF.$$" && \
+ cp_mv "$CONF.$$" "$CONF"
+ rm -f "$CONF.$$"
+ fi
-enabled = true
-port = 110,143
-protocol = tcp
-filter = dovecot
-logpath = /var/log/mail.log
-EOF
- cp_mv "$CONF.$$" "$CONF"
+ # postfix-sasl in jessie, not sasl anymore
+ cp_check_and_sed 'filter[ ]*=[ ]*sasl' \
+ 's/^filter[ ]*=[ ]*sasl/filter = postfix-sasl/gi' \
+ "$CONF" && echo "CN: Fixing sasl to postfix-sasl..." || true
# add network address and class if needed
cp_get_netaddr || true
NETADDR="$RET"
IGNOREIP=$(grep '^ignoreip' "$CONF")
if ! echo "$IGNOREIP" | grep -q "$NETADDR"; then
+ echo "CN: Enabling local IP ranges exclusion..."
cp_check_and_sed '^ignoreip' \
"s;^\(ignoreip.*\)$;\1 $NETADDR;g" "$CONF" || true
fi
fi
# restart the services
-if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
- invoke-rc.d fail2ban restart || exit $?
-else
- /etc/init.d/fail2ban restart || exit $?
-fi
+service fail2ban restart || exit $?
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
projects / fail2ban-cn.git / blobdiff