Izbaceno koristenje geoLookup operatora.

[mod-security-cn.git] / debian / postinst

#!/bin/sh

set -e

[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx

case "$1" in
        configure)
        # continue below
        ;;

        abort-upgrade|abort-remove|abort-deconfigure)
        exit 0
        ;;

        *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 0
        ;;
esac


# Load debconf
. /usr/share/debconf/confmodule

# Include CARNet functions
. /usr/share/carnet-tools/functions.sh

PKG="mod-security-cn"
A2DIR="/etc/apache2"
CONFDIR="$A2DIR/conf.d"
CONF="$CONFDIR/apache2.conf"
A2MODEDIR="$A2DIR/mods-enabled"
MODSECDIR="$A2DIR/mod-security"
MODSECCONF="$MODSECDIR/mod-security-cn.conf"
MODSECTDIR="/usr/share/mod-security-cn"

temp_files=
need_restart=0


# cleanup()
#
#   Cleanup all temp files or directories.
#
cleanup () {

        local item

        if [ -n "$temp_files" ]; then
            for item in $temp_files; do
                if [ -e "$item" ]; then
                    rm -rf $item
                fi
            done
        fi
}

# chk_conf_tag ()
#
#   Check if configuration file has CARNet package info lines.
#   return:  $RET => 0 - tagged
#                    1 - file does not exists
#                    2 - file exists, but it is not tagged
#
chk_conf_tag () {

        local conf_file
        conf_file="$1"
        RET=1
        
        if [ -f "$conf_file" ]; then
            if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then
                RET=0
            else
                RET=2
            fi
        fi
}

# install_conf()
#
#   Install specified ModSecurity configuration file.
#
install_conf () {

        local conftmpl conf
        conftmpl="$MODSECTDIR/$1"
        conf="$MODSECDIR/$1"

        if [ ! -e "$conf" ]; then
            cp_echo "CN: Creating new configuration file $conf"
            cp "$conftmpl" "$conf"
            need_restart=1
        else
            if ! cmp -s "$conf" "$conftmpl"; then
                cp_echo "CN: Updating configuration file $conf"
                cp "$conftmpl" "$conf"
                need_restart=1
            else
                cp_echo "CN: $conf already exists." 1>&2
            fi
        fi
}


# Set trap for deleting all temp files.
#
trap cleanup 0 1 2 15


# Enable ModSecurity and unique_id Apache2 modules.
#
if [ -e "$CONF" ]; then

        # Enable mod-security.load
        if [ ! -e "$A2MODEDIR/mod-security.load" ]; then
            cp_echo "CN: Enabling ModSecurity module for Apache2 web server."
            a2enmod mod-security >/dev/null || true
            need_restart=1
        fi

        # Enable unique_id.load
        if [ ! -e "$A2MODEDIR/unique_id.load" ]; then
            cp_echo "CN: Enabling unique_id module for Apache2 web server."
            a2enmod unique_id >/dev/null || true
            need_restart=1
        fi
fi


# Generate ModSecurity configuration file and activate RBL lookup
# for ModSecurity if needed.
#
chk_conf_tag "$MODSECCONF"
if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then

        # Create /etc/apache2/conf.d/ directory if missing.
        if [ ! -d "$CONFDIR" ]; then
            cp_echo "CN: Creating configuration directory $CONFDIR/"
            mkdir -p $CONFDIR/
        fi

        # Create /etc/apache2/mod-security/ directory if missing.
        if [ ! -d "$MODSECDIR" ]; then
            cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/"
            mkdir -p $MODSECDIR/
        fi

        install_conf "mod-security-cn.conf"

        db_get mod-security-cn/rbl || true
        if [ "$RET" = "true" ]; then

            cp_echo "CN: Enabling ModSecurity RBL lookup in $MODSECCONF"

            # Add RBL configuration.
            chk_conf_tag "$MODSECDIR/rbl_lookup.conf"
            if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
                install_conf "rbl_lookup.conf"
            fi
        else

            cp_echo "CN: Disabling ModSecurity RBL lookup in $MODSECCONF"

            # Remove RBL configuration.
            out=$(mktemp $MODSECCONF.XXXXXX)
            temp_files="${temp_files} ${out}"
            sed -r "s/^([[:space:]]*)(Include[[:space:]]+\/etc\/apache2\/mod-security\/rbl_lookup\.conf)$/\1#\2/I" \
                "$MODSECCONF" > "$out"
            mv -f "$out" "$MODSECCONF"
            if [ -f "$out" ]; then rm -f $out; fi

            chk_conf_tag "$MODSECDIR/rbl_lookup.conf"
            if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
                rm -f "$MODSECDIR/rbl_lookup.conf"
            fi

            need_restart=1
        fi

        # Enable ModSecurity configuration.
        if [ ! -e "$CONFDIR/mod-security-cn.conf" ]; then
            cp_echo "CN: Enabling ModSecurity configuration."
            ln -fs "$MODSECCONF" "$CONFDIR/."
            need_restart=1
        fi
fi

db_stop || true


# Restart Apache2 web server if needed.
#
if [ $need_restart -eq 1 ]; then

        # Check Apache2 web server configuration.
        if /usr/sbin/apache2ctl configtest 2>/dev/null; then

            # Restart Apache2 web server.
            if [ -x "/etc/init.d/apache2" ]; then
                if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
                    invoke-rc.d apache2 restart || true
                else
                    /etc/init.d/apache2 restart || true
                fi
            fi
        else

            # Something is broken.
            cp_echo "CN: Your Apache2 configuration is broken."
            cp_echo "CN: Please, check the service after the installation finishes!"
        fi
fi


# Mail root
#
cp_mail "$PKG"

exit 0