set -e
+[ "$1" = "configure" ] || exit 0
[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
-case "$1" in
- configure)
- # continue below
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- exit 0
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 0
- ;;
-esac
-
-
-# Load debconf
+# Load Debconf
. /usr/share/debconf/confmodule
-# Include CARNet functions
+# Load CARNet Tools
. /usr/share/carnet-tools/functions.sh
PKG="mod-security-cn"
if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
- . /usr/share/apache2/apache2-maintscript-helper
+ . /usr/share/apache2/apache2-maintscript-helper
- modsecurity_enable() {
- return 0
- }
+ modsecurity_enable() {
+ return 0
+ }
else
- cp_echo "CN: Could not load Apache 2.4 maintainer script helper."
+ cp_echo "CN: Could not load Apache 2.4 maintainer script helper."
- modsecurity_enable() {
- return 1
- }
+ modsecurity_enable() {
+ return 1
+ }
fi
# cleanup()
# Cleanup all temp files or directories.
#
cleanup () {
- local item
-
- if [ -n "$temp_files" ]; then
- for item in $temp_files; do
- if [ -e "$item" ]; then
- rm -rf $item
- fi
- done
- fi
+ local item
+
+ if [ -n "$temp_files" ]; then
+ for item in $temp_files; do
+ if [ -e "$item" ]; then
+ rm -rf $item
+ fi
+ done
+ fi
}
# chk_conf_tag ()
# 2 - file exists, but it is not tagged
#
chk_conf_tag () {
- local conf_file
- conf_file="$1"
- RET=1
-
- if [ -f "$conf_file" ]; then
- if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then
- RET=0
- else
- RET=2
- fi
+ local conf_file
+ conf_file="$1"
+ RET=1
+
+ if [ -f "$conf_file" ]; then
+ if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then
+ RET=0
+ else
+ RET=2
fi
+ fi
}
# Enable ModSecurity and unique_id Apache2 modules.
#
if modsecurity_enable; then
- apache2_invoke enmod security2
+ apache2_invoke enmod security2
fi
# Remove obsolete symbolic link.
#
if [ "`readlink -q -m /etc/apache2/conf.d/$PKG.conf`" = "$MODSECCONF" ]; then
- rm -f /etc/apache2/conf.d/$PKG.conf
+ rm -f /etc/apache2/conf.d/$PKG.conf
fi
chk_conf_tag "$MODSECCONF"
if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
- # Create /etc/apache2/conf-available/ directory if missing.
- if [ ! -d "$CONFDIR" ]; then
- cp_echo "CN: Creating configuration directory $CONFDIR/"
- mkdir -p $CONFDIR/
- fi
-
- # Create /etc/apache2/mod-security/ directory if missing.
- if [ ! -d "$MODSECDIR" ]; then
- cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/"
- mkdir -p $MODSECDIR/
+ # Create /etc/apache2/conf-available/ directory if missing.
+ if [ ! -d "$CONFDIR" ]; then
+ cp_echo "CN: Creating configuration directory $CONFDIR/"
+ mkdir -p $CONFDIR/
+ fi
+
+ # Create /etc/apache2/mod-security/ directory if missing.
+ if [ ! -d "$MODSECDIR" ]; then
+ cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/"
+ mkdir -p $MODSECDIR/
+ fi
+
+ out=$(mktemp $MODSECCONF.XXXXXX)
+ temp_files="${temp_files} ${out}"
+
+ db_get mod-security-cn/rbl || true
+ if [ "$RET" = "true" ]; then
+
+ # Add RBL configuration.
+ chk_conf_tag "$MODSECRBL"
+ if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
+
+ if [ $RET -eq 1 ]; then
+ cp_echo "CN: Creating configuration file $MODSECRBL"
+ cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
+ else
+ if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then
+ cp_echo "CN: Updating configuration file $MODSECRBL"
+ cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
+ fi
+ fi
fi
- out=$(mktemp $MODSECCONF.XXXXXX)
- temp_files="${temp_files} ${out}"
-
- db_get mod-security-cn/rbl || true
- if [ "$RET" = "true" ]; then
-
- # Add RBL configuration.
- chk_conf_tag "$MODSECRBL"
- if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
-
- if [ $RET -eq 1 ]; then
- cp_echo "CN: Creating configuration file $MODSECRBL"
- cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
- else
- if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then
- cp_echo "CN: Updating configuration file $MODSECRBL"
- cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
- fi
- fi
- fi
+ sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \
+ "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
- sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \
- "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
-
- if [ -e "$MODSECCONF" ]; then
- if ! cmp -s "$MODSECCONF" "$out"; then
- cp_echo "CN: Updating configuration file $MODSECCONF"
- mv -f "$out" "$MODSECCONF"
- cp_echo "CN: Enabled ModSecurity RBL lookup."
- fi
- else
- cp_echo "CN: Creating configuration file $MODSECCONF"
- mv "$out" "$MODSECCONF"
- cp_echo "CN: Enabled ModSecurity RBL lookup."
- fi
+ if [ -e "$MODSECCONF" ]; then
+ if ! cmp -s "$MODSECCONF" "$out"; then
+ cp_echo "CN: Updating configuration file $MODSECCONF"
+ mv -f "$out" "$MODSECCONF"
+ cp_echo "CN: Enabled ModSecurity RBL lookup."
+ fi
else
+ cp_echo "CN: Creating configuration file $MODSECCONF"
+ mv "$out" "$MODSECCONF"
+ cp_echo "CN: Enabled ModSecurity RBL lookup."
+ fi
+ else
+
+ # Remove RBL configuration.
+ sed "s,#RBLLOOKUP#,# DISABLED,g" \
+ "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
+
+ if [ -e "$MODSECCONF" ]; then
+ if ! cmp -s "$MODSECCONF" "$out"; then
+ cp_echo "CN: Updating configuration file $MODSECCONF"
+ mv -f "$out" "$MODSECCONF"
+ cp_echo "CN: Disabled ModSecurity RBL lookup."
+ fi
+ else
+ cp_echo "CN: Creating configuration file $MODSECCONF"
+ mv "$out" "$MODSECCONF"
+ cp_echo "CN: Disabled ModSecurity RBL lookup."
+ fi
- # Remove RBL configuration.
- sed "s,#RBLLOOKUP#,# DISABLED,g" \
- "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
-
- if [ -e "$MODSECCONF" ]; then
- if ! cmp -s "$MODSECCONF" "$out"; then
- cp_echo "CN: Updating configuration file $MODSECCONF"
- mv -f "$out" "$MODSECCONF"
- cp_echo "CN: Disabled ModSecurity RBL lookup."
- fi
- else
- cp_echo "CN: Creating configuration file $MODSECCONF"
- mv "$out" "$MODSECCONF"
- cp_echo "CN: Disabled ModSecurity RBL lookup."
- fi
-
- chk_conf_tag "$MODSECRBL"
- if [ $RET -eq 0 ]; then
- cp_echo "CN: Removing configuration file $MODSECRBL"
- rm -f "$MODSECRBL"
- fi
+ chk_conf_tag "$MODSECRBL"
+ if [ $RET -eq 0 ]; then
+ cp_echo "CN: Removing configuration file $MODSECRBL"
+ rm -f "$MODSECRBL"
fi
+ fi
- if [ -f "$out" ]; then rm -f $out; fi
+ if [ -f "$out" ]; then rm -f $out; fi
fi
# Enable ModSecurity configuration.
#
if [ ! -e "$MODSECLNK" ]; then
- ln -fs "$MODSECCONF" "$MODSECLNK"
+ ln -fs "$MODSECCONF" "$MODSECLNK"
fi
if modsecurity_enable; then
- cp_echo "CN: Enabling $PKG configuration for Apache2."
- apache2_invoke enconf security2-cn
+ cp_echo "CN: Enabling $PKG configuration for Apache2."
+ apache2_invoke enconf security2-cn
fi
db_stop || true
if ! apache2ctl configtest >/dev/null 2>&1; then
- cp_echo "CN: Your Apache2 configuration seems to be broken."
- cp_echo "CN: Please, check the service after the installation finishes!"
+ cp_echo "CN: Your Apache2 configuration seems to be broken."
+ cp_echo "CN: Please, check the service after the installation finishes!"
fi
projects / mod-security-cn.git / blobdiff