PKG="mod-security-cn"
A2DIR="/etc/apache2"
CONF="$A2DIR/apache2.conf"
-CONFDIR="$A2DIR/conf.d"
-A2MODEDIR="$A2DIR/mods-enabled"
+CONFDIR="$A2DIR/conf-available"
MODSECDIR="$A2DIR/mod-security"
MODSECCONF="$MODSECDIR/mod-security-cn.conf"
MODSECRBL="$MODSECDIR/rbl_lookup.conf"
-MODSECLNK="$CONFDIR/$(basename $MODSECCONF)"
+MODSECLNK="$CONFDIR/security2-cn.conf"
MODSECTPL="/usr/share/mod-security-cn"
temp_files=
-need_restart=0
+if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
+ . /usr/share/apache2/apache2-maintscript-helper
+
+ modsecurity_enable() {
+ cp_echo "CN: Enabling $PKG configuration for Apache2."
+ return 0
+ }
+else
+ cp_echo "CN: Could not load Apache 2.4 maintainer script helper."
+
+ modsecurity_enable() {
+ return 1
+ }
+fi
+
# cleanup()
#
# Cleanup all temp files or directories.
trap cleanup 0 1 2 15
-# Enable ModSecurity and unique_id Apache2 modules.
+# Remove obsolete symbolic link.
#
-if [ -e "$CONF" ]; then
- # Enable mod-security.load
- if [ ! -e "$A2MODEDIR/mod-security.load" ]; then
- cp_echo "CN: Enabling ModSecurity module for Apache2 web server."
- a2enmod mod-security >/dev/null || true
- need_restart=1
- fi
-
- # Enable unique_id.load
- if [ ! -e "$A2MODEDIR/unique_id.load" ]; then
- cp_echo "CN: Enabling unique_id module for Apache2 web server."
- a2enmod unique_id >/dev/null || true
- need_restart=1
- fi
+if [ "`readlink -q -m /etc/apache2/conf.d/$PKG.conf`" = "$MODSECCONF" ]; then
+ rm -f /etc/apache2/conf.d/$PKG.conf
fi
chk_conf_tag "$MODSECCONF"
if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
- # Create /etc/apache2/conf.d/ directory if missing.
+ # Create /etc/apache2/conf-available/ directory if missing.
if [ ! -d "$CONFDIR" ]; then
cp_echo "CN: Creating configuration directory $CONFDIR/"
mkdir -p $CONFDIR/
if [ $RET -eq 1 ]; then
cp_echo "CN: Creating configuration file $MODSECRBL"
cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
- need_restart=1
else
if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then
cp_echo "CN: Updating configuration file $MODSECRBL"
cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
- need_restart=1
fi
fi
fi
cp_echo "CN: Updating configuration file $MODSECCONF"
mv -f "$out" "$MODSECCONF"
cp_echo "CN: Enabled ModSecurity RBL lookup."
- need_restart=1
fi
else
cp_echo "CN: Creating configuration file $MODSECCONF"
mv "$out" "$MODSECCONF"
cp_echo "CN: Enabled ModSecurity RBL lookup."
- need_restart=1
fi
else
cp_echo "CN: Updating configuration file $MODSECCONF"
mv -f "$out" "$MODSECCONF"
cp_echo "CN: Disabled ModSecurity RBL lookup."
- need_restart=1
fi
else
cp_echo "CN: Creating configuration file $MODSECCONF"
mv "$out" "$MODSECCONF"
cp_echo "CN: Disabled ModSecurity RBL lookup."
- need_restart=1
fi
chk_conf_tag "$MODSECRBL"
if [ $RET -eq 0 ]; then
cp_echo "CN: Removing configuration file $MODSECRBL"
rm -f "$MODSECRBL"
- need_restart=1
fi
fi
# Enable ModSecurity configuration.
if [ ! -e "$MODSECLNK" ]; then
- cp_echo "CN: Enabling ModSecurity configuration."
ln -fs "$MODSECCONF" "$MODSECLNK"
- need_restart=1
+ fi
+ if modsecurity_enable; then
+ apache2_invoke enmod security2
+ apache2_invoke enconf security2-cn
fi
fi
db_stop || true
-
-# Restart Apache2 web server if needed.
-#
-if [ $need_restart -eq 1 ]; then
-
- # Check Apache2 web server configuration.
- if apache2ctl configtest 2>/dev/null; then
- invoke-rc.d apache2 force-reload || true
- else
- # Something is broken.
- cp_echo "CN: Your Apache2 configuration is broken."
- cp_echo "CN: Please, check the service after the installation finishes!"
- fi
+if ! apache2ctl configtest >/dev/null 2>&1; then
+ cp_echo "CN: Your Apache2 configuration seems to be broken."
+ cp_echo "CN: Please, check the service after the installation finishes!"
fi