X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=mod-security-cn.git;a=blobdiff_plain;f=debian%2Fpostinst;h=96bf5f7d85f7bbc38e31303c76b40e2a78a37546;hp=634d1077426fe841ca174dafde2c55ea26d2cc34;hb=d88c1a9e47b7892de4eda2a2a3f2494681c70856;hpb=65bbe42036b53f52e0ada10269e4f81bb79591c0

diff --git a/debian/postinst b/debian/postinst
index 634d107..96bf5f7 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -28,12 +28,14 @@ esac
 
 PKG="mod-security-cn"
 A2DIR="/etc/apache2"
+CONF="$A2DIR/apache2.conf"
 CONFDIR="$A2DIR/conf.d"
-CONF="$CONFDIR/apache2.conf"
 A2MODEDIR="$A2DIR/mods-enabled"
 MODSECDIR="$A2DIR/mod-security"
 MODSECCONF="$MODSECDIR/mod-security-cn.conf"
-MODSECTDIR="/usr/share/mod-security-cn"
+MODSECRBL="$MODSECDIR/rbl_lookup.conf"
+MODSECLNK="$CONFDIR/$(basename $MODSECCONF)"
+MODSECTPL="/usr/share/mod-security-cn"
 
 temp_files=
 need_restart=0
@@ -78,31 +80,6 @@ chk_conf_tag () {
         fi
 }
 
-# install_conf()
-#
-#   Install specified ModSecurity configuration file.
-#
-install_conf () {
-
-        local conftmpl conf
-        conftmpl="$MODSECTDIR/$1"
-        conf="$MODSECDIR/$1"
-
-        if [ ! -e "$conf" ]; then
-            cp_echo "CN: Creating new configuration file $conf"
-            cp "$conftmpl" "$conf"
-            need_restart=1
-        else
-            if ! cmp -s "$conf" "$conftmpl"; then
-                cp_echo "CN: Updating configuration file $conf"
-                cp "$conftmpl" "$conf"
-                need_restart=1
-            else
-                cp_echo "CN: $conf already exists." 1>&2
-            fi
-        fi
-}
-
 
 # Set trap for deleting all temp files.
 #
@@ -147,42 +124,82 @@ if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
             mkdir -p $MODSECDIR/
         fi
 
-        install_conf "mod-security-cn.conf"
+        out=$(mktemp $MODSECCONF.XXXXXX)
+        temp_files="${temp_files} ${out}"
+        cp "$MODSECTPL/$(basename $MODSECCONF)" "$out"
 
         db_get mod-security-cn/rbl || true
         if [ "$RET" = "true" ]; then
 
-            cp_echo "CN: Enabling ModSecurity RBL lookup in $MODSECCONF"
-
             # Add RBL configuration.
-            chk_conf_tag "$MODSECDIR/rbl_lookup.conf"
+            chk_conf_tag "$MODSECRBL"
             if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
-                install_conf "rbl_lookup.conf"
+
+                if [ $RET -eq 1 ]; then
+                    cp_echo "CN: Creating new configuration file $MODSECRBL"
+                    cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
+                    need_restart=1
+                else
+                    if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then
+                        cp_echo "CN: Updating configuration file $MODSECRBL"
+                        cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
+                        need_restart=1
+                    fi
+                fi
             fi
-        else
 
-            cp_echo "CN: Disabling ModSecurity RBL lookup in $MODSECCONF"
+            cp_check_and_sed '#RBLLOOKUP#' \
+                "s,#RBLLOOKUP#,Include $MODSECRBL,g" \
+                "$out" || true
+
+            if [ -e "$MODSECCONF" ]; then
+                if ! cmp -s "$MODSECCONF" "$out"; then
+                    cp_echo "CN: Updating configuration file $MODSECCONF"
+                    mv -f "$out" "$MODSECCONF"
+                    cp_echo "CN: Enabled ModSecurity RBL lookup."
+                    need_restart=1
+                fi
+            else
+                cp_echo "CN: Creating new configuration file $MODSECCONF"
+                mv "$out" "$MODSECCONF"
+                cp_echo "CN: Enabled ModSecurity RBL lookup."
+                need_restart=1
+            fi
+        else
 
             # Remove RBL configuration.
-            out=$(mktemp $MODSECCONF.XXXXXX)
-            temp_files="${temp_files} ${out}"
-            sed -r "s/^([[:space:]]*)(Include[[:space:]]+\/etc\/apache2\/mod-security\/rbl_lookup\.conf)$/\1#\2/I" \
-                "$MODSECCONF" > "$out"
-            mv -f "$out" "$MODSECCONF"
-            if [ -f "$out" ]; then rm -f $out; fi
-
-            chk_conf_tag "$MODSECDIR/rbl_lookup.conf"
-            if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
-                rm -f "$MODSECDIR/rbl_lookup.conf"
+            cp_check_and_sed '#RBLLOOKUP#' \
+                "s,#RBLLOOKUP#,# DISABLED,g" \
+                "$out" || true
+
+            if [ -e "$MODSECCONF" ]; then
+                if ! cmp -s "$MODSECCONF" "$out"; then
+                    cp_echo "CN: Updating configuration file $MODSECCONF"
+                    mv -f "$out" "$MODSECCONF"
+                    cp_echo "CN: Disabled ModSecurity RBL lookup."
+                    need_restart=1
+                fi
+            else
+                cp_echo "CN: Creating new configuration file $MODSECCONF"
+                mv "$out" "$MODSECCONF"
+                cp_echo "CN: Disabled ModSecurity RBL lookup."
+                need_restart=1
             fi
 
-            need_restart=1
+            chk_conf_tag "$MODSECRBL"
+            if [ $RET -eq 0 ]; then
+                cp_echo "CN: Removing configuration file $MODSECRBL"
+                rm -f "$MODSECRBL"
+                need_restart=1
+            fi
         fi
 
+        if [ -f "$out" ]; then rm -f $out; fi
+
         # Enable ModSecurity configuration.
-        if [ ! -e "$CONFDIR/mod-security-cn.conf" ]; then
+        if [ ! -e "$MODSECLNK" ]; then
             cp_echo "CN: Enabling ModSecurity configuration."
-            ln -fs "$MODSECCONF" "$CONFDIR/."
+            ln -fs "$MODSECCONF" "$MODSECLNK"
             need_restart=1
         fi
 fi