#!/bin/sh set -e [ "$1" = "configure" ] || exit 0 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx # Load CARNET Tools . /usr/share/carnet-tools/functions.sh PKG=xinetd-cn CONF=/etc/xinetd.conf INETDCONF=/etc/inetd.conf DEFAULT=/etc/default/xinetd BACKUPDIR=/var/backups/xinetd-cn XCONV_TOOL=/usr/bin/xconv.pl need_restart=0 temp_files= xinetd_conf_did=0 # cleanup() # # Cleanup all temp files. # cleanup () { local item if [ -n "$temp_files" ]; then for item in $temp_files; do if [ -e "$item" ]; then rm -f $item fi done fi } # backup_and_disable_service() # # Backup and disable service with invalid configuration. # Arguments: service, services_file # backup_and_disable_service () { local serv servfile out serv="$1" servfile="$2" if cp_backup_conffile -r -d $BACKUPDIR -p /etc/xinetd.d/$servfile; then cp_echo "CN: Old /etc/xinetd.d/$servfile saved as $BACKUPDIR/`basename /etc/xinetd.d/$servfile`.bak." fi cp_echo "CN: Disabling service '$serv' in configuration file /etc/xinetd.d/$servfile." out=`mktemp /etc/xinetd.d/$servfile.tmp.XXXXXX` temp_files="$temp_files $out" sed -r "/^[[:space:]]*service[[:space:]]+$serv[[:space:]]*$/,/^}/ s/^(.*)/#\1/" \ /etc/xinetd.d/$servfile > $out rm -f /etc/xinetd.d/$servfile mv "$out" "/etc/xinetd.d/$servfile" chmod 644 "/etc/xinetd.d/$servfile" } # Set trap for deleting all temp files. # trap cleanup 0 1 2 15 # First, we do backup (inetd, xinetd) # if [ -f "$INETDCONF" ]; then if cp_backup_conffile -r -d $BACKUPDIR -p $INETDCONF; then cp_echo "CN: Old $INETDCONF saved as $BACKUPDIR/`basename $INETDCONF`.bak." fi fi if [ -f "$CONF" ]; then if cp_backup_conffile -r -d $BACKUPDIR -p $CONF; then cp_echo "CN: Old $CONF saved as $BACKUPDIR/`basename $CONF`.bak." fi fi CONFTMP=`mktemp $CONF.tmp.XXXXXX` temp_files="$CONFTMP" if [ -f "$INETDCONF" ]; then # Convert inetd.conf to temporary xinetd.conf file using xconv.pl tool egrep -v "^##" $INETDCONF | $XCONV_TOOL > $CONFTMP || true fi # Parse /etc/xinetd.conf file and convert services' configuration to # separated configurations in /etc/xinetd.d/ directory # conffile_list="$CONFTMP" if [ -f "$CONF" ]; then if egrep -q "^[[:space:]]*service[[:space:]]+" "$CONF"; then conffile_list="$CONF $conffile_list" xinetd_conf_did=1 fi fi services_list="`sed -nr 's/^[[:space:]]*service[[:space:]]+//p' $conffile_list | uniq`" if [ -n "$services_list" ]; then for service in $services_list; do if [ -f "/etc/xinetd.d/$service" ]; then if cp_backup_conffile -r -d $BACKUPDIR -p /etc/xinetd.d/$service; then cp_echo "CN: Old /etc/xinetd.d/$service saved as $BACKUPDIR/`basename /etc/xinetd.d/$service`.bak." fi rm -f /etc/xinetd.d/$service fi touch /etc/xinetd.d/$service || true # cat "$CONF" "$CONFTMP" | sed -n "/^service $service/,/^}/p" | cp-update "$PKG" "/etc/xinetd.d/$service" sed -rn "/^[[:space:]]*service[[:space:]]+$service[[:space:]]*$/,/^}/p" \ $conffile_list >> "/etc/xinetd.d/$service" need_restart=1 done if egrep -q "^[[:space:]]*service[[:space:]]+" "$CONFTMP"; then cp_echo "CN: All services were converted from $INETDCONF file to separated" cp_echo "CN: configuration files located in /etc/xinetd.d/ directory." fi if [ $xinetd_conf_did -eq 1 ]; then cp_echo "CN: All services were converted from $CONF file to separated" cp_echo "CN: configuration files located in /etc/xinetd.d/ directory." fi fi rm -f $CONFTMP # Configuration file /etc/xinetd.conf does not exist? # if [ ! -f "$CONF" ]; then touch "$CONF" fi CONF_CONTENT= # Remove services from /etc/xinetd.conf file # cp_check_and_sed "^[[:space:]]*service[[:space:]]+" \ "/^[[:space:]]*service[[:space:]]/,/^}/d" \ "$CONF" && need_restart=1 || true # Check if there is no defaults block in /etc/xinetd.conf # if ! egrep -q '^defaults' "$CONF"; then cp_echo "CN: Adding defaults block to $CONF" CONF_CONTENT="defaults { }" fi # Check if /etc/xinetd.d/ directory is included or not # if ! egrep -q '^includedir /etc/xinetd.d' "$CONF"; then cp_echo "CN: Adding \"includedir /etc/xinetd.d\" line to $CONF" CONF_CONTENT="$CONF_CONTENT includedir /etc/xinetd.d" fi if [ -n "$CONF_CONTENT" ]; then echo "$CONF_CONTENT" | cp-update -m "$PKG" "$CONF" need_restart=1 fi # Validate services' configuration. # services_file_list="`ls -1 /etc/xinetd.d/`" if [ -n "$services_file_list" ]; then for services_file in $services_file_list; do # Get services list from $services_file services_list="`sed -rn "s/^[[:space:]]*service[[:space:]]+(.*)[[:space:]]*$/\1/p" /etc/xinetd.d/$services_file`" if [ -n "$services_list" ]; then for service in $services_list; do service_disable=0 service_block="`sed -rn "/^[[:space:]]*service[[:space:]]+$service[[:space:]]*$/,/^}/p" /etc/xinetd.d/$services_file`" # Check service's user service_user="`echo "$service_block" | sed -nr "s/^[[:space:]]*user[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`" if [ -n "$service_user" ]; then for service_user_x in $service_user; do service_user_chk="`getent passwd $service_user_x`" || true if [ -z "$service_user_chk" ]; then cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - user '$service_user_x' does not exist." service_disable=1 break fi done fi # Check service's group service_group="`echo "$service_block" | sed -nr "s/^[[:space:]]*group[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`" if [ -n "$service_group" ]; then for service_group_x in $service_group; do service_group_chk="`getent passwd $service_group_x`" || true if [ -z "$service_group_chk" ]; then cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - group '$service_group_x' does not exist." service_disable=1 break fi done fi # Check service's binary service_server="`echo "$service_block" | sed -nr "s/^[[:space:]]*server[[:space:]]*=[[:space:]]*(.*)[[:space:]]*$/\1/p"`" if [ -n "$service_server" ]; then for service_server_x in $service_server; do if [ ! -x "$service_server_x" ]; then cp_echo "CN: Error in /etc/xinetd.d/$services_file for service '$service' - server '$service_server_x' does not exist." service_disable=1 break fi done fi if [ $service_disable -eq 1 ]; then backup_and_disable_service "$service" "$services_file" need_restart=1 fi done fi done fi # Remove -inetd_compat option and set INETD_COMPAT to 'No' in /etc/default/xinetd # if [ -f "$DEFAULT" ]; then # File exists, set INETD_COMPAT to 'No' cp_check_and_sed "^[[:space:]]*INETD_COMPAT.*[Yy][Ee][Ss]" \ "s/^[[:space:]]*INETD_COMPAT.*[Yy][Ee][Ss]/INETD_COMPAT=No/g" \ "$DEFAULT" && need_restart=1 || true # File exists, remove -inetd_compat option cp_check_and_sed "^[[:space:]]*XINETD_OPTS.*\-inetd_compat" \ "s/\-inetd_compat//g" \ "$DEFAULT" && need_restart=1 || true # No INETD_COMPAT line? if ! egrep -q '^[[:space:]]*INETD_COMPAT' "$DEFAULT"; then echo 'INETD_COMPAT=No' | cp-update -m "$PKG" "$DEFAULT" cp_echo "CN: Added 'INETD_COMPAT=No' to $DEFAULT." need_restart=1 fi # Just in case there is no active XINETD_OPTS line if ! egrep -q '^[[:space:]]*XINETD_OPTS' "$DEFAULT"; then echo 'XINETD_OPTS="-stayalive"' | cp-update -m "$PKG" "$DEFAULT" cp_echo "CN: Added -stayalive option to $DEFAULT." need_restart=1 fi else # File wasn't there at all? touch "$DEFAULT" cp-update "$PKG" "$DEFAULT" <