5 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
12 abort-upgrade|abort-remove|abort-deconfigure)
17 echo "postinst called with unknown argument \`$1'" >&2
24 . /usr/share/debconf/confmodule
26 # Include CARNet functions
27 . /usr/share/carnet-tools/functions.sh
31 CONFDIR="$A2DIR/conf.d"
32 A2MODEDIR="$A2DIR/mods-enabled"
33 MODSECCONF="$CONFDIR/mod-security-cn.conf"
34 MODSECCND="/usr/share/mod-security-cn"
35 GEOLOOKUPDB_URL="http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz"
36 GEOLOOKUPDB_DIR="/usr/share/GeoIP"
44 # Cleanup all temp files or directories.
50 if [ -n "$temp_files" ]; then
51 for item in $temp_files; do
52 if [ -e "$item" ]; then
61 # Check if configuration file has CARNet package info lines.
62 # return: $RET => 0 - tagged
63 # 1 - file does not exists
64 # 2 - file exists, but it is not tagged
72 if [ -f "$conf_file" ]; then
73 if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then
83 # Download GeoLookup database from maxmind.com
89 local db db_tmp db_tmp_dir db_error
91 db=$GEOLOOKUPDB_DIR/$(basename $GEOLOOKUPDB_URL .gz)
92 db_tmp_dir=$(mktemp -d /tmp/geolookupdb.tmp.XXXXXX)
93 temp_files="${temp_files} ${db_tmp_dir}"
96 echo -n "Attempting to download GeoLookup database for ModSecurity: "
98 if [ ! -d "$GEOLOOKUPDB_DIR" ]; then
99 mkdir -p $GEOLOOKUPDB_DIR/
102 /usr/bin/wget -o /dev/null -P $db_tmp_dir $GEOLOOKUPDB_URL || db_error=1
104 if [ $db_error -eq 1 ]; then
107 db_tmp=$(mktemp ${db}.XXXXXX)
108 temp_files="${temp_files} ${db_tmp}"
109 gunzip -c $db_tmp_dir/$(basename $GEOLOOKUPDB_URL) > $db_tmp
114 if [ -f "$db_tmp" ]; then rm -f $db_tmp; fi
117 if [ -d "$db_tmp_dir" ]; then rm -rf $db_tmp_dir; fi
123 # Set trap for deleting all temp files.
125 trap cleanup 0 1 2 15
128 # Enable ModSecurity and unique_id Apache2 modules.
130 if [ -e /etc/apache2/apache2.conf ]; then
132 # Enable mod-security.load
133 if [ ! -e "$A2MODEDIR/mod-security.load" ]; then
134 cp_echo "CN: Enabling ModSecurity module for Apache2 web server."
135 a2enmod mod-security >/dev/null || true
139 # Enable unique_id.load
140 if [ ! -e "$A2MODEDIR/unique_id.load" ]; then
141 a2enmod unique_id >/dev/null || true
142 cp_echo "CN: Enabling unique_id module for Apache2 web server."
148 # Generate ModSecurity configuration file and activate RBL lookup
149 # for ModSecurity if needed.
151 chk_conf_tag "$MODSECCONF"
152 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
154 # Create /etc/apache2/conf.d/ directory if missing.
155 if [ ! -d "$CONFDIR" ]; then
156 cp_echo "CN: Creating configuration directory $CONFDIR"
160 # Enable mod-security-cn.conf
161 if [ ! -e "$MODSECCONF" ]; then
162 cp_echo "CN: Enabling ModSecurity specific configuration."
166 out=$(mktemp $MODSECCONF.XXXXXX)
167 temp_files="${temp_files} ${out}"
168 cp "$MODSECCND/mod-security-cn.conf" "$out"
170 # GeoLookup database.
171 if [ -n "$2" ] || [ ! -e "$GEOLOOKUPDB_DIR/$(basename $GEOLOOKUPDB_URL .gz)" ]; then
174 if [ $RET -eq 1 ]; then
175 db_set mod-security-cn/rbl false || true
176 db_fset mod-security-cn/rbl seen true
180 db_get mod-security-cn/rbl || true
181 if [ "$RET" = "true" ]; then
183 # Add RBL configuration.
184 cp_echo "CN: Enabling RBL lookup in $MODSECCONF."
185 cat $MODSECCND/rbl_lookup.conf >> $out
189 # Remove RBL configuration.
190 cp_echo "CN: Disabling RBL lookup in $MODSECCONF."
194 # Update mod-security-cn.conf configuration file.
195 if ! cmp -s "$MODSECCONF" "$out"; then
196 cp_mv "$out" "$MODSECCONF"
200 if [ -f "$out" ]; then rm -f $out; fi
206 # Restart Apache2 web server if needed.
208 if [ $need_restart -eq 1 ]; then
210 # Check Apache2 web server configuration.
211 if /usr/sbin/apache2ctl configtest 2>/dev/null; then
213 # Restart Apache2 web server.
214 if [ -x "/etc/init.d/apache2" ]; then
215 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
216 invoke-rc.d apache2 restart || true
218 /etc/init.d/apache2 restart || true
223 # Something is broken.
224 cp_echo "CN: Your Apache2 configuration is broken."
225 cp_echo "CN: Please, check the service after the installation finishes!"