2 # postinst script for bind9-cn
4 # see: dh_installdeb(1)
7 [ "$CARNET_SCRIPT_DEBUG" ] && set -vx
9 # summary of how this script can be called:
10 # * <postinst> `configure' <most-recently-configured-version>
11 # * <old-postinst> `abort-upgrade' <new version>
12 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
14 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
15 # <failed-install-package> <version> `removing'
16 # <conflicting-package> <version>
17 # for details, see http://www.debian.org/doc/debian-policy/ or
18 # the debian-policy package
22 configure|reconfigure)
32 . /usr/share/carnet-tools/functions.sh
34 CONF="/etc/fail2ban/jail.conf"
36 if [ -e "$CONF" ]; then
37 # enable ssh, pam-generic, sasl, proftpd and vsftpd service
38 echo "CN: Enabling SSH, PAM-generic, SASL and Dovecot support..."
39 perl -ne 'if (/^\[(ssh|pam-generic|sasl|dovecot)\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
40 cp_mv "$CONF.$$" "$CONF"
43 if [ -f /var/log/vsftpd.log ]; then
44 echo "CN: Enabling vsftpd support..."
45 perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
46 cp_mv "$CONF.$$" "$CONF"
49 echo "CN: Disabling vsftpd support..."
50 perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled = false/gi }; print $_' "$CONF" > "$CONF.$$" && \
51 cp_mv "$CONF.$$" "$CONF"
55 if [ -f /var/log/proftpd/proftpd.log ]; then
56 echo "CN: Enabling ProFTPD support..."
57 perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
58 cp_mv "$CONF.$$" "$CONF"
61 echo "CN: Disabling ProFTPD support..."
62 perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled = false/gi }; print $_' "$CONF" > "$CONF.$$" && \
63 cp_mv "$CONF.$$" "$CONF"
67 # postfix-sasl in jessie, not sasl anymore
68 cp_check_and_sed 'filter[ ]*=[ ]*sasl' \
69 's/^filter[ ]*=[ ]*sasl/filter = postfix-sasl/gi' \
70 "$CONF" && echo "CN: Fixing sasl to postfix-sasl..." || true
72 # add network address and class if needed
73 cp_get_netaddr || true
75 IGNOREIP=$(grep '^ignoreip' "$CONF")
76 if ! echo "$IGNOREIP" | grep -q "$NETADDR"; then
77 echo "CN: Enabling local IP ranges exclusion..."
78 cp_check_and_sed '^ignoreip' \
79 "s;^\(ignoreip.*\)$;\1 $NETADDR;g" "$CONF" || true
83 # restart the services
84 service fail2ban restart || exit $?
86 # dh_installdeb will replace this with shell code automatically
87 # generated by other debhelper scripts.