5 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
12 abort-upgrade|abort-remove|abort-deconfigure)
17 echo "postinst called with unknown argument \`$1'" >&2
24 . /usr/share/debconf/confmodule
26 # Include CARNet functions
27 . /usr/share/carnet-tools/functions.sh
31 CONF="$A2DIR/apache2.conf"
32 CONFDIR="$A2DIR/conf-available"
33 MODSECDIR="$A2DIR/mod-security"
34 MODSECCONF="$MODSECDIR/mod-security-cn.conf"
35 MODSECRBL="$MODSECDIR/rbl_lookup.conf"
36 MODSECLNK="$CONFDIR/security2-cn.conf"
37 MODSECTPL="/usr/share/mod-security-cn"
42 if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
43 . /usr/share/apache2/apache2-maintscript-helper
45 modsecurity_enable() {
49 cp_echo "CN: Could not load Apache 2.4 maintainer script helper."
51 modsecurity_enable() {
58 # Cleanup all temp files or directories.
63 if [ -n "$temp_files" ]; then
64 for item in $temp_files; do
65 if [ -e "$item" ]; then
74 # Check if configuration file has CARNet package info lines.
75 # return: $RET => 0 - tagged
76 # 1 - file does not exists
77 # 2 - file exists, but it is not tagged
84 if [ -f "$conf_file" ]; then
85 if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then
94 # Set trap for deleting all temp files.
99 # Enable ModSecurity and unique_id Apache2 modules.
101 if modsecurity_enable; then
102 apache2_invoke enmod security2
106 # Remove obsolete symbolic link.
108 if [ "`readlink -q -m /etc/apache2/conf.d/$PKG.conf`" = "$MODSECCONF" ]; then
109 rm -f /etc/apache2/conf.d/$PKG.conf
113 # Generate ModSecurity configuration files and activate RBL lookup
114 # for ModSecurity if needed.
116 chk_conf_tag "$MODSECCONF"
117 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
119 # Create /etc/apache2/conf-available/ directory if missing.
120 if [ ! -d "$CONFDIR" ]; then
121 cp_echo "CN: Creating configuration directory $CONFDIR/"
125 # Create /etc/apache2/mod-security/ directory if missing.
126 if [ ! -d "$MODSECDIR" ]; then
127 cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/"
131 out=$(mktemp $MODSECCONF.XXXXXX)
132 temp_files="${temp_files} ${out}"
134 db_get mod-security-cn/rbl || true
135 if [ "$RET" = "true" ]; then
137 # Add RBL configuration.
138 chk_conf_tag "$MODSECRBL"
139 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
141 if [ $RET -eq 1 ]; then
142 cp_echo "CN: Creating configuration file $MODSECRBL"
143 cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
145 if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then
146 cp_echo "CN: Updating configuration file $MODSECRBL"
147 cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
152 sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \
153 "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
155 if [ -e "$MODSECCONF" ]; then
156 if ! cmp -s "$MODSECCONF" "$out"; then
157 cp_echo "CN: Updating configuration file $MODSECCONF"
158 mv -f "$out" "$MODSECCONF"
159 cp_echo "CN: Enabled ModSecurity RBL lookup."
162 cp_echo "CN: Creating configuration file $MODSECCONF"
163 mv "$out" "$MODSECCONF"
164 cp_echo "CN: Enabled ModSecurity RBL lookup."
168 # Remove RBL configuration.
169 sed "s,#RBLLOOKUP#,# DISABLED,g" \
170 "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
172 if [ -e "$MODSECCONF" ]; then
173 if ! cmp -s "$MODSECCONF" "$out"; then
174 cp_echo "CN: Updating configuration file $MODSECCONF"
175 mv -f "$out" "$MODSECCONF"
176 cp_echo "CN: Disabled ModSecurity RBL lookup."
179 cp_echo "CN: Creating configuration file $MODSECCONF"
180 mv "$out" "$MODSECCONF"
181 cp_echo "CN: Disabled ModSecurity RBL lookup."
184 chk_conf_tag "$MODSECRBL"
185 if [ $RET -eq 0 ]; then
186 cp_echo "CN: Removing configuration file $MODSECRBL"
191 if [ -f "$out" ]; then rm -f $out; fi
195 # Enable ModSecurity configuration.
197 if [ ! -e "$MODSECLNK" ]; then
198 ln -fs "$MODSECCONF" "$MODSECLNK"
200 if modsecurity_enable; then
201 cp_echo "CN: Enabling $PKG configuration for Apache2."
202 apache2_invoke enconf security2-cn
207 if ! apache2ctl configtest >/dev/null 2>&1; then
208 cp_echo "CN: Your Apache2 configuration seems to be broken."
209 cp_echo "CN: Please, check the service after the installation finishes!"