5 [ "$1" = "configure" ] || exit 0
6 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
9 . /usr/share/debconf/confmodule
12 . /usr/share/carnet-tools/functions.sh
16 CONF="$A2DIR/apache2.conf"
17 CONFDIR="$A2DIR/conf-available"
18 MODSECDIR="$A2DIR/mod-security"
19 MODSECCONF="$MODSECDIR/mod-security-cn.conf"
20 MODSECRBL="$MODSECDIR/rbl_lookup.conf"
21 MODSECLNK="$CONFDIR/security2-cn.conf"
22 MODSECTPL="/usr/share/mod-security-cn"
27 if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
28 . /usr/share/apache2/apache2-maintscript-helper
30 modsecurity_enable() {
34 cp_echo "CN: Could not load Apache 2.4 maintainer script helper."
36 modsecurity_enable() {
43 # Cleanup all temp files or directories.
48 if [ -n "$temp_files" ]; then
49 for item in $temp_files; do
50 if [ -e "$item" ]; then
59 # Check if configuration file has CARNET package info lines.
60 # return: $RET => 0 - tagged
61 # 1 - file does not exists
62 # 2 - file exists, but it is not tagged
69 if [ -f "$conf_file" ]; then
70 if egrep -q "^## Begin - Generated by CARNET package mod-security-cn$" "$conf_file"; then
79 # Set trap for deleting all temp files.
84 # Enable ModSecurity and unique_id Apache2 modules.
86 if modsecurity_enable; then
87 apache2_invoke enmod security2
91 # Remove obsolete symbolic link.
93 if [ "`readlink -q -m /etc/apache2/conf.d/$PKG.conf`" = "$MODSECCONF" ]; then
94 rm -f /etc/apache2/conf.d/$PKG.conf
98 # Generate ModSecurity configuration files and activate RBL lookup
99 # for ModSecurity if needed.
101 chk_conf_tag "$MODSECCONF"
102 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
104 # Create /etc/apache2/conf-available/ directory if missing.
105 if [ ! -d "$CONFDIR" ]; then
106 cp_echo "CN: Creating configuration directory $CONFDIR/"
110 # Create /etc/apache2/mod-security/ directory if missing.
111 if [ ! -d "$MODSECDIR" ]; then
112 cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/"
116 out=$(mktemp $MODSECCONF.XXXXXX)
117 temp_files="${temp_files} ${out}"
119 db_get mod-security-cn/rbl || true
120 if [ "$RET" = "true" ]; then
122 # Add RBL configuration.
123 chk_conf_tag "$MODSECRBL"
124 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
126 if [ $RET -eq 1 ]; then
127 cp_echo "CN: Creating configuration file $MODSECRBL"
128 cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
130 if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then
131 cp_echo "CN: Updating configuration file $MODSECRBL"
132 cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
137 sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \
138 "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
140 if [ -e "$MODSECCONF" ]; then
141 if ! cmp -s "$MODSECCONF" "$out"; then
142 cp_echo "CN: Updating configuration file $MODSECCONF"
143 mv -f "$out" "$MODSECCONF"
144 cp_echo "CN: Enabled ModSecurity RBL lookup."
147 cp_echo "CN: Creating configuration file $MODSECCONF"
148 mv "$out" "$MODSECCONF"
149 cp_echo "CN: Enabled ModSecurity RBL lookup."
153 # Remove RBL configuration.
154 sed "s,#RBLLOOKUP#,# DISABLED,g" \
155 "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
157 if [ -e "$MODSECCONF" ]; then
158 if ! cmp -s "$MODSECCONF" "$out"; then
159 cp_echo "CN: Updating configuration file $MODSECCONF"
160 mv -f "$out" "$MODSECCONF"
161 cp_echo "CN: Disabled ModSecurity RBL lookup."
164 cp_echo "CN: Creating configuration file $MODSECCONF"
165 mv "$out" "$MODSECCONF"
166 cp_echo "CN: Disabled ModSecurity RBL lookup."
169 chk_conf_tag "$MODSECRBL"
170 if [ $RET -eq 0 ]; then
171 cp_echo "CN: Removing configuration file $MODSECRBL"
176 if [ -f "$out" ]; then rm -f $out; fi
180 # Enable ModSecurity configuration.
182 if [ ! -e "$MODSECLNK" ]; then
183 ln -fs "$MODSECCONF" "$MODSECLNK"
185 if modsecurity_enable; then
186 cp_echo "CN: Enabling $PKG configuration for Apache2."
187 apache2_invoke enconf security2-cn
192 if ! apache2ctl configtest >/dev/null 2>&1; then
193 cp_echo "CN: Your Apache2 configuration seems to be broken."
194 cp_echo "CN: Please, check the service after the installation finishes!"