5 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
12 abort-upgrade|abort-remove|abort-deconfigure)
17 echo "postinst called with unknown argument \`$1'" >&2
24 . /usr/share/debconf/confmodule
26 # Include CARNet functions
27 . /usr/share/carnet-tools/functions.sh
31 CONF="$A2DIR/apache2.conf"
32 CONFDIR="$A2DIR/conf.d"
33 A2MODEDIR="$A2DIR/mods-enabled"
34 MODSECDIR="$A2DIR/mod-security"
35 MODSECCONF="$MODSECDIR/mod-security-cn.conf"
36 MODSECRBL="$MODSECDIR/rbl_lookup.conf"
37 MODSECLNK="$CONFDIR/$(basename $MODSECCONF)"
38 MODSECTPL="/usr/share/mod-security-cn"
46 # Cleanup all temp files or directories.
52 if [ -n "$temp_files" ]; then
53 for item in $temp_files; do
54 if [ -e "$item" ]; then
63 # Check if configuration file has CARNet package info lines.
64 # return: $RET => 0 - tagged
65 # 1 - file does not exists
66 # 2 - file exists, but it is not tagged
74 if [ -f "$conf_file" ]; then
75 if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then
84 # Set trap for deleting all temp files.
89 # Enable ModSecurity and unique_id Apache2 modules.
91 if [ -e "$CONF" ]; then
93 # Enable mod-security.load
94 if [ ! -e "$A2MODEDIR/mod-security.load" ]; then
95 cp_echo "CN: Enabling ModSecurity module for Apache2 web server."
96 a2enmod mod-security >/dev/null || true
100 # Enable unique_id.load
101 if [ ! -e "$A2MODEDIR/unique_id.load" ]; then
102 cp_echo "CN: Enabling unique_id module for Apache2 web server."
103 a2enmod unique_id >/dev/null || true
109 # Generate ModSecurity configuration files and activate RBL lookup
110 # for ModSecurity if needed.
112 chk_conf_tag "$MODSECCONF"
113 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
115 # Create /etc/apache2/conf.d/ directory if missing.
116 if [ ! -d "$CONFDIR" ]; then
117 cp_echo "CN: Creating configuration directory $CONFDIR/"
121 # Create /etc/apache2/mod-security/ directory if missing.
122 if [ ! -d "$MODSECDIR" ]; then
123 cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/"
127 out=$(mktemp $MODSECCONF.XXXXXX)
128 temp_files="${temp_files} ${out}"
130 db_get mod-security-cn/rbl || true
131 if [ "$RET" = "true" ]; then
133 # Add RBL configuration.
134 chk_conf_tag "$MODSECRBL"
135 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
137 if [ $RET -eq 1 ]; then
138 cp_echo "CN: Creating configuration file $MODSECRBL"
139 cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
142 if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then
143 cp_echo "CN: Updating configuration file $MODSECRBL"
144 cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
150 sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \
151 "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
153 if [ -e "$MODSECCONF" ]; then
154 if ! cmp -s "$MODSECCONF" "$out"; then
155 cp_echo "CN: Updating configuration file $MODSECCONF"
156 mv -f "$out" "$MODSECCONF"
157 cp_echo "CN: Enabled ModSecurity RBL lookup."
161 cp_echo "CN: Creating configuration file $MODSECCONF"
162 mv "$out" "$MODSECCONF"
163 cp_echo "CN: Enabled ModSecurity RBL lookup."
168 # Remove RBL configuration.
169 sed "s,#RBLLOOKUP#,# DISABLED,g" \
170 "$MODSECTPL/$(basename $MODSECCONF)" > "$out"
172 if [ -e "$MODSECCONF" ]; then
173 if ! cmp -s "$MODSECCONF" "$out"; then
174 cp_echo "CN: Updating configuration file $MODSECCONF"
175 mv -f "$out" "$MODSECCONF"
176 cp_echo "CN: Disabled ModSecurity RBL lookup."
180 cp_echo "CN: Creating configuration file $MODSECCONF"
181 mv "$out" "$MODSECCONF"
182 cp_echo "CN: Disabled ModSecurity RBL lookup."
186 chk_conf_tag "$MODSECRBL"
187 if [ $RET -eq 0 ]; then
188 cp_echo "CN: Removing configuration file $MODSECRBL"
194 if [ -f "$out" ]; then rm -f $out; fi
196 # Enable ModSecurity configuration.
197 if [ ! -e "$MODSECLNK" ]; then
198 cp_echo "CN: Enabling ModSecurity configuration."
199 ln -fs "$MODSECCONF" "$MODSECLNK"
207 # Restart Apache2 web server if needed.
209 if [ $need_restart -eq 1 ]; then
211 # Check Apache2 web server configuration.
212 if /usr/sbin/apache2ctl configtest 2>/dev/null; then
214 # Restart Apache2 web server.
215 if [ -x "/etc/init.d/apache2" ]; then
216 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
217 invoke-rc.d apache2 restart || true
219 /etc/init.d/apache2 restart || true
224 # Something is broken.
225 cp_echo "CN: Your Apache2 configuration is broken."
226 cp_echo "CN: Please, check the service after the installation finishes!"