5 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
12 abort-upgrade|abort-remove|abort-deconfigure)
17 echo "postinst called with unknown argument \`$1'" >&2
24 . /usr/share/debconf/confmodule
26 # Include CARNet functions
27 . /usr/share/carnet-tools/functions.sh
31 CONFDIR="$A2DIR/conf.d"
32 CONF="$CONFDIR/apache2.conf"
33 A2MODEDIR="$A2DIR/mods-enabled"
34 MODSECDIR="$A2DIR/mod-security"
35 MODSECCONF="$MODSECDIR/mod-security-cn.conf"
36 MODSECTDIR="/usr/share/mod-security-cn"
44 # Cleanup all temp files or directories.
50 if [ -n "$temp_files" ]; then
51 for item in $temp_files; do
52 if [ -e "$item" ]; then
61 # Check if configuration file has CARNet package info lines.
62 # return: $RET => 0 - tagged
63 # 1 - file does not exists
64 # 2 - file exists, but it is not tagged
72 if [ -f "$conf_file" ]; then
73 if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then
83 # Install specified ModSecurity configuration file.
88 conftmpl="$MODSECTDIR/$1"
91 if [ ! -e "$conf" ]; then
92 cp_echo "CN: Creating new configuration file $conf"
93 cp "$conftmpl" "$conf"
96 if ! cmp -s "$conf" "$conftmpl"; then
97 cp_echo "CN: Updating configuration file $conf"
98 cp "$conftmpl" "$conf"
101 cp_echo "CN: $conf already exists." 1>&2
107 # Set trap for deleting all temp files.
109 trap cleanup 0 1 2 15
112 # Enable ModSecurity and unique_id Apache2 modules.
114 if [ -e "$CONF" ]; then
116 # Enable mod-security.load
117 if [ ! -e "$A2MODEDIR/mod-security.load" ]; then
118 cp_echo "CN: Enabling ModSecurity module for Apache2 web server."
119 a2enmod mod-security >/dev/null || true
123 # Enable unique_id.load
124 if [ ! -e "$A2MODEDIR/unique_id.load" ]; then
125 cp_echo "CN: Enabling unique_id module for Apache2 web server."
126 a2enmod unique_id >/dev/null || true
132 # Generate ModSecurity configuration file and activate RBL lookup
133 # for ModSecurity if needed.
135 chk_conf_tag "$MODSECCONF"
136 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
138 # Create /etc/apache2/conf.d/ directory if missing.
139 if [ ! -d "$CONFDIR" ]; then
140 cp_echo "CN: Creating configuration directory $CONFDIR/"
144 # Create /etc/apache2/mod-security/ directory if missing.
145 if [ ! -d "$MODSECDIR" ]; then
146 cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/"
150 install_conf "mod-security-cn.conf"
152 db_get mod-security-cn/rbl || true
153 if [ "$RET" = "true" ]; then
155 cp_echo "CN: Enabling ModSecurity RBL lookup in $MODSECCONF"
157 # Add RBL configuration.
158 chk_conf_tag "$MODSECDIR/rbl_lookup.conf"
159 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
160 install_conf "rbl_lookup.conf"
164 cp_echo "CN: Disabling ModSecurity RBL lookup in $MODSECCONF"
166 # Remove RBL configuration.
167 out=$(mktemp $MODSECCONF.XXXXXX)
168 temp_files="${temp_files} ${out}"
169 sed -r "s/^([[:space:]]*)(Include[[:space:]]+\/etc\/apache2\/mod-security\/rbl_lookup\.conf)$/\1#\2/I" \
170 "$MODSECCONF" > "$out"
171 mv -f "$out" "$MODSECCONF"
172 if [ -f "$out" ]; then rm -f $out; fi
174 chk_conf_tag "$MODSECDIR/rbl_lookup.conf"
175 if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
176 rm -f "$MODSECDIR/rbl_lookup.conf"
182 # Enable ModSecurity configuration.
183 if [ ! -e "$CONFDIR/mod-security-cn.conf" ]; then
184 cp_echo "CN: Enabling ModSecurity configuration."
185 ln -fs "$MODSECCONF" "$CONFDIR/."
193 # Restart Apache2 web server if needed.
195 if [ $need_restart -eq 1 ]; then
197 # Check Apache2 web server configuration.
198 if /usr/sbin/apache2ctl configtest 2>/dev/null; then
200 # Restart Apache2 web server.
201 if [ -x "/etc/init.d/apache2" ]; then
202 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
203 invoke-rc.d apache2 restart || true
205 /etc/init.d/apache2 restart || true
210 # Something is broken.
211 cp_echo "CN: Your Apache2 configuration is broken."
212 cp_echo "CN: Please, check the service after the installation finishes!"