PKG="mod-security-cn"
A2DIR="/etc/apache2"
+CONF="$A2DIR/apache2.conf"
CONFDIR="$A2DIR/conf.d"
-CONF="$CONFDIR/apache2.conf"
A2MODEDIR="$A2DIR/mods-enabled"
MODSECDIR="$A2DIR/mod-security"
MODSECCONF="$MODSECDIR/mod-security-cn.conf"
-MODSECTDIR="/usr/share/mod-security-cn"
+MODSECRBL="$MODSECDIR/rbl_lookup.conf"
+MODSECLNK="$CONFDIR/$(basename $MODSECCONF)"
+MODSECTPL="/usr/share/mod-security-cn"
temp_files=
need_restart=0
fi
}
-# install_conf()
-#
-# Install specified ModSecurity configuration file.
-#
-install_conf () {
-
- local conftmpl conf
- conftmpl="$MODSECTDIR/$1"
- conf="$MODSECDIR/$1"
-
- if [ ! -e "$conf" ]; then
- cp_echo "CN: Creating new configuration file $conf"
- cp "$conftmpl" "$conf"
- need_restart=1
- else
- if ! cmp -s "$conf" "$conftmpl"; then
- cp_echo "CN: Updating configuration file $conf"
- cp "$conftmpl" "$conf"
- need_restart=1
- else
- cp_echo "CN: $conf already exists." 1>&2
- fi
- fi
-}
-
# Set trap for deleting all temp files.
#
mkdir -p $MODSECDIR/
fi
- install_conf "mod-security-cn.conf"
+ out=$(mktemp $MODSECCONF.XXXXXX)
+ temp_files="${temp_files} ${out}"
+ cp "$MODSECTPL/$(basename $MODSECCONF)" "$out"
db_get mod-security-cn/rbl || true
if [ "$RET" = "true" ]; then
- cp_echo "CN: Enabling ModSecurity RBL lookup in $MODSECCONF"
-
# Add RBL configuration.
- chk_conf_tag "$MODSECDIR/rbl_lookup.conf"
+ chk_conf_tag "$MODSECRBL"
if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
- install_conf "rbl_lookup.conf"
+
+ if [ $RET -eq 1 ]; then
+ cp_echo "CN: Creating new configuration file $MODSECRBL"
+ cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
+ need_restart=1
+ else
+ if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then
+ cp_echo "CN: Updating configuration file $MODSECRBL"
+ cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL"
+ need_restart=1
+ fi
+ fi
fi
- else
- cp_echo "CN: Disabling ModSecurity RBL lookup in $MODSECCONF"
+ cp_check_and_sed '#RBLLOOKUP#' \
+ "s,#RBLLOOKUP#,Include $MODSECRBL,g" \
+ "$out" || true
+
+ if [ -e "$MODSECCONF" ]; then
+ if ! cmp -s "$MODSECCONF" "$out"; then
+ cp_echo "CN: Updating configuration file $MODSECCONF"
+ mv -f "$out" "$MODSECCONF"
+ cp_echo "CN: Enabled ModSecurity RBL lookup."
+ need_restart=1
+ fi
+ else
+ cp_echo "CN: Creating new configuration file $MODSECCONF"
+ mv "$out" "$MODSECCONF"
+ cp_echo "CN: Enabled ModSecurity RBL lookup."
+ need_restart=1
+ fi
+ else
# Remove RBL configuration.
- out=$(mktemp $MODSECCONF.XXXXXX)
- temp_files="${temp_files} ${out}"
- sed -r "s/^([[:space:]]*)(Include[[:space:]]+\/etc\/apache2\/mod-security\/rbl_lookup\.conf)$/\1#\2/I" \
- "$MODSECCONF" > "$out"
- mv -f "$out" "$MODSECCONF"
- if [ -f "$out" ]; then rm -f $out; fi
-
- chk_conf_tag "$MODSECDIR/rbl_lookup.conf"
- if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then
- rm -f "$MODSECDIR/rbl_lookup.conf"
+ cp_check_and_sed '#RBLLOOKUP#' \
+ "s,#RBLLOOKUP#,# DISABLED,g" \
+ "$out" || true
+
+ if [ -e "$MODSECCONF" ]; then
+ if ! cmp -s "$MODSECCONF" "$out"; then
+ cp_echo "CN: Updating configuration file $MODSECCONF"
+ mv -f "$out" "$MODSECCONF"
+ cp_echo "CN: Disabled ModSecurity RBL lookup."
+ need_restart=1
+ fi
+ else
+ cp_echo "CN: Creating new configuration file $MODSECCONF"
+ mv "$out" "$MODSECCONF"
+ cp_echo "CN: Disabled ModSecurity RBL lookup."
+ need_restart=1
fi
- need_restart=1
+ chk_conf_tag "$MODSECRBL"
+ if [ $RET -eq 0 ]; then
+ cp_echo "CN: Removing configuration file $MODSECRBL"
+ rm -f "$MODSECRBL"
+ need_restart=1
+ fi
fi
+ if [ -f "$out" ]; then rm -f $out; fi
+
# Enable ModSecurity configuration.
- if [ ! -e "$CONFDIR/mod-security-cn.conf" ]; then
+ if [ ! -e "$MODSECLNK" ]; then
cp_echo "CN: Enabling ModSecurity configuration."
- ln -fs "$MODSECCONF" "$CONFDIR/."
+ ln -fs "$MODSECCONF" "$MODSECLNK"
need_restart=1
fi
fi