mirror of https://github.com/fail2ban/fail2ban
99 lines
3.2 KiB
Bash
Executable File
99 lines
3.2 KiB
Bash
Executable File
#! /bin/sh
|
|
# postinst script for fail2ban
|
|
#
|
|
# see: dh_installdeb(1)
|
|
|
|
set -e
|
|
|
|
# summary of how this script can be called:
|
|
# * <postinst> `configure' <most-recently-configured-version>
|
|
# * <old-postinst> `abort-upgrade' <new version>
|
|
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
|
|
# <new-version>
|
|
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
|
|
# <failed-install-package> <version> `removing'
|
|
# <conflicting-package> <version>
|
|
# for details, see http://www.debian.org/doc/debian-policy/ or
|
|
# the debian-policy package
|
|
#
|
|
preversion=$2
|
|
|
|
case "$1" in
|
|
configure)
|
|
# To fix the bug in generated by previous version files permissions
|
|
# also closes #352053
|
|
|
|
LOG=/var/log/fail2ban.log
|
|
touch $LOG
|
|
chown root:adm ${LOG}*
|
|
chmod 640 ${LOG}*
|
|
|
|
# Note regarding changed configuration file
|
|
# Note regarding changed configuration file
|
|
if [ ! -z $preversion ]; then
|
|
if dpkg --compare-versions $preversion lt 0.7.1-1; then
|
|
cat <<EOF
|
|
WARNING!
|
|
|
|
Fail2ban 0.7 is a complete rewrite of the 0.6 version, and if you
|
|
customized any of provided configuration or startup files
|
|
(/etc/default/fail2ban, /etc/fail2ban.conf, /etc/init.d/fail2ban), please
|
|
read relevant entry in /usr/share/doc/fail2ban/NEWS.Debian.gz.
|
|
|
|
EOF
|
|
fi
|
|
if dpkg --compare-versions $preversion lt 0.5.4-5.14; then
|
|
cat <<EOF
|
|
WARNING!
|
|
|
|
Configuration file /etc/fail2ban.conf, failregex configuration
|
|
parameter specifically, were changed in 0.5.4-5 to close reported
|
|
security breach, and in 0.5.4-5.14 to close few other bugs.
|
|
|
|
updating from <0.5.4-5
|
|
Unless configuration file (or corresponding failregex'es) gets updated,
|
|
security breach is not closed and corresponding warning will be reported
|
|
by the fail2ban (in the log files).
|
|
|
|
updating from <0.5.4-5.14
|
|
Bugs #329163, #331695 dealing with changed iptables rules
|
|
outside of fail2ban were fixed in 0.5.4-5.14, and require upgrade of the
|
|
configuration file (fwcheck option was introduced) to take full
|
|
advantage of the problem solution (otherwise some problems might
|
|
persist)
|
|
|
|
Please review the configuration file and make appropriate changes.
|
|
ENJOY!
|
|
|
|
EOF
|
|
fi
|
|
fi
|
|
;;
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
|
|
;;
|
|
|
|
*)
|
|
echo "postinst called with unknown argument \`$1'" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
if dpkg-maintscript-helper supports mv_conffile 2>/dev/null; then
|
|
dpkg-maintscript-helper mv_conffile /etc/fail2ban/action.d/firewall-cmd-direct-new.conf /etc/fail2ban/action.d/firewallcmd-new.conf 0.8.13-1~ -- "$@"
|
|
dpkg-maintscript-helper mv_conffile /etc/fail2ban/filter.d/lighttpd-fastcgi.conf /etc/fail2ban/filter.d/suhosin.conf 0.8.13-1~ -- "$@"
|
|
dpkg-maintscript-helper mv_conffile /etc/fail2ban/filter.d/sasl.conf /etc/fail2ban/filter.d/postfix-sasl.conf 0.8.13-1~ -- "$@"
|
|
dpkg-maintscript-helper mv_conffile /etc/fail2ban/filter.d/couriersmtp.conf /etc/fail2ban/filter.d/courier-smtp.conf 0.9.0-1~ -- "$@"
|
|
dpkg-maintscript-helper mv_conffile /etc/fail2ban/filter.d/courierlogin.conf /etc/fail2ban/filter.d/courier-auth.conf 0.9.0-1~ -- "$@"
|
|
fi
|
|
|
|
# dh_installdeb will replace this with shell code automatically
|
|
# generated by other debhelper scripts.
|
|
|
|
#DEBHELPER#
|
|
|
|
exit 0
|
|
|
|
|