diff options
| -rwxr-xr-x | proftpd/proftpd_stricter.cf | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/proftpd/proftpd_stricter.cf b/proftpd/proftpd_stricter.cf new file mode 100755 index 0000000..1ea0528 --- /dev/null +++ b/proftpd/proftpd_stricter.cf @@ -0,0 +1,94 @@ +#! /usr/bin/cfengine -qf + +control: + OutputPrefix = ("${cf_prefix}") + AddInstallable = ( proftpd_reload ) + actionsequence = ( + editfiles + shellcommands + processes + ) + +editfiles: + { /etc/proftpd.conf + DefineClasses "proftpd_reload" + # + # LsDefaultOptions -> ListOptions + # + # (Replace everywhere, as the daemon fails if the + # deprecated option exists) + # + ResetSearch "1" + ReplaceAll "LsDefaultOptions" With "ListOptions" + # + # (Make sure (remaining) cfengine hacks happens outside + # of virtual hosts) + # + ResetSearch "1" + BeginGroupIfNoSuchLine "# BEGIN CFENGINE" + BeginGroupIfNoLineMatching "^[[:blank:]]*VirtualHost[[:blank:]].*" + Append "" + Append "# BEGIN CFENGINE" + Append "# END CFENGINE (no virtual hosts above this line, please!)" + EndGroup + BeginGroupIfNoLineMatching "^# BEGIN CFENGINE.*" + LocateLineMatching "^[[:blank:]]*VirtualHost[[:blank:]]" + IncrementPointer "-1" + InsertLine "" + InsertLine "# BEGIN CFENGINE" + InsertLine "# END CFENGINE (no virtual hosts above this line, please!)" + InsertLine "" + EndGroup + EndGroup + # + # (Later options override earlier ones, so care only + # about our own area from here on) + # + AbortAtLineMatching "^# END CFENGINE.*$" + # + # ListOptions "-la" + # + CatchAbort + ResetSearch "1" + LocateLineMatching "^# BEGIN CFENGINE" +# WarnIfNoLineMatching "^[[:blank:]]*ListOptions[[:blank:]].*" + BeginGroupIfNoLineMatching "^[[:blank:]]*ListOptions[[:blank:]].*" +# LocateLineMatching "^# BEGIN CFENGINE" +# InsertLine 'ListOptions "-la"' + InsertLine "DefaultRooddddt ~" + EndGroup + CatchAbort + ResetSearch "1" + LocateLineMatching "^# BEGIN CFENGINE" + LocateLineMatching "^[[:blank:]]*ListOptions[[:blank:]].*" + BeginGroupIfNoLineMatching '^[[:blank:]]*ListOptions[[:blank:]]"-la"([[:blank:]]+(#.*)?)?$' + ReplaceLineWith 'ListOptions "-la"' + EndGroup + CatchAbort + # + # DefaultRoot ~ + # + ResetSearch "1" + LocateLineMatching "^# BEGIN CFENGINE" + WarnIfNoLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]].*" + BeginGroupIfNoLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]].*" +# LocateLineMatching "^# BEGIN CFENGINE" + InsertLine 'DefaultRoot ~' + EndGroup + CatchAbort + ResetSearch "1" + LocateLineMatching "^# BEGIN CFENGINE" + LocateLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]].*" + BeginGroupIfNoLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]]+~$" + ReplaceLineWith 'DefaultRoot ~' + EndGroup + CatchAbort + # + UnsetAbort "^# END CFENGINE.*$" + } +processes: + "proftpd" restart "/etc/init.d/proftpd restart" + +shellcommands: + proftpd_reload:: + "/etc/init.d/proftpd force-reload" |