#! /usr/bin/cfengine -qvf control: OutputPrefix = ("${cf_prefix}") actionsequence = ( editfiles ) AddInstallable = ( apache_ssl_reload ) EditfileSize = ( 50000 ) editfiles: any:: { /etc/apache-ssl/httpd.conf DefineClasses "apache_ssl_reload" # # ServerAdmin webmaster@$(domain) # # (Try to add it _before_ virtual hosts) # WarnIfNoLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]].*" BeginGroupIfNoLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]].*" BeginGroupIfNoLineMatching "^(### Section 3: Virtual Hosts|#?NameVirtualHost.*|#?VirtualHost.*)$" Append "ServerAdmin webmaster@$(domain)" EndGroup BeginGroupIfNoLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]].*" LocateLineMatching "^(### Section 3: Virtual Hosts|#?NameVirtualHost.*|#?VirtualHost.*)$" InsertLine "ServerAdmin webmaster@$(domain)" EndGroup EndGroup LocateLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]].*" BeginGroupIfNoLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]]*webmaster@$(domain)[[:blank:]]*$" ReplaceLineWith "ServerAdmin webmaster@$(domain)" EndGroup # # Make space for cfengine hacks # # (Try to add it _before_ virtual hosts) # ResetSearch "1" BeginGroupIfNoSuchLine "# BEGIN CFENGINE" BeginGroupIfNoLineMatching "^(### Section 3: Virtual Hosts|#?NameVirtualHost.*|#?VirtualHost.*)$" Append "" Append "# BEGIN CFENGINE" Append "# END CFENGINE" EndGroup BeginGroupIfNoLineMatching "^# BEGIN CFENGINE$" LocateLineMatching "^(### Section 3: Virtual Hosts|#?NameVirtualHost.*|#?VirtualHost.*)$" IncrementPointer "-1" InsertLine "" InsertLine "# BEGIN CFENGINE" InsertLine "# END CFENGINE" InsertLine "" EndGroup EndGroup # # LoadModule php3_module /usr/lib/apache/1.3/libphp3.so # # <IfModule libphp3.c> # php3_display_errors off # php3_log_errors on # AddType application/x-httpd-php3 .php3 # AddType application/x-httpd-php3-source .phps # </IfModule> # BeginGroupIfFileExists "/usr/lib/apache/1.3/libphp3.so" ResetSearch "1" # bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+php3_module[[:blank:]].*" LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+php3_module[[:blank:]]+/usr/lib/apache/1.3/libphp3.so$" ReplaceLineWith "LoadModule php3_module /usr/lib/apache/1.3/libphp3.so" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "<IfModule libphp3.c>" InsertLine "<IfModule libphp3.c>" InsertLine "</IfModule>" EndGroup ResetSearch "1" LocateLineMatching "^# BEGIN CFENGINE$" LocateLineMatching "^<IfModule libphp3.c>$" BeginGroupIfNoLineMatching "[[:blank:]]*php3_display_errors off" InsertLine " php3_display_errors off" EndGroup BeginGroupIfNoLineMatching "[[:blank:]]*php3_log_errors on" InsertLine " php3_log_errors on" EndGroup BeginGroupIfNoLineMatching "[[:blank:]]*AddType application/x-httpd-php3 .php3" InsertLine " AddType application/x-httpd-php3 .php3" EndGroup BeginGroupIfNoLineMatching "[[:blank:]]*AddType application/x-httpd-source .phps" InsertLine " AddType application/x-httpd-source .phps" EndGroup UnsetAbort "^# END CFENGINE$" EndGroup # # LoadModule php4_module /usr/lib/apache/1.3/libphp4.so # # <IfModule libphp4.c> # php_flag display_errors off # php_flag log_errors on # AddType application/x-httpd-php .phtml .php .inc .php3 # AddType application/x-httpd-php-source .phps # </IfModule> # BeginGroupIfFileExists "/usr/lib/apache/1.3/libphp4.so" ResetSearch "1" # UnCommentLinesMatching "^\#[[:blank:]]*LoadModule[[:blank:]]+php4\_module[[:blank:]].*" LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+php4\_module[[:blank:]]+/usr/lib/apache/1.3/libphp4.so$" ReplaceLineWith "LoadModule php4_module /usr/lib/apache/1.3/libphp4.so" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "<IfModule libphp4.c>" InsertLine "<IfModule libphp4.c>" InsertLine "</IfModule>" EndGroup ResetSearch "1" LocateLineMatching "^# BEGIN CFENGINE$" LocateLineMatching "^<IfModule libphp4.c>$" BeginGroupIfNoLineMatching "^.*php_flag[[:blank:]]*display_errors[[:blank:]]*off$" InsertLine " php_flag display_errors off" EndGroup BeginGroupIfNoLineMatching ".*php_flag log_errors on" InsertLine " php_flag log_errors on" EndGroup BeginGroupIfNoLineMatching "[[:blank:]]*AddType application/x-httpd-php .phtml .php .inc .php3" InsertLine " AddType application/x-httpd-php .phtml .php .inc .php3" EndGroup BeginGroupIfNoLineMatching "[[:blank:]]*AddType application/x-httpd-source .phps" InsertLine " AddType application/x-httpd-source .phps" EndGroup UnsetAbort "^# END CFENGINE$" EndGroup # # LoadModule gzip_module /usr/lib/apache/1.3/mod_gzip.so # # <IfModule mod_gzip.c> # mod_gzip_dechunk yes # mod_gzip_keep_workfiles No # mod_gzip_temp_dir /tmp # mod_gzip_minimum_file_size 1002 # mod_gzip_maximum_file_size 0 # mod_gzip_maximum_inmem_size 1000000 # mod_gzip_item_include file "\.htm$" # mod_gzip_item_include file "\.html$" # mod_gzip_item_include mime "text/.*" # mod_gzip_item_include file "\.php$" # mod_gzip_item_include mime "jserv-servlet" # mod_gzip_item_include handler "jserv-servlet" # mod_gzip_item_include mime "application/x-httpd-php.*" # mod_gzip_item_include mime "httpd/unix-directory" # mod_gzip_item_exclude file "\.css$" # mod_gzip_item_exclude file "\.js$" # mod_gzip_item_exclude file "\.wml$" # </IfModule> # BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_gzip.so" ResetSearch "1" # SetCommentStart "#" # SetCommentEnd "" # UnCommentLinesMatching "^\#[[:blank:]]*LoadModule[[:blank:]]+gzip_module[[:blank:]].*" LocateLineMatching "#[[:blank:]]*LoadModule[[:blank:]]+gzip_module[[:blank:]]+/usr/lib/apache/1.3/mod_gzip.so" # UnCommentNLines "1" ReplaceLineWith "LoadModule gzip_module /usr/lib/apache/1.3/mod_gzip.so" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "<IfModule mod_gzip.c>" InsertLine "<IfModule mod_gzip.c>" InsertLine "</IfModule>" EndGroup ResetSearch "1" LocateLineMatching "^# BEGIN CFENGINE$" LocateLineMatching "^<IfModule mod_gzip.c>$" BeginGroupIfNoLineMatching ' mod_gzip_on yes' InsertLine ' mod_gzip_on yes' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_dechunk yes' InsertLine ' mod_gzip_dechunk yes' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_keep_workfiles No' InsertLine ' mod_gzip_keep_workfiles No' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_temp_dir /tmp' InsertLine ' mod_gzip_temp_dir /tmp' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_minimum_file_size 1002' InsertLine ' mod_gzip_minimum_file_size 1002' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_maximum_file_size 0' InsertLine ' mod_gzip_maximum_file_size 0' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_maximum_inmem_size 1000000' InsertLine ' mod_gzip_maximum_inmem_size 1000000' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include file "\\\.htm\$"' InsertLine ' mod_gzip_item_include file "\.htm$"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include file "\\\.html\$"' InsertLine ' mod_gzip_item_include file "\.html$"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include mime "text/\.\*"' InsertLine ' mod_gzip_item_include mime "text/.*"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include file "\\\.php\$"' InsertLine ' mod_gzip_item_include file "\.php$"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include mime "jserv-servlet"' InsertLine ' mod_gzip_item_include mime "jserv-servlet"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include handler "jserv-servlet"' InsertLine ' mod_gzip_item_include handler "jserv-servlet"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include mime "application/x-httpd-php\.\*"' InsertLine ' mod_gzip_item_include mime "application/x-httpd-php.*"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include mime "httpd/unix-directory"' InsertLine ' mod_gzip_item_include mime "httpd/unix-directory"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_exclude file "\\\.css\$"' InsertLine ' mod_gzip_item_exclude file "\.css$"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_exclude file "\\\.js\$"' InsertLine ' mod_gzip_item_exclude file "\.js$"' EndGroup BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_exclude file "\\\.wml\$"' InsertLine ' mod_gzip_item_exclude file "\.wml$"' EndGroup UnsetAbort "^# END CFENGINE$" EndGroup # # LoadModule index_rss_module /usr/lib/apache/1.3/mod_index_rss.so # # <IfModule mod_index_rss.c> # IndexRSSEngine On # </IfModule> # BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_index_rss.so" ResetSearch "1" # bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+index_rss_module[[:blank:]].*" LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+index_rss_module[[:blank:]]+/usr/lib/apache/1.3/mod_index_rss.so$" ReplaceLineWith "LoadModule index_rss_module /usr/lib/apache/1.3/mod_index_rss.so" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "<IfModule mod_index_rss.c>" InsertLine "<IfModule mod_index_rss.c>" InsertLine "</IfModule>" EndGroup ResetSearch "1" LocateLineMatching "^# BEGIN CFENGINE$" LocateLineMatching "^<IfModule mod_index_rss.c>$" BeginGroupIfNoLineMatching "[[:blank:]]+IndexRSSEngine On" InsertLine " IndexRSSEngine On" EndGroup UnsetAbort "^# END CFENGINE$" EndGroup # # LoadModule pam_auth_module /usr/lib/apache/1.3/mod_auth_pam.so # # <IfModule mod_auth_pam.c> # <Location /> # AuthPAM_Enabled Off # </Location> # </IfModule> # BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_auth_pam.so" ResetSearch "1" # bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+pam_auth_module[[:blank:]].*" LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+pam_auth_module[[:blank:]]+/usr/lib/apache/1.3/mod_auth_pam.so$" ReplaceLineWith "LoadModule pam_auth_module /usr/lib/apache/1.3/mod_auth_pam.so" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "<IfModule mod_auth_pam.c>" InsertLine "<IfModule mod_auth_pam.c>" InsertLine " <Location />" InsertLine " </Location>" InsertLine "</IfModule>" EndGroup ResetSearch "1" LocateLineMatching "^# BEGIN CFENGINE$" LocateLineMatching "^<IfModule mod_auth_pam.c>$" LocateLineMatching "[[:blank:]]+<Location />" BeginGroupIfNoLineMatching "[[:blank:]]+AuthPAM_Enabled Off" InsertLine " AuthPAM_Enabled Off" EndGroup UnsetAbort "^# END CFENGINE$" EndGroup # # LoadModule authshadow_module /usr/lib/apache/1.3/mod_auth_shadow.so # # <IfModule mod_auth_shadow.c> # <Location /> # AuthShadow Off # </Location> # </IfModule> # BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_auth_shadow.so" ResetSearch "1" # bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+authshadow_module[[:blank:]].*" LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+authshadow_module[[:blank:]]+/usr/lib/apache/1.3/mod_auth_shadow.so$" ReplaceLineWith "LoadModule authshadow_module /usr/lib/apache/1.3/mod_auth_shadow.so" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "<IfModule mod_auth_shadow.c>" InsertLine "<IfModule mod_auth_shadow.c>" InsertLine " <Location />" InsertLine " </Location>" InsertLine "</IfModule>" EndGroup ResetSearch "1" LocateLineMatching "^# BEGIN CFENGINE$" LocateLineMatching "^<IfModule mod_auth_shadow.c>$" LocateLineMatching "[[:blank:]]+<Location />" BeginGroupIfNoLineMatching "[[:blank:]]+AuthShadow Off" InsertLine " AuthShadow Off" EndGroup UnsetAbort "^# END CFENGINE$" EndGroup # # LoadModule xslt_module /usr/lib/apache/1.3/mod_xslt.so # # <IfModule mod_xslt.c> # <Location /xslt> # AddHandler mod_xslt .html # AddHandler mod_xslt .txt # </Location> # </IfModule> # BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_xslt.so" ResetSearch "1" # bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+xslt_module[[:blank:]].*" LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+xslt_module[[:blank:]]+/usr/lib/apache/1.3/mod_xslt.so$" ReplaceLineWith "LoadModule xslt_module /usr/lib/apache/1.3/mod_xslt.so" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "<IfModule mod_xslt.c>" InsertLine "<IfModule mod_xslt.c>" InsertLine " <Location /xslt>" InsertLine " </Location>" InsertLine "</IfModule>" EndGroup ResetSearch "1" LocateLineMatching "^# BEGIN CFENGINE$" LocateLineMatching "^<IfModule mod_xslt.c>$" LocateLineMatching "[[:blank:]]+<Location /xslt>" BeginGroupIfNoLineMatching "[[:blank:]]+AddHandler mod_xslt .html" InsertLine " AddHandler mod_xslt .html" InsertLine " AddHandler mod_xslt .txt" EndGroup UnsetAbort "^# END CFENGINE$" EndGroup # # #SSLCACertificatePath # SSLCACertificateFile cacert.pem # SSLCertificateFile apache.pem # SSLCertificateKeyFile apache.pem # ResetSearch "1" CommentLinesMatching "SSLCACertificatePath" CatchAbort BeginGroupIfFileExists "/etc/ssl/certs/cacert.pem" ResetSearch "1" CommentLinesMatching "SSLCACertificateFile" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "SSLCACertificateFile cacert.pem" InsertLine "SSLCertificateFile apache.pem" EndGroup ResetSearch "1" UnsetAbort "^# END CFENGINE$" EndGroup BeginGroupIfFileExists "/etc/ssl/certs/apache.pem" ResetSearch "1" CommentLinesMatching "SSLCertificateFile" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "SSLCertificateFile apache.pem" InsertLine "SSLCertificateFile apache.pem" EndGroup ResetSearch "1" UnsetAbort "^# END CFENGINE$" EndGroup BeginGroupIfFileExists "/etc/ssl/private/apache.pem" ResetSearch "1" CommentLinesMatching "SSLCertificateKeyFile" CatchAbort AbortAtLineMatching "^# END CFENGINE$" LocateLineMatching "^# BEGIN CFENGINE$" BeginGroupIfNoSuchLine "SSLCertificateKeyFile apache.pem" InsertLine "SSLCertificateKeyFile apache.pem" EndGroup ResetSearch "1" UnsetAbort "^# END CFENGINE$" EndGroup } processes: "apache_ssl" restart "/etc/init.d/apache-ssl restart" shellcommands: apache_reload:: "/etc/init.d/apache-ssl force-reload"