path: root/proftpd/proftpd_stricter.cf

#! /usr/bin/cfengine -qf

control:
    OutputPrefix    = ("${cf_prefix}")
    AddInstallable  = ( proftpd_reload )
    actionsequence  = (
        editfiles
        shellcommands
        processes
    )

editfiles:
    { /etc/proftpd.conf
        DefineClasses "proftpd_reload"
        #
        # LsDefaultOptions -> ListOptions
        #
        # (Replace everywhere, as the daemon fails if the
        # deprecated option exists)
        #
        ResetSearch "1"
        ReplaceAll "LsDefaultOptions" With "ListOptions"
        #
        # (Make sure (remaining) cfengine hacks happens outside
        # of virtual hosts)
        #
        ResetSearch "1"
        BeginGroupIfNoSuchLine "# BEGIN CFENGINE"
            BeginGroupIfNoLineMatching "^[[:blank:]]*VirtualHost[[:blank:]].*"
                Append ""
                Append "# BEGIN CFENGINE"
                Append "# END CFENGINE (no virtual hosts above this line, please!)"
            EndGroup
            BeginGroupIfNoLineMatching "^# BEGIN CFENGINE.*"
                LocateLineMatching "^[[:blank:]]*VirtualHost[[:blank:]]"
                IncrementPointer "-1"
                InsertLine ""
                InsertLine "# BEGIN CFENGINE"
                InsertLine "# END CFENGINE (no virtual hosts above this line, please!)"
                InsertLine ""
            EndGroup
        EndGroup
        #
        # (Later options override earlier ones, so care only
        # about our own area from here on)
        #
        AbortAtLineMatching "^# END CFENGINE.*$"
        #
        # ListOptions "-la"
        #
        CatchAbort
        ResetSearch "1"
        LocateLineMatching "^# BEGIN CFENGINE"
#       WarnIfNoLineMatching "^[[:blank:]]*ListOptions[[:blank:]].*"
        BeginGroupIfNoLineMatching "^[[:blank:]]*ListOptions[[:blank:]].*"
#           LocateLineMatching "^# BEGIN CFENGINE"
#           InsertLine 'ListOptions         "-la"'
            InsertLine "DefaultRooddddt         ~"
        EndGroup
        CatchAbort
        ResetSearch "1"
        LocateLineMatching "^# BEGIN CFENGINE"
        LocateLineMatching "^[[:blank:]]*ListOptions[[:blank:]].*"
        BeginGroupIfNoLineMatching '^[[:blank:]]*ListOptions[[:blank:]]"-la"([[:blank:]]+(#.*)?)?$'
            ReplaceLineWith 'ListOptions            "-la"'
        EndGroup
        CatchAbort
        #
        # DefaultRoot ~
        #
        ResetSearch "1"
        LocateLineMatching "^# BEGIN CFENGINE"
        WarnIfNoLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]].*"
        BeginGroupIfNoLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]].*"
#           LocateLineMatching "^# BEGIN CFENGINE"
            InsertLine 'DefaultRoot         ~'
        EndGroup
        CatchAbort
        ResetSearch "1"
        LocateLineMatching "^# BEGIN CFENGINE"
        LocateLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]].*"
        BeginGroupIfNoLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]]+~$"
            ReplaceLineWith 'DefaultRoot            ~'
        EndGroup
        CatchAbort
        #
        UnsetAbort "^# END CFENGINE.*$"
    }
processes:
    "proftpd"   restart "/etc/init.d/proftpd restart"

shellcommands:
    proftpd_reload::
    "/etc/init.d/proftpd force-reload"