updates/1.4.10/setup

   1 #!/bin/bash
   2
   3 UPGRADEVERSION=1.4.10
   4 PREVIOUSVERSION="1.4."$((`echo $UPGRADEVERSION | /usr/bin/cut -f3 -d '.'`-1))
   5 echo "This is the $UPGRADEVERSION update patch for IPCop $PREVIOUSVERSION installing."
   6
   7 CURRENTVERSION=`perl -e "require '/var/ipcop/general-functions.pl';print \\$General::version;"`
   8 if [ "$CURRENTVERSION" != "$PREVIOUSVERSION" ]; then
   9         echo "You are not running IPCop v$PREVIOUSVERSION for this patch to install."
  10         echo "Aborting installation."
  11         exit -1
  12 fi
  13
  14 # general-functions might not be overwrited by patch...
  15 /bin/sed -i -e "s+= '1.4.*$+= '$UPGRADEVERSION';+" /var/ipcop/general-functions.pl
  16
  17 #protect backup key fix for SF1344032 restrict access to root only
  18 [ -e /var/ipcop/backup/backup.key ] && /bin/chmod 400 /var/ipcop/backup/backup.key && ./fixbackups.sh
  19
  20 /bin/tar -zxpf patch.tar.gz -C /
  21
  22 # update linker cache (openssl CAN-2005-2969)
  23 /sbin/ldconfig
  24
  25 #New option for vpn
  26 echo "VPN_DELAYED_START=0" >> /var/ipcop/vpn/settings
  27
  28 #replaces ipcoprebirth/ipcopdeath with ipcopreboot
  29 /bin/rm -f /usr/local/bin/{ipcopdeath,ipcoprebirth}
  30
  31 # restart new httpd apache_1.3.34 mod_ssl-2.8.25-1.3.34 mm-1.4.0
  32 /bin/killall httpd
  33 sleep 2
  34 /usr/sbin/httpd
  35
  36 # missing from 1.4.9 update
  37 /usr/local/bin/setdmzholes
  38
  39 # patched squid (CAN-2005-3258 and bug#1405)
  40 [ -e /var/ipcop/proxy/squid.conf ] && /usr/local/bin/restartsquid
  41
  42 # snort now use binary logging
  43 /usr/local/bin/restartsnort
  44 # avoid 'too many arguments' on cleanup
  45 for i in `seq 1 9`; do
  46         /bin/rm -rf /var/log/snort/$i*
  47 done
  48
  49 #Insert missing advanced values for VPN settings.
  50 #If user never went to adv screen, they are empty.
  51 #Whitout them, ipsec uses 3des-(sha|md5)-(768|1024|1536)
  52 #as default ike and esp algorythm.
  53 #This correction does not add 'aes128' as vpnmain,
  54 #so user will see effective algorythm selected.
  55 cp /var/ipcop/vpn/config /var/ipcop/vpn/oldconfig
  56 /usr/bin/perl -e "\
  57 use strict; \
  58 if (open(FILE, '/var/ipcop/vpn/oldconfig')){\
  59     my @lines = <FILE>;\
  60     close (FILE);\
  61     foreach my \$line (@lines){\
  62         my @confighash=split(',' ,\$line);\
  63         \$confighash[15] = 'on'           if (\$confighash[15] eq '');\
  64         \$confighash[14] = 'off'          if (\$confighash[14] eq '');\
  65         \$confighash[19] = '3des'         if (\$confighash[19] eq '');\
  66         \$confighash[20] = 'sha|md5'      if (\$confighash[20] eq '');\
  67         \$confighash[21] = '1536|1024|768'if (\$confighash[21] eq '');\
  68         \$confighash[17] = '1'            if (\$confighash[17] eq '');\
  69         \$confighash[22] = 'aes128|3des'  if (\$confighash[22] eq '');\
  70         \$confighash[23] = 'sha1|md5'     if (\$confighash[23] eq '');\
  71         \$confighash[18] = '8'            if (\$confighash[18] eq '');\
  72         \$confighash[25] = 'off'          if (\$confighash[25] eq '');\
  73         print join (',', @confighash); }}" >/var/ipcop/vpn/config
  74 rm /var/ipcop/vpn/oldconfig
  75
  76 #build cachelang file after all "lang/*.pl" updates
  77 perl -e "require '/var/ipcop/lang.pl'; &Lang::BuildCacheLang"
  78
  79 killall mingetty  #redisplay correct version
  80 echo "end of $UPGRADEVERSION update"