Dirty commit
This commit is contained in:
parent
9b2fd607b2
commit
ca18a45319
13
README.org
Normal file
13
README.org
Normal file
|
@ -0,0 +1,13 @@
|
|||
#+TITLE: Readme
|
||||
|
||||
* Usage
|
||||
|
||||
#+begin_src shell
|
||||
inventory.sh
|
||||
#+end_src
|
||||
|
||||
* Notes
|
||||
|
||||
- inventory: Contains the files with directives before the migration
|
||||
- to-convert:
|
||||
- result: Result of the inventory after the migration
|
11
convert.awk
Normal file
11
convert.awk
Normal file
|
@ -0,0 +1,11 @@
|
|||
#!/usr/bin/env awk -f
|
||||
|
||||
|
||||
newline = "\n[[:blank:]]";
|
||||
|
||||
/Order deny,allow\n[[:blank:]]*Deny from all/
|
||||
|
||||
|
||||
/Allow from all/ { s/ }
|
||||
|
||||
s/Allow from all/Require all granted/
|
63
convert.pl
Normal file
63
convert.pl
Normal file
|
@ -0,0 +1,63 @@
|
|||
#!/usr/bin/env perl
|
||||
#
|
||||
# Replace apache's mod_access_compat directives to mod_authz_host ones, to
|
||||
# securly migrate to apache 2.2 to 2.4. This script only migrate most
|
||||
# common pattern.
|
||||
|
||||
#use re "debug";
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
# TODO Maybe use a redo in of clauses to avoid missing substitutions
|
||||
|
||||
# our $^I = '.bak';
|
||||
|
||||
# our @ARGV = ($ARGV[0]); # We don't want to use STDIN when eof get called
|
||||
|
||||
# open(my $fh, "+<", $ARGV[0])
|
||||
# or die "Can't open ARGv[0]!";
|
||||
|
||||
# Regex for spaces bettwen word (including comment character)
|
||||
my $s = '[#\s]*';
|
||||
|
||||
while (<ARGV>) {
|
||||
# ** Order
|
||||
# Default of mod_access_compat
|
||||
next if /Order${s}deny,allow/i;
|
||||
|
||||
if (/(Order${s}Allow,Deny)/i) {
|
||||
$_ .= <ARGV>;
|
||||
s/${1}${s}(Deny${s}from${s}all)/$1/i;
|
||||
};
|
||||
|
||||
# ** Satisfy
|
||||
# Correspond to the new default, from mod_authz_host, to have an implicit <RequireAny>
|
||||
next if /Satisfy${s}any/i;
|
||||
|
||||
# ** Misc
|
||||
if (/(Require${s}valid-user)/i) {
|
||||
$_ .= <ARGV>.<ARGV>.<ARGV>;
|
||||
s/(${1})${s}Order${s}Deny,Allow${s}Deny${s}from${s}all/$1/i;
|
||||
};
|
||||
|
||||
# ** Deny
|
||||
if (/(Deny${s}from${s}all)/i) {
|
||||
# unless (eof(ARGV)) {
|
||||
$_ .= <ARGV>;
|
||||
# };
|
||||
s/${1}${s}Allow${s}from/Require ip/i;
|
||||
s/Deny${s}from${s}all/Require all denied/i;
|
||||
};
|
||||
|
||||
s/Deny${s}from${s}env=/Require not env /i;
|
||||
|
||||
# ** Allow
|
||||
s/Allow${s}from${s}all/Require all granted/i;
|
||||
s/Allow${s}from/Require ip/i;
|
||||
|
||||
print ARGV;
|
||||
}
|
||||
|
||||
# close $fh;
|
||||
|
||||
# print 'END THIS SHIT!!!!\n';
|
28
convert.sed
Normal file
28
convert.sed
Normal file
|
@ -0,0 +1,28 @@
|
|||
# This script dumbly migrate from Apache's configuration 2.2 to 2.4.
|
||||
#
|
||||
# Here are it's current quirk:
|
||||
# - it will modify config even if it's written to be cross compatible between thoses version
|
||||
# - it assume "Allow from" only specifies IPs
|
||||
|
||||
# Order
|
||||
/Order[[:blank:]]*deny,allow/Id
|
||||
|
||||
# * Deny
|
||||
# s/Deny[[:blank:]]*from[[:blank:]]*all/Require all denied/I
|
||||
|
||||
/Deny[[:blank:]]*from[[:blank:]]*all/I {
|
||||
N
|
||||
s/.?\([[:blank:]]*\)Allow[[:blank:]]*from/\1Require ip/I
|
||||
s/Deny[[:blank:]]*from[[:blank:]]*all/Require all denied/I
|
||||
}
|
||||
|
||||
s/Deny from env=/Require not env /I
|
||||
|
||||
# * Allow
|
||||
s/Allow[[:blank:]]*from[[:blank:]]*all/Require all granted/I
|
||||
s/Allow[[:blank:]]*from/Require ip/I
|
||||
|
||||
# * Satisfy
|
||||
|
||||
# It's the default value
|
||||
/Satisfy[[:blank:]]*any/Id
|
12
convert.sh
Normal file
12
convert.sh
Normal file
|
@ -0,0 +1,12 @@
|
|||
#!/bin/sh
|
||||
|
||||
newline="\n[[:blank:]]"
|
||||
|
||||
# 2.2 Directives
|
||||
all_denied="s/Order deny,allow${newline}Deny from all/Require all denied/"
|
||||
## Last
|
||||
deny_from_env="s/Deny from env=/Require not env /"
|
||||
allow_all="s/Allow from all/Require all granted/"
|
||||
|
||||
# Mixed directives
|
||||
mix_allow_all_require_all="s/Allow from all${newline}Require all granted/Require all granted/"
|
7
filter.sh
Normal file
7
filter.sh
Normal file
|
@ -0,0 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Types: V S H T
|
||||
type=$1
|
||||
result=/tmp/apache-require/result
|
||||
|
||||
awk --assign type="$type" '{ if ($NF == type) print $0; }' "$result"
|
13
inventory.sh
13
inventory.sh
|
@ -1,6 +1,9 @@
|
|||
#!/bin/sh
|
||||
|
||||
# TODO Use \0 as a seprator
|
||||
# TODO replace realpath as it isn't POSIX
|
||||
# TODO Categorize mixed directives, thoses need to be manualy modified
|
||||
# We may need a different file that list files with non mixed directives
|
||||
|
||||
set -e
|
||||
|
||||
|
@ -14,7 +17,7 @@ confs_vhost=$tmp_dir/confs_vhost
|
|||
confs_system=$tmp_dir/confs_system
|
||||
confs_htaccess=$tmp_dir/confs_htaccess
|
||||
confs_template=$tmp_dir/confs_template
|
||||
result=$tmp_dir/result
|
||||
result=$tmp_dir/inventory
|
||||
summary=$tmp_dir/summary
|
||||
|
||||
module_loaded() {
|
||||
|
@ -34,7 +37,7 @@ get_confs() {
|
|||
for conf_file in $(cat "$confs"); do
|
||||
# XXX: Expand the filenames
|
||||
for glob in $(awk '/^[[:space:]]*Include/ {print $2}' "$conf_file"); do
|
||||
realpath --canonicalize-existing --no-symlinks --quiet $glob >> "$confs" || true
|
||||
realpath --canonicalize-existing --quiet $glob >> "$confs" || true
|
||||
done
|
||||
done
|
||||
sort "$confs" | uniq > "$confs"_tmp && mv "$confs"_tmp "$confs"
|
||||
|
@ -64,10 +67,12 @@ get_template() {
|
|||
categorize_confs() {
|
||||
get_template > "$confs_template"
|
||||
get_htaccess > "$confs_htaccess"
|
||||
grep -E "^${apache_dir}/sites-enabled/.*\\.conf" "$confs" > "$confs_vhost"
|
||||
grep -Ev "^${apache_dir}/sites-enabled/.*\\.conf" "$confs" > "$confs_system"
|
||||
grep -E "^${apache_dir}/sites-available/.*\\.conf" "$confs" > "$confs_vhost"
|
||||
grep -Ev "^${apache_dir}/sites-available/.*\\.conf" "$confs" > "$confs_system"
|
||||
}
|
||||
|
||||
|
||||
# Count directives and return files only containing some directives
|
||||
# Takes argument: file type
|
||||
count_directives() {
|
||||
directives="Allow Order Deny Satisfy"
|
||||
|
|
13
migrate.sh
Normal file
13
migrate.sh
Normal file
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
newline="\n[[:blank:]]"
|
||||
|
||||
# 2.2 Directives
|
||||
all_denied="s/Order deny,allow${newline}Deny from all/Require all denied/"
|
||||
-
|
||||
## Last
|
||||
deny_from_env="s/Deny from env=/Require not env /"
|
||||
allow_all="s/Allow from all/Require all granted/"
|
||||
|
||||
# Mixed directives
|
||||
mix_allow_all_require_all="s/Allow from all${newline}Require all granted/Require all granted/"
|
7
notes.org
Normal file
7
notes.org
Normal file
|
@ -0,0 +1,7 @@
|
|||
#+TITLE: Notes
|
||||
|
||||
* hosting05
|
||||
- /etc/apache2/sites-enabled/acelem.conf
|
||||
- /etc/apache2/mods-enabled/status.conf
|
||||
- /home/labri/www/zp-data/.htaccess
|
||||
- /home/oldwiki/www/bleuroy/.htaccess
|
Loading…
Reference in a new issue