#!/bin/sh # TODO total by host: vhost, htaccess, conf, cgi set -e apache_dir=/etc/apache2 apache_conf=$apache_dir/apache2.conf tmp_dir=/tmp/apache-require mkdir -p "$tmp_dir" confs=$tmp_dir/confs confs_vhost=$tmp_dir/confs_vhost confs_system=$tmp_dir/confs_system confs_htaccess=$tmp_dir/confs_htaccess confs_template=$tmp_dir/confs_template result=$tmp_dir/result summary=$tmp_dir/summary module_loaded() { apache2ctl -D DUMP_MODULES | grep -q access_compat_module } # Get all apache config files get_confs() { # Initialize le the list of configuration files with the default conf test ! -e "$confs" && printf "%s\\n" $apache_conf > "$confs" cd "$apache_dir" # TODO: Refactor this mess confs_size=0 while [ "$confs_size" -lt "$(stat -c %s "$confs")" ]; do confs_size=$(stat -c %s "$confs") for conf_file in $(cat "$confs"); do # XXX: Expand the filenames for glob in $(awk '/^[[:space:]]*Include/ {print $2}' "$conf_file"); do realpath --no-symlinks $glob >> "$confs" done done sort "$confs" | uniq > "$confs"_tmp && mv "$confs"_tmp "$confs" done cd - 1>/dev/null } # Find all the .htaccess under each DocumentRoot get_htaccess() { xargs \ awk 'sub("^[[:space:]]*DocumentRoot[[:space:]]*", "")' \ < "$confs" \ | sort -u \ | xargs -I _ find _ -type f -name .htaccess || true } # Find directives in non apache location. It can be configuration for # phpmyadmin or the default vhost template for example. get_template() { template_dirs="/etc /usr/share/scripts" grep -RE '^[[:space:]]*(Order|Allow|Deny|Satisfy)[[:space:]]' \ --exclude-dir=apache2 --exclude-dir=squid3 "$template_dirs" \ 2>/dev/null } # Put different type of configs in different files categorize_confs() { get_template > "$confs_template" get_htaccess > "$confs_htaccess" grep -E "^${apache_dir}/sites-enabled/.*\\.conf" "$confs" > "$confs_vhost" grep -Ev "^${apache_dir}/sites-enabled/.*\\.conf" "$confs" > "$confs_system" } # Takes argument: file type count_directives() { directives="Allow Order Deny Satisfy" for directive in $directives; do export "$directive"="$(grep -Ec "^[[:blank:]]*$directive\\s" "$1")" done export CGI="$(grep -Ec "^[[:blank:]]*# CGI" "$1")" # shellcheck disable=SC2154 if [ "$Allow" -ne 0 ] || [ "$Order" -ne 0 ] || \ [ "$Deny" -ne 0 ] || [ "$Satisfy" -ne 0 ]; then export Total=$(( $Allow + $Order + $Deny + $Satisfy )) printf "%s %d %d %d %d %d %d %s\\n" "$1" \ "$Allow" "$Order" "$Deny" "$Satisfy" "$Total" "$CGI" "$2" fi } # Results per files display_results() { mv -b "$result" "$result".bak || true # Types: Vhost, System, Htaccess, Template printf 'File\tAllow\tOrder\tDeny\tSatsify\tTotal (directives)\tCGI\tType (V|S|H|T)\n' >&2 set -- \ "$confs_vhost" V \ "$confs_system" S \ "$confs_htaccess" H \ "$confs_template" T # For each types of confs while [ "$#" -gt 0 ]; do # For each confs file of that type while IFS= read -r file; do count_directives "$file" "$2" | tee -a "$result" done < "$1" shift 2 done } # One line machine summary of the results display_summary() { # Types: Vhost, System, Htaccess printf 'Vhost\tSystem\tHtaccess\tTotal\tCGI\n' >&2 } get_confs categorize_confs display_results # display_summary