projects / contrib / pines / genasys.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 304dc6e)
Reconfiguring apache2 section:
authorChris Sharp <csharp@georgialibraries.org>
Wed, 28 Jun 2017 12:17:39 +0000 (08:17 -0400)
committerChris Sharp <csharp@georgialibraries.org>
Wed, 28 Jun 2017 12:17:39 +0000 (08:17 -0400)
  - rather than rm-ing the conf file, use a2dissite
  - remove sed of ports.conf that isn't doing anything
  - SSLv3 is already disabled by default in apache2, so no need
    to do it again.
  - remove redundant SSLv3 section
  - remove commented out/deprecated sections

templates/setup-head.sh patch | blob | history

diff --git a/templates/setup-head.sh b/templates/setup-head.sh
index 760b5f4..6756087 100755 (executable)
--- a/templates/setup-head.sh
+++ b/templates/setup-head.sh
@@ -148,55 +148,12 @@ a2disconf serve-cgi-bin
 
 if [ -e /etc/apache2/sites-enabled/000-default.conf ]
 then 
-       rm /etc/apache2/sites-enabled/000-default.conf
+       a2dissite 000-default.conf
 fi
-sed -i 's^NameVirtualHost^#NameVirtualHost^g' /etc/apache2/ports.conf
-
-if [ -e /etc/apache2/mods-enabled/ssl.conf ]
-then
-       sed -i '/SSL v2  is no longer supported/a \\tSSLProtocol all -SSLv3'
-else
-       echo "WARNING!!! Could not disable SSLv3 in apache2 conf"
-       echo "/etc/apache2/mods-enabled/ssl.conf is missing."
-       sleep 10
-fi
-#Enable extended status in Apache2 for Munin.
-#sed -i '/<Location/i \\nExtendStatus On\n' /etc/apache2/mods-available/status.conf
-
-### moved to setup-functions.
-# GenSSL() { ### Generate SSL cert.
-# mkdir -p /etc/apache2/ssl
-# cd /etc/apache2/ssl
-# openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key
-# cd $WD
-# }
 
 ### Configure apache to run as user opensrf.
 sed -i 's/APACHE_RUN_USER=www-data/APACHE_RUN_USER=opensrf/g' /etc/apache2/envvars
 
-### Disable SSLv3 to protect from poodle type attacks
-if [ -e "/etc/apache2/mods-available/ssl.conf" ]
-then
-       echo;echo "Disabling SSLv3";sleep 3
-       sed -i 's^SSLProtocol all^SSLProtocol all -SSLv3^g' "/etc/apache2/mods-available/ssl.conf"
-else
-       echo;echo "WARNING!! Could not disable SSLv3 to stop poodle type attacks!"
-       read -p "You will have to disable this manually.  Continue [Enter]" SSLv3
-fi
-
-### Setup to log to logger01.  *** depracated. 
-#if ! grep -q "Evergreen logger configuration" /etc/rsyslog.conf
-#      then
-#      echo >> /etc/rsyslog.conf
-#      echo "## Evergreen logger configuration" >> /etc/rsyslog.conf
-#      echo "local0.*        @@logger01.CLUSTER_DOMAINNAME:514" >> /etc/rsyslog.conf
-#      echo "local1.*        @@logger01.CLUSTER_DOMAINNAME:514" >> /etc/rsyslog.conf
-#      echo "local2.*        @@logger01.CLUSTER_DOMAINNAME:514" >> /etc/rsyslog.conf
-#      echo "local3.*        @@logger01.CLUSTER_DOMAINNAME:514" >> /etc/rsyslog.conf
-#      echo "local6.*        @@logger01.CLUSTER_DOMAINNAME:514" >> /etc/rsyslog.conf
-#      echo "local7.*        @@logger01.CLUSTER_DOMAINNAME:514" >> /etc/rsyslog.conf
-#fi
-
 ### Setup database schema... We do this from the head of the first brick.
 if cat /etc/hostname|grep -q brick01-head
         then
GenaSYS