#! /bin/sh
# postinst script for rkhunter
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#

. /usr/share/debconf/confmodule
DF=/etc/default/rkhunter
APT_CONF=/etc/apt/apt.conf.d/90rkhunter

case "$1" in
    configure)

    db_get rkhunter/cron_db_update || true
    case "$RET" in
        true)
        if [ -f $DF ]; then
          TEMPFILE=`mktemp` || exit 1
          sed $DF -e "s,^ *CRON_DB_UPDATE=.*,CRON_DB_UPDATE=\"yes\"," > $TEMPFILE
          mv -f $TEMPFILE $DF
          chmod 644 $DF
          rm -f $TEMPFILE
        fi
        ;;
        false)
        if [ -f $DF ]; then
          TEMPFILE=`mktemp` || exit 1
          sed $DF -e "s,^ *CRON_DB_UPDATE=.*,CRON_DB_UPDATE=\"no\"," > $TEMPFILE
          mv -f $TEMPFILE $DF
          chmod 644 $DF
          rm -f $TEMPFILE
        fi
        ;;
        *)
        ;;
    esac

    db_get rkhunter/cron_daily_run || true
    case "$RET" in
        true)
        if [ -f $DF ]; then
          TEMPFILE=`mktemp` || exit 1
          sed $DF -e "s,^ *CRON_DAILY_RUN=.*,CRON_DAILY_RUN=\"yes\"," > $TEMPFILE
          mv -f $TEMPFILE $DF
          chmod 644 $DF
          rm -f $TEMPFILE
        fi
        ;;
        false)
        if [ -f $DF ]; then
          TEMPFILE=`mktemp` || exit 1
          sed $DF -e "s,^ *CRON_DAILY_RUN=.*,CRON_DAILY_RUN=\"no\"," > $TEMPFILE
          mv -f $TEMPFILE $DF
          chmod 644 $DF
          rm -f $TEMPFILE
        fi
        ;;
        *)
        ;;
    esac

    db_get rkhunter/apt_autogen || true
    case "$RET" in
         true)
           cat > $APT_CONF <<-EOF
	// Makes sure that rkhunter file properties database is updated after each remove or install only if hashes test is enabled
	DPkg::Post-Invoke { "if [ -x /usr/bin/rkhunter ] && ( ! grep -q -E '^DISABLE_TESTS=.*(hashes.*attributes|attributes.*hashes|properties)' /etc/rkhunter.conf || grep -q -E '^ENABLE_TESTS=.*(hashes|attributes|properties)' /etc/rkhunter.conf); then /usr/bin/rkhunter --propupd --nolog; fi" }
	EOF
        ;;
        false)
           rm -f $APT_CONF
        ;;
        *)
        ;;
    esac

	# If upgrading, make sure permissions are correctly set as previous
        # versions of the package (until 1.3.4-2) used to set them incorrectly
        if [ -n "$2" ]; then
            if dpkg --compare-versions $2 lt 1.3.4-2; then
                chmod 750 /var/lib/rkhunter/db
                chmod 750 /var/lib/rkhunter/tmp
                chmod 750 /var/lib/rkhunter/db/i18n
            fi
        fi

	# Copy the passwd/group files to the TMP directory
	# to avoid warnings when rkhunter is first run.
	# This is normally done by the installer script.
	RKH_TMP_DIR=$(grep '^TMPDIR' /etc/rkhunter.conf | sed 's/TMPDIR=//')
	[ -f $RKH_TMP_DIR/passwd ] || cp -p /etc/passwd $RKH_TMP_DIR >/dev/null 2>&1
	[ -f $RKH_TMP_DIR/group ] || cp -p /etc/group $RKH_TMP_DIR >/dev/null 2>&1


        # Only update the file properties database if the hashes and attributes
        # tests are not disabled either in /etc/rkhunter.conf AND if the automatic
        # database update is disabled in case of an upgrade (in order to avoid calling
        # --propupd twice (see #471389)

        # TODO: check what needs to be done on reconfigure
        # (note: debconf sets $DEBCONF_RECONFIGURE=1 when a package is reconfigured)

        # UPGRADE
        if [ -n "$2" ]; then
	    db_get rkhunter/apt_autogen || true
            if [ "$RET" = "false" ] && ! grep -q -E '^DISABLE_TESTS=.*(hashes.*attributes|attributes.*hashes|properties)' /etc/rkhunter.conf || \
                  grep -q -E '^ENABLE_TESTS=.*(hashes|attributes|properties)' /etc/rkhunter.conf; then
                  # Update the file properties database
                  /usr/bin/rkhunter --propupd --nolog || true
            fi

        # CLEAN INSTALL
        else
	    # These tests are enabled by default - just make sure the file properties database isn't created
	    # in case they are disabled by default in the future
            if ! grep -q -E '^DISABLE_TESTS=.*(hashes.*attributes|attributes.*hashes|properties)' /etc/rkhunter.conf || \
                  grep -q -E '^ENABLE_TESTS=.*(hashes|attributes|properties)' /etc/rkhunter.conf; then
                  # Create the file properties database
                  /usr/bin/rkhunter --propupd --nolog || true
            fi
        fi
    ;;

    triggered)
	/usr/bin/rkhunter --propupd --nolog || true
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)

    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0
