WebSVN – ALCASAR – Blame – /alcasar.sh

Rev	Author	Line No.	Line
672	richard	1	#!/bin/bash
57	franck	2	# $Id: alcasar.sh 1359 2014-05-23 16:15:57Z richard $
1	root	3
		4	# alcasar.sh
959	franck	5
1157	stephane	6	# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
		7	# Ce programme est un logiciel libre ; This software is free and open source
959	franck	8	# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence.
		9	# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ;
		10	# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE.
		11	# Voir la Licence Publique Générale GNU pour plus de détails.
		12
967	franck	13	# team@alcasar.net
959	franck	14
1	root	15	# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
		16	# This script is distributed under the Gnu General Public License (GPL)
		17
672	richard	18	# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
1007	richard	19	# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
1	root	20	# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
1007	richard	21	# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
672	richard	22	#
1342	richard	23	# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump
1	root	24
		25	# Options :
376	franck	26	# -i or --install
		27	# -u or --uninstall
1	root	28
376	franck	29	# Functions :
1221	richard	30	# testing : connectivity tests and downloading before intall
		31	# init : Installation of RPM and scripts
		32	# network : Network parameters
		33	# ACC : ALCASAR Control Center installation
		34	# CA : Certification Authority initialization
		35	# init_db : Initilization of radius database managed with MariaDB
		36	# param_radius : FreeRadius initialisation
		37	# param_web_radius : copy ans modifiy original "freeradius web" in ACC
		38	# param_chilli : coovachilli initialisation (+authentication page)
		39	# param_dansguardian : DansGuardian filtering HTTP proxy configuration
		40	# antivirus : HAVP + libclamav configuration
		41	# param_nfsen : Configuration du grapheur nfsen pour apache
1253	richard	42	# dnsmasq : Name server configuration
		43	# BL : BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
1266	richard	44	# cron : Logs export + watchdog + connexion statistics
1253	richard	45	# fail2ban : Fail2ban installation and configuration
1266	richard	46	# post_install : Security, log rotation, etc.
1349	richard	47	# gammu_smsd : Autoregister addon (gammu-smsd)
1	root	48
		49	DATE=`date '+%d %B %Y - %Hh%M'`
		50	DATE_SHORT=`date '+%d/%m/%Y'`
595	richard	51	Lang=`echo $LANG\|cut -c 1-2`
1	root	52	# ***** Files parameters - paramètres fichiers *******
1015	richard	53	DIR_INSTALL=`pwd` # current directory
		54	DIR_CONF="$DIR_INSTALL/conf" # install directory (with conf files)
		55	DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files)
		56	DIR_SAVE="/var/Save" # backup directory (system_backup, user_db_backup, logs)
		57	DIR_WEB="/var/www/html" # directory of APACHE
		58	DIR_DG="/etc/dansguardian" # directory of DansGuardian
		59	DIR_ACC="$DIR_WEB/acc" # directory of the 'ALCASAR Control Center'
		60	DIR_DEST_BIN="/usr/local/bin" # directory of ALCASAR scripts
		61	DIR_DEST_SBIN="/usr/local/sbin" # directory of ALCASAR admin scripts
		62	DIR_DEST_ETC="/usr/local/etc" # directory of ALCASAR conf files
		63	DIR_DEST_SHARE="/usr/local/share" # directory of share files used by ALCASAR (dnsmasq for instance)
		64	CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # central ALCASAR conf file
		65	PASSWD_FILE="/root/ALCASAR-passwords.txt" # text file with the passwords and shared secrets
1	root	66	# ***** DBMS parameters - paramètres SGBD ******
1243	richard	67	DB_RADIUS="radius" # database name used by FreeRadius server
		68	DB_USER="radius" # user name allows to request the users database
1349	richard	69	DB_GAMMU="gammu" # database name used by Gammu-smsd
1	root	70	# ***** Network parameters - paramètres réseau *****
1211	crox53	71	HOSTNAME="alcasar" #
1243	richard	72	DOMAIN="localdomain" # default local domain
1336	richard	73	EXTIF=`/sbin/ip route\|grep default\|cut -d" " -f5` # EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
		74	INTIF=`/sbin/ip link\|grep '^[[:digit:]]:'\|grep -v "lo\\|$EXTIF"\|cut -d" " -f2\|tr -d ":"` # INTIF is connected to the consultation network
1148	crox53	75	MTU="1500"
1157	stephane	76	ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
1243	richard	77	DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # Default ALCASAR IP address
1	root	78	# **** Paths - chemin des commandes *****
		79	SED="/bin/sed -i"
		80	# **************** End of global parameters *******************
		81
959	franck	82	license ()
		83	{
		84	if [ $Lang == "fr" ]
967	franck	85	then cat $DIR_INSTALL/gpl-3.0.fr.txt \| more
		86	else cat $DIR_INSTALL/gpl-3.0.txt \| more
959	franck	87	fi
975	franck	88	echo "Taper sur Entrée pour continuer !"
		89	echo "Enter to continue."
959	franck	90	read a
		91	}
		92
1	root	93	header_install ()
		94	{
		95	clear
		96	echo "-----------------------------------------------------------------------------"
460	richard	97	echo " ALCASAR V$VERSION Installation"
1	root	98	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
		99	echo "-----------------------------------------------------------------------------"
		100	} # End of header_install ()
		101
1174	crox53	102
1	root	103	##################################################################
1221	richard	104	## Function "testing" ##
1342	richard	105	## - Test of free space on /var (>10G) ##
1005	richard	106	## - Test of Internet access ##
29	richard	107	##################################################################
		108	testing ()
		109	{
1342	richard	110	free_space=`df -BG --output=avail /var\|tail -1\|tr -d [:space:]G`
		111	if [ $free_space -lt 10 ]
		112	then
		113	if [ $Lang == "fr" ]
		114	then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
		115	else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
		116	fi
		117	exit 0
		118	fi
		119	if [ $Lang == "fr" ]
784	richard	120	then echo -n "Tests des paramètres réseau : "
595	richard	121	else echo -n "Network parameters tests : "
		122	fi
1336	richard	123	# We test EXTIF config files
		124
784	richard	125	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF\|cut -d"=" -f2`
		126	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF\|cut -d"=" -f2`
		127	if [ `echo $PUBLIC_IP\|wc -c` -lt 7 ] \|\| [ `echo $PUBLIC_GATEWAY\|wc -c` -lt 7 ]
		128	then
		129	if [ $Lang == "fr" ]
		130	then
		131	echo "Échec"
		132	echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."
		133	echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
830	richard	134	echo "Appliquez les changements : 'service network restart'"
784	richard	135	else
		136	echo "Failed"
		137	echo "The Internet connected network card ($EXTIF) isn't well configured."
		138	echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
830	richard	139	echo "Apply the new configuration 'service network restart'"
784	richard	140	fi
830	richard	141	echo "DEVICE=$EXTIF"
784	richard	142	echo "IPADDR="
		143	echo "NETMASK="
		144	echo "GATEWAY="
		145	echo "DNS1="
		146	echo "DNS2="
830	richard	147	echo "ONBOOT=yes"
784	richard	148	exit 0
		149	fi
		150	echo -n "."
460	richard	151	# We test the Ethernet links state
29	richard	152	for i in $EXTIF $INTIF
		153	do
294	richard	154	/sbin/ip link set $i up
306	richard	155	sleep 3
1031	richard	156	CMD=`/usr/sbin/ethtool $i \|egrep 'Link detected'\| awk '{print $NF}'`
		157	CMD2=`/sbin/mii-tool $i \| grep link \| awk '{print $NF}'`
808	franck	158	if [ $CMD != "yes" ] && [ $CMD2 != "ok" ]
29	richard	159	then
595	richard	160	if [ $Lang == "fr" ]
		161	then
		162	echo "Échec"
		163	echo "Le lien réseau de la carte $i n'est pas actif."
		164	echo "Réglez ce problème puis relancez ce script."
		165	else
		166	echo "Failed"
		167	echo "The link state of $i interface id down."
		168	echo "Resolv this problem, then restart this script."
		169	fi
29	richard	170	exit 0
		171	fi
308	richard	172	echo -n "."
29	richard	173	done
		174	# On teste la présence d'un routeur par défaut (Box FAI)
784	richard	175	if [ `ip route list\|grep -c ^default` -ne "1" ] ; then
595	richard	176	if [ $Lang == "fr" ]
		177	then
		178	echo "Échec"
		179	echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."
		180	echo "Réglez ce problème puis relancez ce script."
		181	else
		182	echo "Failed"
		183	echo "You haven't configured Internet access or Internet link is on the wrong Ethernet card"
		184	echo "Resolv this problem, then restart this script."
		185	fi
29	richard	186	exit 0
		187	fi
308	richard	188	echo -n "."
978	franck	189	# On teste le lien vers le routeur par defaut
308	richard	190	IP_GW=`ip route list\|grep ^default\|cut -d" " -f3`
		191	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW\|grep response\|cut -d" " -f2`
527	richard	192	if [ $(expr $arp_reply) -eq 0 ]
308	richard	193	then
595	richard	194	if [ $Lang == "fr" ]
		195	then
		196	echo "Échec"
		197	echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
		198	echo "Réglez ce problème puis relancez ce script."
		199	else
		200	echo "Failed"
		201	echo "The Internet gateway doesn't answered"
		202	echo "Resolv this problem, then restart this script."
		203	fi
308	richard	204	exit 0
		205	fi
		206	echo -n "."
421	franck	207	# On teste la connectivité Internet
29	richard	208	rm -rf /tmp/con_ok.html
308	richard	209	/usr/bin/curl www.google.fr -s -o /tmp/con_ok.html
29	richard	210	if [ ! -e /tmp/con_ok.html ]
		211	then
595	richard	212	if [ $Lang == "fr" ]
		213	then
		214	echo "La tentative de connexion vers Internet a échoué (google.fr)."
		215	echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."
		216	echo "Vérifiez la validité des adresses IP des DNS."
		217	else
		218	echo "The Internet connection try failed (google.fr)."
		219	echo "Please, verify that the $EXTIF card is connected with the Internet gateway."
		220	echo "Verify the DNS IP addresses"
		221	fi
29	richard	222	exit 0
		223	fi
		224	rm -rf /tmp/con_ok.html
308	richard	225	echo ". : ok"
302	richard	226	} # end of testing
		227
		228	##################################################################
1221	richard	229	## Function "init" ##
302	richard	230	## - Création du fichier "/root/ALCASAR_parametres.txt" ##
		231	## - Installation et modification des scripts du portail ##
		232	##################################################################
		233	init ()
		234	{
527	richard	235	if [ "$mode" != "update" ]
302	richard	236	then
		237	# On affecte le nom d'organisme
597	richard	238	header_install
302	richard	239	ORGANISME=!
		240	PTN='^[a-zA-Z0-9-]*$'
580	richard	241	until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]
302	richard	242	do
595	richard	243	if [ $Lang == "fr" ]
597	richard	244	then echo -n "Entrez le nom de votre organisme : "
		245	else echo -n "Enter the name of your organism : "
595	richard	246	fi
330	franck	247	read ORGANISME
613	richard	248	if [ "$ORGANISME" == "" ]
330	franck	249	then
		250	ORGANISME=!
		251	fi
		252	done
302	richard	253	fi
1	root	254	# On crée aléatoirement les mots de passe et les secrets partagés
628	richard	255	rm -f $PASSWD_FILE
1350	richard	256	grubpwd=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
		257	echo -n "Password to protect the GRUB boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
628	richard	258	echo "$grubpwd" >> $PASSWD_FILE
1348	richard	259	md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`
384	richard	260	$SED "/^password.*/d" /boot/grub/menu.lst
		261	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
1350	richard	262	mysqlpwd=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
1003	richard	263	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE
628	richard	264	echo "root / $mysqlpwd" >> $PASSWD_FILE
1350	richard	265	radiuspwd=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
1003	richard	266	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE
628	richard	267	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
1350	richard	268	secretuam=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
628	richard	269	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
		270	echo "$secretuam" >> $PASSWD_FILE
1350	richard	271	secretradius=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
628	richard	272	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
		273	echo "$secretradius" >> $PASSWD_FILE
		274	chmod 640 $PASSWD_FILE
977	richard	275	# Scripts and conf files copy
		276	# - in /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
5	franck	277	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
977	richard	278	# - in /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
5	franck	279	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
977	richard	280	# - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}
648	richard	281	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
1	root	282	$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
		283	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
5	franck	284	$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
		285	$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
628	richard	286	# generate central conf file
		287	cat <<EOF > $CONF_FILE
612	richard	288	##########################################
		289	## ##
		290	## ALCASAR Parameters ##
		291	## ##
		292	##########################################
1	root	293
612	richard	294	INSTALL_DATE=$DATE
		295	VERSION=$VERSION
		296	ORGANISM=$ORGANISME
923	franck	297	DOMAIN=$DOMAIN
612	richard	298	EOF
628	richard	299	chmod o-rwx $CONF_FILE
1	root	300	} # End of init ()
		301
		302	##################################################################
1221	richard	303	## Function "network" ##
1	root	304	## - Définition du plan d'adressage du réseau de consultation ##
595	richard	305	## - Nommage DNS du système ##
1336	richard	306	## - Configuration de l'interface INTIF (réseau de consultation)##
1	root	307	## - Modification du fichier /etc/hosts ##
		308	## - Configuration du serveur de temps (NTP) ##
		309	## - Renseignement des fichiers hosts.allow et hosts.deny ##
		310	##################################################################
		311	network ()
		312	{
		313	header_install
636	richard	314	if [ "$mode" != "update" ]
		315	then
		316	if [ $Lang == "fr" ]
		317	then echo "Par défaut, l'adresse IP d'ALCASAR sur le réseau de consultation est : $DEFAULT_PRIVATE_IP_MASK"
		318	else echo "The default ALCASAR IP address on consultation network is : $DEFAULT_PRIVATE_IP_MASK"
		319	fi
		320	response=0
		321	PTN='^[oOyYnN]$'
		322	until [[ $(expr $response : $PTN) -gt 0 ]]
1	root	323	do
595	richard	324	if [ $Lang == "fr" ]
659	richard	325	then echo -n "Voulez-vous utiliser cette adresse et ce plan d'adressage (recommandé) (O/n)? : "
618	richard	326	else echo -n "Do you want to use this IP address and this IP addressing plan (recommanded) (Y/n)? : "
595	richard	327	fi
1	root	328	read response
		329	done
636	richard	330	if [ "$response" = "n" ] \|\| [ "$response" = "N" ]
		331	then
		332	PRIVATE_IP_MASK="0"
		333	PTN='^$[01]\?[[:digit:]][[:digit:]]\?\\|2[0-4][[:digit:]]\\|25[0-5]$.$[01]\?[[:digit:]][[:digit:]]\?\\|2[0-4][[:digit:]]\\|25[0-5]$.$[01]\?[[:digit:]][[:digit:]]\?\\|2[0-4][[:digit:]]\\|25[0-5]$.$[01]\?[[:digit:]][[:digit:]]\?\\|2[0-4][[:digit:]]\\|25[0-5]$/[012]\?[[:digit:]]$'
		334	until [[ $(expr $PRIVATE_IP_MASK : $PTN) -gt 0 ]]
1	root	335	do
595	richard	336	if [ $Lang == "fr" ]
597	richard	337	then echo -n "Entrez l'adresse IP d'ALCASAR au format CIDR (a.b.c.d/xx) : "
		338	else echo -n "Enter ALCASAR IP address in CIDR format (a.b.c.d/xx) : "
595	richard	339	fi
597	richard	340	read PRIVATE_IP_MASK
1	root	341	done
636	richard	342	else
		343	PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
		344	fi
595	richard	345	else
637	richard	346	PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf\|cut -d"=" -f2`
		347	rm -rf conf/etc/alcasar.conf
1	root	348	fi
861	richard	349	# Define LAN side global parameters
1243	richard	350	hostname $HOSTNAME.$DOMAIN
		351	echo $HOSTNAME.$DOMAIN > /etc/hostname
977	richard	352	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK \| cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
		353	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK \| cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)
		354	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)
		355	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK \|cut -d"=" -f2` # network prefix (ie. 24)
		356	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24
		357	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C
		358	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK \| cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
		359	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK \| cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255)
		360	private_network_ending=`echo $PRIVATE_NETWORK \| cut -d"." -f$classe_sup` # last octet of LAN address
		361	private_broadcast_ending=`echo $PRIVATE_BROADCAST \| cut -d"." -f$classe_sup` # last octet of LAN broadcast
837	richard	362	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK \| cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1)
977	richard	363	PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK \| cut -d"." -f1-3`"."`expr $private_network_ending + 2` # second network address (ex.: 192.168.182.2)
837	richard	364	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST \| cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254)
1336	richard	365	PRIVATE_MAC=`/sbin/ip link show $INTIF \| grep ether \| cut -d" " -f6` # MAC address of INTIF
841	richard	366	# Define Internet parameters
14	richard	367	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] \|\| cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
		368	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF\|cut -d"=" -f2` # @ip 1er DNS
		369	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF\|cut -d"=" -f2` # @ip 2ème DNS
70	franck	370	DNS1=${DNS1:=208.67.220.220}
		371	DNS2=${DNS2:=208.67.222.222}
597	richard	372	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF\|cut -d"=" -f2`
1052	richard	373	DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP \| cut -d"=" -f2`
784	richard	374	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
1052	richard	375	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK\|cut -d"=" -f2`
1069	richard	376	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX\|cut -d"=" -f2`
765	stephane	377	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
994	franck	378	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
628	richard	379	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
		380	echo "DNS1=$DNS1" >> $CONF_FILE
		381	echo "DNS2=$DNS2" >> $CONF_FILE
		382	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
941	richard	383	echo "DHCP=full" >> $CONF_FILE
914	franck	384	echo "EXT_DHCP_IP=none" >> $CONF_FILE
		385	echo "RELAY_DHCP_IP=none" >> $CONF_FILE
		386	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
597	richard	387	[ -e /etc/sysconfig/network.default ] \|\| cp /etc/sysconfig/network /etc/sysconfig/network.default
841	richard	388	# config network
1	root	389	cat <<EOF > /etc/sysconfig/network
		390	NETWORKING=yes
1243	richard	391	HOSTNAME="$HOSTNAME.$DOMAIN"
1	root	392	FORWARD_IPV4=true
		393	EOF
841	richard	394	# config /etc/hosts
1	root	395	[ -e /etc/hosts.default ] \|\| cp /etc/hosts /etc/hosts.default
		396	cat <<EOF > /etc/hosts
503	richard	397	127.0.0.1 localhost
1353	richard	398	$PRIVATE_IP $HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME
1	root	399	EOF
1336	richard	400	# Config EXTIF (Internet)
14	richard	401	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
		402	DEVICE=$EXTIF
		403	BOOTPROTO=static
597	richard	404	IPADDR=$PUBLIC_IP
		405	NETMASK=$PUBLIC_NETMASK
		406	GATEWAY=$PUBLIC_GATEWAY
14	richard	407	DNS1=127.0.0.1
		408	ONBOOT=yes
		409	METRIC=10
		410	NOZEROCONF=yes
		411	MII_NOT_SUPPORTED=yes
		412	IPV6INIT=no
		413	IPV6TO4INIT=no
		414	ACCOUNTING=no
		415	USERCTL=no
994	franck	416	MTU=$MTU
14	richard	417	EOF
1336	richard	418	# Config INTIF (consultation LAN) in normal mode
841	richard	419	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
		420	DEVICE=$INTIF
		421	BOOTPROTO=static
		422	ONBOOT=yes
		423	NOZEROCONF=yes
		424	MII_NOT_SUPPORTED=yes
		425	IPV6INIT=no
		426	IPV6TO4INIT=no
		427	ACCOUNTING=no
		428	USERCTL=no
1157	stephane	429	ETHTOOL_OPTS=$ETHTOOL_OPTS
841	richard	430	EOF
1336	richard	431	# Config of INTIF in bypass mode (see "alcasar-bypass.sh")
793	richard	432	cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
1	root	433	DEVICE=$INTIF
		434	BOOTPROTO=static
		435	IPADDR=$PRIVATE_IP
604	richard	436	NETMASK=$PRIVATE_NETMASK
1	root	437	ONBOOT=yes
		438	METRIC=10
		439	NOZEROCONF=yes
		440	MII_NOT_SUPPORTED=yes
14	richard	441	IPV6INIT=no
		442	IPV6TO4INIT=no
		443	ACCOUNTING=no
		444	USERCTL=no
1	root	445	EOF
440	franck	446	# Mise à l'heure du serveur
		447	[ -e /etc/ntp/step-tickers.default ] \|\| cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
		448	cat <<EOF > /etc/ntp/step-tickers
455	franck	449	0.fr.pool.ntp.org # adapt to your country
		450	1.fr.pool.ntp.org
		451	2.fr.pool.ntp.org
440	franck	452	EOF
		453	# Configuration du serveur de temps (sur lui même)
1	root	454	[ -e /etc/ntp.conf.default ] \|\| cp /etc/ntp.conf /etc/ntp.conf.default
		455	cat <<EOF > /etc/ntp.conf
456	franck	456	server 0.fr.pool.ntp.org # adapt to your country
447	franck	457	server 1.fr.pool.ntp.org
		458	server 2.fr.pool.ntp.org
		459	server 127.127.1.0 # local clock si NTP internet indisponible ...
411	richard	460	fudge 127.127.1.0 stratum 10
604	richard	461	restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap
1	root	462	restrict 127.0.0.1
310	richard	463	driftfile /var/lib/ntp/drift
1	root	464	logfile /var/log/ntp.log
		465	EOF
440	franck	466
310	richard	467	chown -R ntp:ntp /var/lib/ntp
1	root	468	# Renseignement des fichiers hosts.allow et hosts.deny
		469	[ -e /etc/hosts.allow.default ] \|\| cp /etc/hosts.allow /etc/hosts.allow.default
		470	cat <<EOF > /etc/hosts.allow
		471	ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
604	richard	472	sshd: ALL
1	root	473	ntpd: $PRIVATE_NETWORK_SHORT
		474	EOF
		475	[ -e /etc/host.deny.default ] \|\| cp /etc/hosts.deny /etc/hosts.deny.default
		476	cat <<EOF > /etc/hosts.deny
		477	ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" \| /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
		478	EOF
604	richard	479	# Firewall config
790	richard	480	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
		481	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
		482	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
860	richard	483	# create the filter exception file and ip_bloqued file
790	richard	484	touch $DIR_DEST_ETC/alcasar-filter-exceptions
860	richard	485	# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
1069	richard	486	echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
790	richard	487	# load conntrack ftp module
		488	[ -e /etc/modprobe.preload.default ] \|\| cp /etc/modprobe.preload /etc/modprobe.preload.default
		489	echo "ip_conntrack_ftp" >> /etc/modprobe.preload
1159	crox53	490	# load ipt_NETFLOW module
		491	echo "ipt_NETFLOW" >> /etc/modprobe.preload
1157	stephane	492	#
860	richard	493	# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
1	root	494	} # End of network ()
		495
		496	##################################################################
1221	richard	497	## Function "ACC" ##
		498	## - installation du centre de gestion (ALCASAR Control Center) ##
1	root	499	## - configuration du serveur web (Apache) ##
		500	## - définition du 1er comptes de gestion ##
		501	## - sécurisation des accès ##
		502	##################################################################
1221	richard	503	ACC ()
1	root	504	{
		505	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
		506	mkdir $DIR_WEB
		507	# Copie et configuration des fichiers du centre de gestion
316	richard	508	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
972	richard	509	echo "$VERSION" > $DIR_WEB/VERSION
316	richard	510	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
		511	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
		512	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
		513	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
		514	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
5	franck	515	chown -R apache:apache $DIR_WEB/*
1342	richard	516	for i in system_backup base logs/firewall logs/httpd logs/security;
1	root	517	do
		518	[ -d $DIR_SAVE/$i ] \|\| mkdir -p $DIR_SAVE/$i
		519	done
5	franck	520	chown -R root:apache $DIR_SAVE
71	richard	521	# Configuration et sécurisation php
		522	[ -e /etc/php.ini.default ] \|\| cp /etc/php.ini /etc/php.ini.default
534	richard	523	timezone=`cat /etc/sysconfig/clock\|grep ZONE\|cut -d"=" -f2`
		524	$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
411	richard	525	$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
		526	$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
71	richard	527	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
		528	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
		529	# Configuration et sécurisation Apache
790	richard	530	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
1	root	531	[ -e /etc/httpd/conf/httpd.conf.default ] \|\| cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
1243	richard	532	$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf
303	richard	533	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
1	root	534	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
		535	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
		536	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
790	richard	537	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf
		538	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
		539	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
		540	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
		541	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
		542	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
990	franck	543	$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
1359	richard	544	[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] \|\| cp /etc/httpd/conf/conf.d/ssl.conf /etc/httpd/conf/conf.d/ssl.conf.default
		545	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" /etc/httpd/conf/conf.d/ssl.conf # Listen only on INTIF
		546	[ -e /usr/share/httpd/error/include/top.html.default ] \|\| cp /usr/share/httpd/error/include/top.html /usr/share/httpd/error/include/top.html.default
		547	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /usr/share/httpd/error/include/top.html
		548	[ -e /usr/share/httpd/error/include/bottom.html.default ] \|\| cp /usr/share/httpd/error/include/bottom.html /usr/share/httpd/error/include/bottom.html.default
		549	cat <<EOF > /usr/share/httpd/error/include/bottom.html
1	root	550	</body>
		551	</html>
		552	EOF
		553	# Définition du premier compte lié au profil 'admin'
509	richard	554	header_install
510	richard	555	if [ "$mode" = "install" ]
		556	then
613	richard	557	admin_portal=!
		558	PTN='^[a-zA-Z0-9-]*$'
		559	until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
		560	do
		561	header_install
		562	if [ $Lang == "fr" ]
		563	then
		564	echo ""
		565	echo "Définissez un premier compte d'administration du portail :"
		566	echo
		567	echo -n "Nom : "
		568	else
		569	echo ""
		570	echo "Define the first account allow to administrate the portal :"
		571	echo
		572	echo -n "Account : "
		573	fi
		574	read admin_portal
		575	if [ "$admin_portal" == "" ]
		576	then
		577	admin_portal=!
		578	fi
		579	done
1268	richard	580	# Creation of keys file for the admin account ("admin")
510	richard	581	[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
		582	mkdir -p $DIR_DEST_ETC/digest
		583	chmod 755 $DIR_DEST_ETC/digest
		584	until [ -s $DIR_DEST_ETC/digest/key_admin ]
		585	do
1350	richard	586	/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
510	richard	587	done
		588	$DIR_DEST_SBIN/alcasar-profil.sh --list
		589	fi
434	richard	590	# synchronisation horaire
		591	ntpd -q -g &
1	root	592	# Sécurisation du centre
988	franck	593	rm -f /etc/httpd/conf/webapps.d/alcasar*
1	root	594	cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
316	richard	595	<Directory $DIR_ACC>
1	root	596	SSLRequireSSL
		597	AllowOverride None
		598	Order deny,allow
		599	Deny from all
		600	Allow from 127.0.0.1
		601	Allow from $PRIVATE_NETWORK_MASK
990	franck	602	# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
1	root	603	require valid-user
		604	AuthType digest
1243	richard	605	AuthName $HOSTNAME.$DOMAIN
1	root	606	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
434	richard	607	AuthUserFile $DIR_DEST_ETC/digest/key_all
1243	richard	608	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
1	root	609	</Directory>
316	richard	610	<Directory $DIR_ACC/admin>
1	root	611	SSLRequireSSL
		612	AllowOverride None
		613	Order deny,allow
		614	Deny from all
		615	Allow from 127.0.0.1
		616	Allow from $PRIVATE_NETWORK_MASK
990	franck	617	# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
1	root	618	require valid-user
		619	AuthType digest
1243	richard	620	AuthName $HOSTNAME.$DOMAIN
1	root	621	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
434	richard	622	AuthUserFile $DIR_DEST_ETC/digest/key_admin
1243	richard	623	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
1	root	624	</Directory>
344	richard	625	<Directory $DIR_ACC/manager>
1	root	626	SSLRequireSSL
		627	AllowOverride None
		628	Order deny,allow
		629	Deny from all
		630	Allow from 127.0.0.1
		631	Allow from $PRIVATE_NETWORK_MASK
990	franck	632	# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
1	root	633	require valid-user
		634	AuthType digest
1243	richard	635	AuthName $HOSTNAME.$DOMAIN
1	root	636	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
434	richard	637	AuthUserFile $DIR_DEST_ETC/digest/key_manager
1243	richard	638	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
1	root	639	</Directory>
316	richard	640	<Directory $DIR_ACC/backup>
		641	SSLRequireSSL
		642	AllowOverride None
		643	Order deny,allow
		644	Deny from all
		645	Allow from 127.0.0.1
		646	Allow from $PRIVATE_NETWORK_MASK
990	franck	647	# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
316	richard	648	require valid-user
		649	AuthType digest
1243	richard	650	AuthName $HOSTNAME.$DOMAIN
316	richard	651	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
434	richard	652	AuthUserFile $DIR_DEST_ETC/digest/key_backup
1243	richard	653	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
316	richard	654	</Directory>
811	richard	655	Alias /save/ "$DIR_SAVE/"
		656	<Directory $DIR_SAVE>
		657	SSLRequireSSL
		658	Options Indexes
		659	Order deny,allow
		660	Deny from all
		661	Allow from 127.0.0.1
		662	Allow from $PRIVATE_NETWORK_MASK
990	franck	663	# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
811	richard	664	require valid-user
		665	AuthType digest
1243	richard	666	AuthName $HOSTNAME.$DOMAIN
811	richard	667	AuthUserFile $DIR_DEST_ETC/digest/key_backup
1243	richard	668	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
811	richard	669	</Directory>
1	root	670	EOF
1221	richard	671	} # End of ACC()
1	root	672
		673	##########################################################################################
1221	richard	674	## Fonction "CA" ##
1	root	675	## - Création d'une Autorité de Certification et du certificat serveur pour apache ##
		676	##########################################################################################
1221	richard	677	CA ()
1	root	678	{
		679	$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
510	richard	680	$DIR_DEST_BIN/alcasar-CA.sh
800	richard	681	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
303	richard	682	[ -e /etc/httpd/conf/vhosts-ssl.default ] \|\| cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
		683	$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
		684	$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
679	richard	685	$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
5	franck	686	chown -R root:apache /etc/pki
1	root	687	chmod -R 750 /etc/pki
1221	richard	688	} # End CA ()
1	root	689
		690	##########################################################################################
1221	richard	691	## Fonction "init_db" ##
1	root	692	## - Initialisation de la base Mysql ##
		693	## - Affectation du mot de passe de l'administrateur (root) ##
		694	## - Suppression des bases et des utilisateurs superflus ##
		695	## - Création de la base 'radius' ##
		696	## - Installation du schéma de cette base ##
		697	## - Import des tables de comptabilité (mtotacct, totacct) et info_usagers (userinfo) ##
		698	## ces table proviennent de 'dialupadmin' (paquetage freeradius-web) ##
		699	##########################################################################################
		700	init_db ()
		701	{
1355	richard	702	rm -rf /var/lib/mysql # to be sure that there is no former installation
1	root	703	[ -e /etc/my.cnf.default ] \|\| cp /etc/my.cnf /etc/my.cnf.default
		704	$SED "s?^#bind-address.*?bind-address=127.0.0.1?g" /etc/my.cnf
1355	richard	705	$SED "s?^tmpdir.*?tmpdir=/tmp?g" /etc/my.cnf
1353	richard	706	systemctl start mysqld.service
1	root	707	sleep 4
		708	mysqladmin -u root password $mysqlpwd
		709	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
1355	richard	710	# Secure the server
		711	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
		712	$MYSQL="CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"
615	richard	713	# Create 'radius' database
1317	richard	714	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
615	richard	715	# Add an empty radius database structure
364	franck	716	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
615	richard	717	# modify the start script in order to close accounting connexion when the system is comming down or up
1357	richard	718	[ -e /lib/systemd/system/mysqld.service.default ] \|\| cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default
		719	$SED "/ExecStartPost=/a ExecStartPost=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
1355	richard	720	$SED "/ExecStartPost=/a ExecStop=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
		721	systemctl daemon-reload
1	root	722	} # End init_db ()
		723
		724	##########################################################################
1221	richard	725	## Fonction "param_radius" ##
1	root	726	## - Paramètrage des fichiers de configuration FreeRadius ##
		727	## - Affectation du secret partagé entre coova-chilli et freeradius ##
		728	## - Modification de fichier de conf pour l'accès à Mysql ##
		729	##########################################################################
		730	param_radius ()
		731	{
		732	cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
		733	chown -R radius:radius /etc/raddb
		734	[ -e /etc/raddb/radiusd.conf.default ] \|\| cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
1278	richard	735	# Set radius.conf parameters
1	root	736	$SED "s?^[\t ]#[\t ]user =.*?user = radius?g" /etc/raddb/radiusd.conf
		737	$SED "s?^[\t ]#[\t ]group =.*?group = radius?g" /etc/raddb/radiusd.conf
		738	$SED "s?^[\t ]status_server =.?status_server = no?g" /etc/raddb/radiusd.conf
1278	richard	739	# remove the proxy function
1	root	740	$SED "s?^[\t ]proxy_requests.?proxy_requests = no?g" /etc/raddb/radiusd.conf
		741	$SED "s?^[\t ]\$INCLUDE proxy.conf.?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
1278	richard	742	# remove EAP module
654	richard	743	$SED "s?^[\t ]\$INCLUDE eap.conf.?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
1278	richard	744	# listen on loopback (should be modified later if EAP enabled)
1	root	745	$SED "s?^[\t ]ipaddr =.?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
1278	richard	746	# enable the SQL module (and SQL counter)
1	root	747	$SED "s?^[\t ]#[\t ]\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
		748	$SED "s?^[\t ]#[\t ]\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
		749	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
1278	richard	750	# remvove virtual server and copy our conf file
1	root	751	rm -f /etc/raddb/sites-enabled/*
1278	richard	752	cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
1	root	753	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
		754	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
		755	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
		756	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
384	richard	757	# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
1	root	758	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
1278	richard	759	# client.conf configuration (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
1	root	760	[ -e /etc/raddb/clients.conf.default ] \|\| cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
		761	cat << EOF > /etc/raddb/clients.conf
		762	client 127.0.0.1 {
		763	secret = $secretradius
		764	shortname = localhost
		765	}
		766	EOF
1278	richard	767	# sql.conf modification
1	root	768	[ -e /etc/raddb/sql.conf.default ] \|\| cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
		769	$SED "s?^[\t ]login =.?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
		770	$SED "s?^[\t ]password =.?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
		771	$SED "s?^[\t ]radius_db =.?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
		772	$SED "s?^[\t ]sqltrace =.?sqltrace = no?g" /etc/raddb/sql.conf
1278	richard	773	# dialup.conf modification (case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.)
1	root	774	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] \|\| cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
1278	richard	775	cp -f $DIR_CONF/radius/dialup.conf /etc/raddb/sql/mysql/dialup.conf
		776	# counter.conf modification (change the Max-All-Session-Time counter)
		777	[ -e /etc/raddb/sql/mysql/counter.conf.default ] \|\| cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
		778	cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
		779	chown -R radius:radius /etc/raddb/sql/mysql/*
1358	richard	780	# make certain that mysql is up before radius start
		781	[ -e /lib/systemd/system/radiusd.service.default ] \|\| cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
		782	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
		783	systemctl daemon-reload
1	root	784	} # End param_radius ()
		785
		786	##########################################################################
1221	richard	787	## Function "param_web_radius" ##
1	root	788	## - Import, modification et paramètrage de l'interface "dialupadmin" ##
		789	## - Création du lien vers la page de changement de mot de passe ##
		790	##########################################################################
		791	param_web_radius ()
		792	{
		793	# copie de l'interface d'origine dans la structure Alcasar
316	richard	794	[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/
		795	rm -f $DIR_ACC/manager/index.html $DIR_ACC/manager/readme
		796	rm -f $DIR_ACC/manager/htdocs/about.html $DIR_ACC/manager/htdocs/index.html $DIR_ACC/manager/htdocs/content.html
344	richard	797	# copie des fichiers modifiés
		798	cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/
316	richard	799	chown -R apache:apache $DIR_ACC/manager/
344	richard	800	# Modification des fichiers de configuration
1	root	801	[ -e /etc/freeradius-web/admin.conf.default ] \|\| cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
503	richard	802	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf
1	root	803	$SED "s?^sql_username:.*?sql_username: $DB_USER?g" /etc/freeradius-web/admin.conf
		804	$SED "s?^sql_password:.*?sql_password: $radiuspwd?g" /etc/freeradius-web/admin.conf
		805	$SED "s?^sql_debug:.*?sql_debug: false?g" /etc/freeradius-web/admin.conf
		806	$SED "s?^sql_usergroup_table: .*?sql_usergroup_table: radusergroup?g" /etc/freeradius-web/admin.conf
		807	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
		808	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
		809	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
946	richard	810	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
344	richard	811	[ -e /etc/freeradius-web/config.php.default ] \|\| cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
1278	richard	812	cp -f $DIR_CONF/radius/freeradiusweb-config.php /etc/freeradius-web/config.php
131	richard	813	cat <<EOF > /etc/freeradius-web/naslist.conf
632	richard	814	nas1_name: alcasar-$ORGANISME
1	root	815	nas1_model: Portail captif
		816	nas1_ip: $PRIVATE_IP
		817	nas1_port_num: 0
		818	nas1_community: public
		819	EOF
		820	# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
		821	[ -e /etc/freeradius-web/user_edit.attrs.default ] \|\| mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
1278	richard	822	cp -f $DIR_CONF/radius/user_edit.attrs /etc/freeradius-web/user_edit.attrs
114	richard	823	# Ajout du mappage des attributs chillispot
		824	[ -e /etc/freeradius-web/sql.attrmap.default ] \|\| mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
1278	richard	825	cp -f $DIR_CONF/radius/sql.attrmap /etc/freeradius-web/sql.attrmap
1	root	826	# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
1278	richard	827	[ -e /etc/freeradius-web/sql.attrs.default ] \|\| cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/sql.attrs.default
1	root	828	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
		829	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
5	franck	830	chown -R apache:apache /etc/freeradius-web
1	root	831	# Ajout de l'alias vers la page de "changement de mot de passe usager"
		832	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
344	richard	833	<Directory $DIR_WEB/pass>
1	root	834	SSLRequireSSL
		835	AllowOverride None
		836	Order deny,allow
		837	Deny from all
		838	Allow from 127.0.0.1
		839	Allow from $PRIVATE_NETWORK_MASK
1243	richard	840	ErrorDocument 404 https://$HOSTNAME.$DOMAIN
1	root	841	</Directory>
		842	EOF
		843	} # End of param_web_radius ()
		844
799	richard	845	##################################################################################
1221	richard	846	## Fonction "param_chilli" ##
799	richard	847	## - Création du fichier d'initialisation et de configuration de coova-chilli ##
		848	## - Paramètrage de la page d'authentification (intercept.php) ##
		849	##################################################################################
1	root	850	param_chilli ()
		851	{
799	richard	852	# init file creation
461	richard	853	[ -e /etc/init.d/chilli.default ] \|\| cp /etc/init.d/chilli /etc/init.d/chilli.default
799	richard	854	cat <<EOF > /etc/init.d/chilli
		855	#!/bin/sh
		856	#
		857	# chilli CoovaChilli init
		858	#
		859	# chkconfig: 2345 65 35
		860	# description: CoovaChilli
		861	### BEGIN INIT INFO
		862	# Provides: chilli
		863	# Required-Start: network
		864	# Should-Start:
		865	# Required-Stop: network
		866	# Should-Stop:
		867	# Default-Start: 2 3 5
		868	# Default-Stop:
		869	# Description: CoovaChilli access controller
		870	### END INIT INFO
		871
		872	[ -f /usr/sbin/chilli ] \|\| exit 0
		873	. /etc/init.d/functions
		874	CONFIG=/etc/chilli.conf
		875	pidfile=/var/run/chilli.pid
		876	[ -f \$CONFIG ] \|\| {
		877	echo "\$CONFIG Not found"
		878	exit 0
		879	}
		880	RETVAL=0
		881	prog="chilli"
		882	case \$1 in
		883	start)
		884	if [ -f \$pidfile ] ; then
		885	gprintf "chilli is already running"
		886	else
		887	gprintf "Starting \$prog: "
		888	rm -f /var/run/chilli* # cleaning
		889	/sbin/modprobe tun >/dev/null 2>&1
		890	echo 1 > /proc/sys/net/ipv4/ip_forward
		891	[ -e /dev/net/tun ] \|\| {
		892	(cd /dev;
		893	mkdir net;
		894	cd net;
		895	mknod tun c 10 200)
		896	}
1336	richard	897	ifconfig $INTIF 0.0.0.0
799	richard	898	daemon /usr/sbin/chilli -c \$CONFIG --pidfile=\$pidfile &
		899	RETVAL=$?
		900	fi
		901	;;
		902
		903	reload)
		904	killall -HUP chilli
		905	;;
		906
		907	restart)
		908	\$0 stop
		909	sleep 2
		910	\$0 start
		911	;;
		912
		913	status)
		914	status chilli
		915	RETVAL=0
		916	;;
		917
		918	stop)
		919	if [ -f \$pidfile ] ; then
		920	gprintf "Shutting down \$prog: "
		921	killproc /usr/sbin/chilli
		922	RETVAL=\$?
		923	[ \$RETVAL = 0 ] && rm -f $pidfile
		924	else
		925	gprintf "chilli is not running"
		926	fi
		927	;;
		928
		929	*)
		930	echo "Usage: \$0 {start\|stop\|restart\|reload\|status}"
		931	exit 1
		932	esac
		933	echo
		934	EOF
		935
		936	# conf file creation
346	richard	937	[ -e /etc/chilli.conf.default ] \|\| cp /etc/chilli.conf /etc/chilli.conf.default
		938	cat <<EOF > /etc/chilli.conf
		939	# coova config for ALCASAR
		940	cmdsocket /var/run/chilli.sock
1336	richard	941	unixipc chilli.$INTIF.ipc
		942	pidfile /var/run/chilli.$INTIF.pid
346	richard	943	net $PRIVATE_NETWORK_MASK
595	richard	944	dhcpif $INTIF
841	richard	945	ethers $DIR_DEST_ETC/alcasar-ethers
861	richard	946	#nodynip
865	richard	947	#statip
		948	dynip $PRIVATE_NETWORK_MASK
1249	richard	949	domain $DOMAIN
355	richard	950	dns1 $PRIVATE_IP
		951	dns2 $PRIVATE_IP
346	richard	952	uamlisten $PRIVATE_IP
503	richard	953	uamport 3990
837	richard	954	macauth
		955	macpasswd password
1243	richard	956	locationname $HOSTNAME.$DOMAIN
346	richard	957	radiusserver1 127.0.0.1
		958	radiusserver2 127.0.0.1
		959	radiussecret $secretradius
		960	radiusauthport 1812
		961	radiusacctport 1813
1243	richard	962	uamserver https://$HOSTNAME.$DOMAIN/intercept.php
		963	radiusnasid $HOSTNAME.$DOMAIN
346	richard	964	uamsecret $secretuam
1249	richard	965	uamallowed $HOSTNAME,$HOSTNAME.$DOMAIN
346	richard	966	coaport 3799
1299	richard	967	#conup $DIR_DEST_BIN/alcasar-conup.sh
		968	#condown $DIR_DEST_BIN/alcasar-condown.sh
503	richard	969	include $DIR_DEST_ETC/alcasar-uamallowed
		970	include $DIR_DEST_ETC/alcasar-uamdomain
1294	richard	971	#dhcpgateway
1157	stephane	972	#dhcprelayagent
		973	#dhcpgatewayport
346	richard	974	EOF
1336	richard	975	# create file for DHCP static ip. Reserve the second IP address for INTIF (the first one is for tun0)
977	richard	976	echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
840	richard	977	# create files for trusted domains and urls
1148	crox53	978	touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
503	richard	979	chown root:apache $DIR_DEST_ETC/alcasar-*
		980	chmod 660 $DIR_DEST_ETC/alcasar-*
847	richard	981	# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)
526	stephane	982	$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
		983	$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
796	richard	984	# user 'chilli' creation (in order to run conup/off and up/down scripts
		985	chilli_exist=`grep chilli /etc/passwd\|wc -l`
		986	if [ "$chilli_exist" == "1" ]
		987	then
		988	userdel -r chilli 2>/dev/null
		989	fi
		990	groupadd -f chilli
		991	useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
1	root	992	} # End of param_chilli ()
1349	richard	993
1	root	994	##################################################################
1221	richard	995	## Fonction "param_dansguardian" ##
1	root	996	## - Paramètrage du gestionnaire de contenu Dansguardian ##
		997	##################################################################
		998	param_dansguardian ()
		999	{
		1000	mkdir /var/dansguardian
		1001	chown dansguardian /var/dansguardian
497	richard	1002	[ -e $DIR_DG/dansguardian.conf.default ] \|\| cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1293	richard	1003	# By default the filter is off
497	richard	1004	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
1293	richard	1005	# French deny HTML page
497	richard	1006	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
1293	richard	1007	# Listen only on LAN side
497	richard	1008	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
1342	richard	1009	# DG send its flow to HAVP
		1010	$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
1293	richard	1011	# replace the default deny HTML page
1	root	1012	cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
		1013	cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1293	richard	1014	# Don't log
		1015	$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/dansguardian.conf
		1016	# Run 10 daemons (20 in largest server)
659	richard	1017	$SED "s?^minchildren =.*?minchildren = 10?g" $DIR_DG/dansguardian.conf
1	root	1018	# on désactive par défaut le controle de contenu des pages html
497	richard	1019	$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
		1020	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
		1021	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
1	root	1022	# on désactive par défaut le contrôle d'URL par expressions régulières
497	richard	1023	cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
		1024	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
1	root	1025	# on désactive par défaut le contrôle de téléchargement de fichiers
497	richard	1026	[ -e $DIR_DG/dansguardianf1.conf.default ] \|\| cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
		1027	$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
		1028	[ -e $DIR_DG/lists/bannedextensionlist.default ] \|\| mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
		1029	[ -e $DIR_DG/lists/bannedmimetypelist.default ] \|\| mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
		1030	touch $DIR_DG/lists/bannedextensionlist
		1031	touch $DIR_DG/lists/bannedmimetypelist
		1032	# 'Safesearch' regex actualisation
498	richard	1033	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
497	richard	1034	# empty LAN IP list that won't be WEB filtered
		1035	[ -e $DIR_DG/lists/exceptioniplist.default ] \|\| mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
		1036	touch $DIR_DG/lists/exceptioniplist
		1037	# Keep a copy of URL & domain filter configuration files
		1038	[ -e $DIR_DG/lists/bannedsitelist.default ] \|\| mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
		1039	[ -e $DIR_DG/lists/bannedurllist.default ] \|\| mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
1	root	1040	} # End of param_dansguardian ()
		1041
71	richard	1042	##################################################################
1221	richard	1043	## Fonction "antivirus" ##
1357	richard	1044	## - configuration of havp, libclamav and freshclam ##
71	richard	1045	##################################################################
		1046	antivirus ()
		1047	{
1358	richard	1048	# create 'havp' user
288	richard	1049	havp_exist=`grep havp /etc/passwd\|wc -l`
307	richard	1050	if [ "$havp_exist" == "1" ]
288	richard	1051	then
478	richard	1052	userdel -r havp 2>/dev/null
894	richard	1053	groupdel havp 2>/dev/null
288	richard	1054	fi
307	richard	1055	groupadd -f havp
796	richard	1056	useradd -r -g havp -s /bin/false -c "system user for havp" havp
476	richard	1057	mkdir -p /var/tmp/havp /var/log/havp
		1058	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
109	richard	1059	[ -e /etc/havp/havp.config.default ] \|\| cp /etc/havp/havp.config /etc/havp/havp.config.default
		1060	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
631	richard	1061	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
		1062	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
990	franck	1063	$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config # Log format
631	richard	1064	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
		1065	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
659	richard	1066	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
835	richard	1067	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
		1068	$SED "s?^# SKIPMIME.?SKIPMIME image\/\ video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
1007	richard	1069	# skip checking of youtube flow (too heavy load / risk too low)
		1070	[ -e /etc/havp/whitelist.default ] \|\| cp /etc/havp/whitelist /etc/havp/whitelist.default
		1071	echo "# Whitelist youtube flow" >> /etc/havp/whitelist
		1072	echo ".youtube.com/" >> /etc/havp/whitelist
1358	richard	1073	# replacement of init script
335	richard	1074	[ -e /etc/init.d/havp.default ] \|\| cp /etc/init.d/havp /etc/init.d/havp.default
481	franck	1075	cp -f $DIR_CONF/havp-init /etc/init.d/havp
1358	richard	1076	# replace of the intercept page (template)
340	richard	1077	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
		1078	cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
1358	richard	1079	# update virus database every 4 hours (24h/6)
1357	richard	1080	[ -e /etc/freshclam.conf.default ] \|\| cp /etc/freshclam.conf /etc/freshclam.conf.default
		1081	$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
489	richard	1082	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1357	richard	1083	$SED "/^DatabaseMirror/i DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
1358	richard	1084	$SED "/^DatabaseMirror db.fr.clamav.net/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf
		1085	$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
1355	richard	1086	# Copy of the main virus database
734	richard	1087	rm -f /var/lib/clamav/*.cld # in case of old database scheme
1005	richard	1088	cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
1357	richard	1089	/usr/bin/freshclam
71	richard	1090	}
		1091
1	root	1092	##################################################################################
1221	richard	1093	## function "param_ulogd" ##
476	richard	1094	## - Ulog config for multi-log files ##
		1095	##################################################################################
		1096	param_ulogd ()
		1097	{
		1098	# Three instances of ulogd (three different logfiles)
1359	richard	1099	cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ssh.service
		1100	cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ext-access.service
1358	richard	1101	mv /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-traceability.service
476	richard	1102	[ -d /var/log/firewall ] \|\| mkdir -p /var/log/firewall
478	richard	1103	nl=1
1358	richard	1104	for log_type in traceability ssh ext-access
478	richard	1105	do
		1106	[ -e /var/log/firewall/$log_type.log ] \|\| touch /var/log/firewall/$log_type.log
		1107	cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
		1108	$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf
		1109	$SED '/OPRINT/,$d' /etc/ulogd-$log_type.conf
		1110	cat << EOF >> /etc/ulogd-$log_type.conf
		1111	[LOGEMU]
		1112	file="/var/log/firewall/$log_type.log"
		1113	sync=1
		1114	EOF
1358	richard	1115	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -C /etc/ulogd-$log_type.conf?g" /lib/systemd/system/ulogd-$log_type.service
478	richard	1116	nl=`expr $nl + 1`
		1117	done
476	richard	1118	chown -R root:apache /var/log/firewall
		1119	chmod 750 /var/log/firewall
		1120	chmod 640 /var/log/firewall/*
		1121	} # End of param_ulogd ()
		1122
1159	crox53	1123
		1124	##########################################################
1221	richard	1125	## Function "param_nfsen" ##
1159	crox53	1126	##########################################################
		1127	param_nfsen()
1	root	1128	{
1159	crox53	1129	#Decompression tarball
1221	richard	1130	tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
1159	crox53	1131	#Création groupe et utilisteur
1221	richard	1132	if grep "^www-data:" /etc/group > /dev/null; then
		1133	echo "Group already exists !"
		1134	else
		1135	groupadd www-data
		1136	echo "Group 'www-data' created !"
		1137	fi
		1138	if grep "^nfsen:" /etc/passwd > /dev/null; then
		1139	echo "User already exists !"
		1140	else
		1141	useradd -m nfsen
		1142	echo "User 'nfsen' created !"
		1143	fi
		1144	usermod -G www-data nfsen
1159	crox53	1145	#Ajout du plugin nfsen : PortTracker
1221	richard	1146	mkdir -p /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
		1147	chown -R nfsen:www-data /var/www/nfsen
		1148	chown -R apache:apache /usr/share/nfsen /var/log/netflow/porttracker
		1149	cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
1159	crox53	1150	#Copie du fichier de conf modifié de nfsen
1221	richard	1151	cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
1159	crox53	1152	#Copie du script d'initialisation de nfsen
1221	richard	1153	cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/
1159	crox53	1154	#Installation de nfsen via le scrip Perl
1221	richard	1155	DirTmp=$(pwd)
		1156	cd /tmp/nfsen-1.3.6p1/
		1157	/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
		1158	/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
1159	crox53	1159	#Création de la DB pour rrdtool
1221	richard	1160	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
		1161	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
		1162	sudo -u apache nftrack -I -d /var/log/netflow/porttracker
		1163	chown -R apache:www-data /var/log/netflow/porttracker/
		1164	chmod -R 775 /var/log/netflow/porttracker
1159	crox53	1165	#Configuration du fichier de conf d'apache
1355	richard	1166	if [ -f /etc/httpd/conf/conf.d/nfsen.conf ];then
		1167	rm -f /etc/httpd/conf/conf.d/nfsen.conf
1221	richard	1168	fi
1355	richard	1169	cat <<EOF >> /etc/httpd/conf/conf.d/nfsen.conf
1159	crox53	1170	Alias /nfsen /var/www/nfsen
		1171	<Directory /var/www/nfsen/>
		1172	DirectoryIndex nfsen.php
		1173	Options -Indexes
		1174	AllowOverride all
		1175	order allow,deny
		1176	allow from all
		1177	AddType application/x-httpd-php .php
		1178	php_flag magic_quotes_gpc on
		1179	php_flag track_vars on
1	root	1180	</Directory>
		1181	EOF
1223	crox53	1182	#Ajout du paramètre : IP d'écoute pour le collecteur (nfcapd)
1229	crox53	1183	$SED s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1";'?g /usr/libexec/NfSenRC.pm
1210	crox53	1184	#Configuration du délais d'expiration des captures du profile "live"
1250	richard	1185	nfsen -m live -e 62d 2>/dev/null
1159	crox53	1186	#Suppression des sources de nfsen
1221	richard	1187	cd $DirTmp
		1188	rm -rf /tmp/nfsen-1.3.6p1/
1159	crox53	1189	} # End of param_nfsen
1	root	1190
		1191	##########################################################
1221	richard	1192	## Function "param_dnsmasq" ##
1	root	1193	##########################################################
219	jeremy	1194	param_dnsmasq ()
		1195	{
		1196	[ -d /var/log/dnsmasq ] \|\| mkdir /var/log/dnsmasq
1356	richard	1197	[ -e /etc/sysconfig/dnsmasq.default ] \|\| cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
259	richard	1198	$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux
1356	richard	1199	# Option : on pré-active les logs DNS des clients
		1200	$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g" /etc/sysconfig/dnsmasq
		1201	# Option : exemple de paramètre supplémentaire pour le cache memoire
		1202	echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
		1203	# Option : exemple de configuration avec un A.D.
		1204	echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
503	richard	1205	[ -e /etc/dnsmasq.conf.default ] \|\| cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
520	richard	1206	# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on.
503	richard	1207	cat << EOF > /etc/dnsmasq.conf
520	richard	1208	# Configuration file for "dnsmasq in forward mode"
503	richard	1209	conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux
259	richard	1210	listen-address=$PRIVATE_IP
		1211	listen-address=127.0.0.1
286	richard	1212	no-dhcp-interface=$INTIF
259	richard	1213	bind-interfaces
		1214	cache-size=256
		1215	domain=$DOMAIN
		1216	domain-needed
		1217	expand-hosts
		1218	bogus-priv
		1219	filterwin2k
		1220	server=$DNS1
		1221	server=$DNS2
498	richard	1222	# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
865	richard	1223	dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
632	richard	1224	dhcp-option=option:router,$PRIVATE_IP
259	richard	1225	#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
		1226
291	franck	1227	# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
420	franck	1228	#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
259	richard	1229	EOF
1356	richard	1230	# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
		1231	cat << EOF > /etc/dnsmasq-blacklist.conf
		1232	# Configuration file for "dnsmasq with blacklist"
520	richard	1233	# Inclusion de la blacklist <domains> de Toulouse dans la configuration
1015	richard	1234	conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
503	richard	1235	conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux
498	richard	1236	listen-address=$PRIVATE_IP
		1237	port=54
		1238	no-dhcp-interface=$INTIF
		1239	bind-interfaces
		1240	cache-size=256
		1241	domain=$DOMAIN
		1242	domain-needed
		1243	expand-hosts
		1244	bogus-priv
		1245	filterwin2k
		1246	server=$DNS1
		1247	server=$DNS2
		1248	EOF
1356	richard	1249	# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelis")
1357	richard	1250	cat << EOF > /etc/dnsmasq-whitelist.conf
1356	richard	1251	# Configuration file for "dnsmasq with whitelist"
		1252	# Inclusion de la whitelist <domains> de Toulouse dans la configuration
		1253	conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
		1254	conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux
		1255	listen-address=$PRIVATE_IP
		1256	port=55
		1257	no-dhcp-interface=$INTIF
		1258	bind-interfaces
		1259	cache-size=256
		1260	domain=$DOMAIN
		1261	domain-needed
		1262	expand-hosts
		1263	bogus-priv
		1264	filterwin2k
		1265	address=/#/$PRIVATE_IP
		1266	EOF
		1267	# Create dnsmasq-blacklist and dnsmasq-whitelist unit
		1268	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service
		1269	$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
		1270	$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
1358	richard	1271	# TODO Start after chilli which create tun0
1356	richard	1272	# $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
308	richard	1273	} # End dnsmasq
		1274
		1275	##########################################################
1221	richard	1276	## Fonction "BL" ##
308	richard	1277	##########################################################
		1278	BL ()
		1279	{
		1280	# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR
648	richard	1281	rm -rf $DIR_DG/lists/blacklists
		1282	tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
878	richard	1283	# on crée le répertoire ossi (noms de domaine et URLs ajoutés à la BL)
		1284	mkdir $DIR_DG/lists/blacklists/ossi
1041	richard	1285	touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ossi/domains_wl
		1286	touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ossi/urls_wl
309	richard	1287	# On crée les fichiers vides de sites ou d'URL réhabilités
648	richard	1288	[ -e $DIR_DG/lists/exceptionsitelist.default ] \|\| mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
673	richard	1289	[ -e $DIR_DG/lists/exceptionurllist.default ] \|\| mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
648	richard	1290	touch $DIR_DG/lists/exceptionsitelist
		1291	touch $DIR_DG/lists/exceptionurllist
311	richard	1292	# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
648	richard	1293	cat <<EOF > $DIR_DG/lists/bannedurllist
311	richard	1294	# Dansguardian filter config for ALCASAR
		1295	EOF
648	richard	1296	cat <<EOF > $DIR_DG/lists/bannedsitelist
311	richard	1297	# Dansguardian domain filter config for ALCASAR
		1298	# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
		1299	#**
		1300	# block all SSL and CONNECT tunnels
		1301	**s
		1302	# block all SSL and CONNECT tunnels specified only as an IP
		1303	*ips
		1304	# block all sites specified only by an IP
		1305	*ip
		1306	EOF
1000	richard	1307	# Add Bing and Youtube to the safesearch url regext list (parental control)
878	richard	1308	cat <<EOF >> $DIR_DG/lists/urlregexplist
		1309	# Bing - add 'adlt=strict'
		1310	#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]\?)(.)"->"\1\2&adlt=strict"
		1311	# Youtube - add 'edufilter=your_ID'
885	richard	1312	#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]\?)(.)"->"\1\2&edufilter=ABCD1234567890abcdef"
878	richard	1313	EOF
1000	richard	1314	# change the the google safesearch ("safe=strict" instead of "safe=vss")
1003	richard	1315	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
648	richard	1316	chown -R dansguardian:apache $DIR_DG
		1317	chmod -R g+rw $DIR_DG
786	richard	1318	# On adapte la BL de Toulouse à notre structure
654	richard	1319	if [ "$mode" != "update" ]; then
		1320	$DIR_DEST_SBIN/alcasar-bl.sh --adapt
		1321	fi
308	richard	1322	}
219	jeremy	1323
1	root	1324	##########################################################
1221	richard	1325	## Fonction "cron" ##
1	root	1326	## - Mise en place des différents fichiers de cron ##
		1327	##########################################################
		1328	cron ()
		1329	{
		1330	# Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
		1331	[ -e /etc/crontab.default ] \|\| cp /etc/crontab /etc/crontab.default
		1332	cat <<EOF > /etc/crontab
		1333	SHELL=/bin/bash
		1334	PATH=/sbin:/bin:/usr/sbin:/usr/bin
		1335	MAILTO=root
		1336	HOME=/
		1337
		1338	# run-parts
		1339	01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
		1340	02 0 * * * root nice -n 19 run-parts --report /etc/cron.daily
		1341	22 0 * * 0 root nice -n 19 run-parts --report /etc/cron.weekly
		1342	42 0 1 * * root nice -n 19 run-parts --report /etc/cron.monthly
		1343	EOF
		1344	[ -e /etc/anacrontab.default ] \|\| cp /etc/anacrontab /etc/anacrontab.default
		1345	cat <<EOF >> /etc/anacrontab
667	franck	1346	7 8 cron.MysqlDump nice /etc/cron.d/alcasar-mysql
		1347	7 10 cron.logExport nice /etc/cron.d/alcasar-export_log
		1348	7 15 cron.logClean nice /etc/cron.d/alcasar-clean_log
		1349	7 20 cron.importClean nice /etc/cron.d/alcasar-clean_import
1	root	1350	EOF
1247	crox53	1351
811	richard	1352	cat <<EOF > /etc/cron.d/alcasar-mysql
868	richard	1353	# Contrôle, réparation et export de la base des usagers (tous les lundi à 4h45)
955	richard	1354	45 4 * * 1 root $DIR_DEST_SBIN/alcasar-mysql.sh --dump
905	franck	1355	# Nettoyage des utilisateurs dont la date d'expiration du compte est supérieure à 7 jours
917	franck	1356	40 4 * * * root /usr/local/sbin/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
1	root	1357	EOF
952	franck	1358	cat <<EOF > /etc/cron.d/alcasar-archive
		1359	# Archive des logs et de la base de données (tous les lundi à 5h35)
		1360	35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
		1361	EOF
667	franck	1362	cat << EOF > /etc/cron.d/alcasar-clean_import
713	franck	1363	# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h
503	richard	1364	30 * * * * root $DIR_DEST_BIN/alcasar-import-clean.sh
168	franck	1365	EOF
722	franck	1366	cat << EOF > /etc/cron.d/alcasar-distrib-updates
		1367	# mise à jour automatique de la distribution tous les jours 3h30
762	franck	1368	30 3 * * * root /usr/sbin/urpmi --auto-update --auto 2>&1
722	franck	1369	EOF
1247	crox53	1370	#cat << EOF > /etc/cron.d/alcasar-netflow
1159	crox53	1371	# mise à jour automatique du délais d'expiration des log Nertflow (tous les vendredi à 0h05)
1247	crox53	1372	#15 0 * * 1 root $DIR_DEST_BIN/alcasar-netflow.sh
		1373	#EOF
1159	crox53	1374
1	root	1375	# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
		1376	# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739).
		1377	# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct')
		1378	# 'monthly_tot_stat' (tous les jours à 01h05) : aggrégat des connexions mensuelles par usager (renseigne la table 'mtotacct')
		1379	# 'truncate_raddact' (tous les 1er du mois à 01h10) : supprime les entrées journalisées plus vieilles que '$back_days' jours (défini ci-après)
		1380	# 'clean_radacct' (tous les 1er du mois à 01h15) : ferme les session ouvertes de plus de '$back_days' jours (défini ci-après)
		1381	$SED "s?^\$back_days.*?\$back_days = 365;?g" /usr/bin/truncate_radacct
		1382	$SED "s?^\$back_days.*?\$back_days = 30;?g" /usr/bin/clean_radacct
		1383	rm -f /etc/cron.daily/freeradius-web
		1384	rm -f /etc/cron.monthly/freeradius-web
		1385	cat << EOF > /etc/cron.d/freeradius-web
		1386	1 1 * * * root /usr/bin/tot_stats > /dev/null 2>&1
		1387	5 1 * * * root /usr/bin/monthly_tot_stats > /dev/null 2>&1
		1388	10 1 1 * * root /usr/bin/truncate_radacct > /dev/null 2>&1
		1389	15 1 1 * * root /usr/bin/clean_radacct > /dev/null 2>&1
		1390	EOF
671	franck	1391	cat << EOF > /etc/cron.d/alcasar-watchdog
713	franck	1392	# activation du "chien de garde" (watchdog) toutes les 3'
1	root	1393	/3 * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
		1394	EOF
808	franck	1395	# activation du "chien de garde des services" (watchdog) toutes les 18'
		1396	cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
		1397	# activation du "chien de garde" (daemon-watchdog) toutes les 18'
		1398	/18 * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
		1399	EOF
522	richard	1400	# suppression des crons usagers
		1401	rm -f /var/spool/cron/*
1	root	1402	} # End cron
		1403
		1404	##################################################################
1221	richard	1405	## Fonction "Fail2Ban" ##
1163	crox53	1406	##- Modification de la configuration de fail2ban ##
		1407	##- Sécurisation DDOS, SSH-Brute-Force, Intercept.php ... ##
		1408	##################################################################
		1409	fail2ban()
		1410	{
1191	crox53	1411	$DIR_CONF/fail2ban.sh
1192	crox53	1412	#Autorise la lecture seule 2 des 3 fichiers de log concernés, havp est traité dans le script d'init de havp
		1413	[ -e /var/log/fail2ban.log ] \|\| touch /var/log/fail2ban.log
		1414	[ -e /var/Save/logs/security/watchdog.log ] \|\| touch /var/Save/logs/security/watchdog.log
1165	crox53	1415	chmod 644 /var/log/fail2ban.log
1192	crox53	1416	chmod 644 /var/Save/logs/security/watchdog.log
1163	crox53	1417	} #Fin de fail2ban_install()
		1418
		1419	##################################################################
1221	richard	1420	## Fonction "post_install" ##
1	root	1421	## - Modification des bannières (locales et ssh) et des prompts ##
		1422	## - Installation de la structure de chiffrement pour root ##
		1423	## - Mise en place du sudoers et de la sécurité sur les fichiers##
		1424	## - Mise en place du la rotation des logs ##
5	franck	1425	## - Configuration dans le cas d'une mise à jour ##
1	root	1426	##################################################################
		1427	post_install()
		1428	{
		1429	# adaptation du script "chien de garde" (watchdog)
376	franck	1430	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
		1431	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
1	root	1432	# création de la bannière locale
1007	richard	1433	[ -e /etc/mageia-release.default ] \|\| cp /etc/mageia-release /etc/mageia-release.default
		1434	cp -f $DIR_CONF/banner /etc/mageia-release
		1435	echo " V$VERSION" >> /etc/mageia-release
1	root	1436	# création de la bannière SSH
1007	richard	1437	cp /etc/mageia-release /etc/ssh/alcasar-banner-ssh
5	franck	1438	chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
1	root	1439	[ -e /etc/ssh/sshd_config.default ] \|\| cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
		1440	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
		1441	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
793	richard	1442	# postfix banner anonymisation
		1443	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
604	richard	1444	# sshd écoute côté LAN et WAN
1	root	1445	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
604	richard	1446	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
860	richard	1447	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
628	richard	1448	echo "SSH=off" >> $CONF_FILE
1063	richard	1449	echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
628	richard	1450	echo "QOS=off" >> $CONF_FILE
		1451	echo "LDAP=off" >> $CONF_FILE
786	richard	1452	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1358	richard	1453	echo "WEB_ANTIVIRUS=on" >> $CONF_FILE # TODO to remove
		1454	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE # TODO to remove
		1455	echo "DNS_FILTERING=off" >> $CONF_FILE # TODO to remove
885	richard	1456	echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
1078	franck	1457	echo "MULTIWAN=off" >> $CONF_FILE
		1458	echo "FAILOVER=30" >> $CONF_FILE
		1459	echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
1336	richard	1460	echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
		1461	echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
1	root	1462	# Coloration des prompts
		1463	[ -e /etc/bashrc.default ] \|\| cp /etc/bashrc /etc/bashrc.default
5	franck	1464	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
630	franck	1465	$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
1	root	1466	# Droits d'exécution pour utilisateur apache et sysadmin
		1467	[ -e /etc/sudoers.default ] \|\| cp /etc/sudoers /etc/sudoers.default
5	franck	1468	cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
629	richard	1469	$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers
1342	richard	1470	# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, radiusd, ulogd)
1	root	1471	cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
		1472	chmod 644 /etc/logrotate.d/*
714	franck	1473	# rectification sur versions précédentes de la compression des logs
706	franck	1474	$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
		1475	# actualisation des fichiers logs compressés
1342	richard	1476	for dir in firewall dansguardian httpd
706	franck	1477	do
714	franck	1478	find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
706	franck	1479	done
1221	richard	1480	# create the alcasar-load_balancing unit
		1481	cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
1184	crox53	1482	# This file is part of systemd.
		1483	#
		1484	# systemd is free software; you can redistribute it and/or modify it
		1485	# under the terms of the GNU General Public License as published by
		1486	# the Free Software Foundation; either version 2 of the License, or
		1487	# (at your option) any later version.
		1488
		1489	# This unit lauches alcasar-load-balancing.sh script.
		1490	[Unit]
		1491	Description=alcasar-load_balancing.sh execution
		1492	After=network.target iptables.service
		1493
		1494	[Service]
		1495	Type=oneshot
		1496	RemainAfterExit=yes
		1497	ExecStart=/usr/local/sbin/alcasar-load_balancing.sh start
		1498	ExecStop=/usr/local/sbin/alcasar-load_balancing.sh stop
		1499	TimeoutSec=0
		1500	SysVStartPriority=99
		1501
		1502	[Install]
		1503	WantedBy=multi-user.target
1157	stephane	1504	EOF
1221	richard	1505	# processes launched at boot time (SYSV)
1358	richard	1506	for i in chilli havp
1221	richard	1507	do
		1508	/sbin/chkconfig --add $i
		1509	done
		1510	# processes launched at boot time (Systemctl)
1355	richard	1511	for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq radiusd dansguardian freshclam
953	franck	1512
1221	richard	1513	do
		1514	systemctl enable $i
		1515	done
		1516	# Apply French Security Agency (ANSSI) rules
568	richard	1517	# ignorer les broadcast ICMP. (attaque smurf)
1221	richard	1518	sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
568	richard	1519	# ignorer les erreurs ICMP bogus
1221	richard	1520	sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
595	richard	1521	# désactiver l'envoi et la réponse aux ICMP redirects
1221	richard	1522	sysctl -w net.ipv4.conf.all.accept_redirects=0
		1523	accept_redirect=`grep accept_redirect /etc/sysctl.conf\|wc -l`
568	richard	1524	if [ "$accept_redirect" == "0" ]
		1525	then
679	richard	1526	echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
		1527	else
		1528	$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf
568	richard	1529	fi
1221	richard	1530	sysctl -w net.ipv4.conf.all.send_redirects=0
		1531	send_redirect=`grep send_redirect /etc/sysctl.conf\|wc -l`
568	richard	1532	if [ "$send_redirect" == "0" ]
		1533	then
679	richard	1534	echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
		1535	else
		1536	$SED "s?send_redirects.*?send_redirects = 0?g" /etc/sysctl.conf
568	richard	1537	fi
		1538	# activer les SYN Cookies (attaque syn flood)
1221	richard	1539	sysctl -w net.ipv4.tcp_syncookies=1
		1540	tcp_syncookies=`grep tcp_syncookies /etc/sysctl.conf\|wc -l`
568	richard	1541	if [ "$tcp_syncookies" == "0" ]
		1542	then
679	richard	1543	echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
		1544	else
		1545	$SED "s?tcp_syncookies.*?tcp_syncookies = 1?g" /etc/sysctl.conf
568	richard	1546	fi
595	richard	1547	# activer l'antispoofing niveau Noyau
1221	richard	1548	sysctl -w net.ipv4.conf.all.rp_filter=1
568	richard	1549	# ignorer le source routing
1221	richard	1550	sysctl -w net.ipv4.conf.all.accept_source_route=0
		1551	accept_source_route=`grep accept_source_route /etc/sysctl.conf\|wc -l`
568	richard	1552	if [ "$accept_source_route" == "0" ]
		1553	then
679	richard	1554	echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
		1555	else
		1556	$SED "s?accept_source_route.*?accept_source_route = 0?g" /etc/sysctl.conf
568	richard	1557	fi
679	richard	1558	# réglage du timer de maintien de suivi de session à 1h (3600s) au lieu de 5 semaines
1221	richard	1559	sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=3600
		1560	timeout_established=`grep timeout_established /etc/sysctl.conf\|wc -l`
679	richard	1561	if [ "$timeout_established" == "0" ]
		1562	then
		1563	echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.conf
		1564	else
793	richard	1565	$SED "s?timeout_established.*?timeout_established = 3600?g" /etc/sysctl.conf
679	richard	1566	fi
1157	stephane	1567	# disable log_martians (ALCASAR is often installed between two private network addresses)
1221	richard	1568	sysctl -w net.ipv4.conf.all.log_martians=0
306	richard	1569	# On supprime la gestion du <CTRL>+<ALT>+<SUPPR> et des Magic SysReq Keys
1005	richard	1570	# ??? $SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
1003	richard	1571	# switch to multi-users runlevel (instead of x11)
1221	richard	1572	ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
1005	richard	1573	# GRUB modifications
		1574	# limit wait time to 3s
		1575	# create an alcasar entry instead of linux-nonfb
		1576	# change display to 1024*768 (vga791)
1221	richard	1577	$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
		1578	$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
		1579	$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
		1580	$SED "/^kernel/s/vga=.*/vga=791 nomodeset/" /boot/grub/menu.lst
		1581	$SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst
		1582	$SED "/^gfxmenu/d" /boot/grub/menu.lst
1003	richard	1583	# Remove unused services and users
1221	richard	1584	for old_svc in alsa sound dm
		1585	do
		1586	/sbin/chkconfig --del $old_svc
		1587	done
		1588	for svc in snmpd.service sshd.service
		1589	do
		1590	/bin/systemctl disable $svc
		1591	done
		1592	for rm_users in avahi-autoipd avahi icapd
		1593	do
		1594	user=`cat /etc/passwd\|grep $rm_users\|cut -d":" -f1`
		1595	if [ "$user" == "$rm_users" ]
		1596	then
		1597	/usr/sbin/userdel -f $rm_users
		1598	fi
		1599	done
		1600	# Load and apply the previous conf file
		1601	if [ "$mode" = "update" ]
532	richard	1602	then
1266	richard	1603	$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in /var/Save/logs
1221	richard	1604	$DIR_DEST_BIN/alcasar-conf.sh --load
		1605	PARENT_SCRIPT=`basename $0`
		1606	export PARENT_SCRIPT # to avoid stop&start process during the installation process
		1607	$DIR_DEST_BIN/alcasar-conf.sh --apply
		1608	$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
		1609	$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
1269	richard	1610	if [ $MAJ_PREVIOUS_VERSION -lt 2 ] \|\| ([ $MAJ_PREVIOUS_VERSION -eq 2 ] && [ $MIN_PREVIOUS_VERSION -lt 8 ])
		1611	# update needed for versions previous then 2.8 due to the integration of the domainname ("localdomain" by default)
		1612	then
		1613	header_install
		1614	if [ $Lang == "fr" ]
		1615	then
		1616	echo "Cette mise à jour nécessite de redéfinir le premier compte d'administration du portail"
		1617	echo
		1618	echo -n "Nom : "
		1619	else
		1620	echo "This update need to redefine the first admin account"
		1621	echo
		1622	echo -n "Account : "
		1623	fi
		1624	read admin_portal
		1625	[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
		1626	mkdir -p $DIR_DEST_ETC/digest
		1627	chmod 755 $DIR_DEST_ETC/digest
		1628	until [ -s $DIR_DEST_ETC/digest/key_admin ]
		1629	do
1350	richard	1630	/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
1269	richard	1631	done
		1632	$DIR_DEST_SBIN/alcasar-profil.sh --list
		1633	fi
532	richard	1634	fi
1221	richard	1635	rm -f /tmp/alcasar-conf*
		1636	chown -R root:apache $DIR_DEST_ETC/*
		1637	chmod -R 660 $DIR_DEST_ETC/*
		1638	chmod ug+x $DIR_DEST_ETC/digest
1045	franck	1639	# Apply and save the firewall rules
		1640	sh $DIR_DEST_BIN/alcasar-iptables.sh
		1641	sleep 2
1	root	1642	cd $DIR_INSTALL
5	franck	1643	echo ""
1	root	1644	echo "#############################################################################"
638	richard	1645	if [ $Lang == "fr" ]
		1646	then
		1647	echo "# Fin d'installation d'ALCASAR #"
		1648	echo "# #"
		1649	echo "# Application Libre pour le Contrôle Authentifié et Sécurisé #"
		1650	echo "# des Accès au Réseau ( ALCASAR ) #"
		1651	echo "# #"
		1652	echo "#############################################################################"
		1653	echo
		1654	echo "- ALCASAR sera fonctionnel après redémarrage du système"
		1655	echo
		1656	echo "- Lisez attentivement la documentation d'exploitation"
		1657	echo
		1658	echo "- Le centre de controle d'ALCASAR (ACC) est à l'adresse http://alcasar"
		1659	echo
		1660	echo " Appuyez sur 'Entrée' pour continuer"
		1661	else
		1662	echo "# Enf of ALCASAR install process #"
		1663	echo "# #"
		1664	echo "# Application Libre pour le Contrôle Authentifié et Sécurisé #"
		1665	echo "# des Accès au Réseau ( ALCASAR ) #"
		1666	echo "# #"
		1667	echo "#############################################################################"
		1668	echo
		1669	echo "- The system will be rebooted in order to operate ALCASAR"
		1670	echo
		1671	echo "- Read the exploitation documentation"
		1672	echo
		1673	echo "- The ALCASAR Control Center (ACC) is at http://alcasar"
		1674	echo
		1675	echo " Hit 'Enter' to continue"
		1676	fi
815	richard	1677	sleep 2
		1678	if [ "$mode" != "update" ]
820	richard	1679	then
815	richard	1680	read a
		1681	fi
774	richard	1682	clear
1	root	1683	reboot
		1684	} # End post_install ()
		1685
1349	richard	1686
		1687	##################################################################
		1688	## Fonction "gammu_smsd" ##
		1689	## - Creation de la base de donnée Gammu ##
		1690	## - Creation du fichier de config: gammu_smsd_conf ##
		1691	## ##
		1692	##################################################################
		1693	gammu_smsd()
		1694	{
		1695	# Create 'gammu' databse
		1696	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
		1697	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_GAMMU;GRANT ALL ON $DB_GAMMU.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
		1698	# Add a gammu database structure
		1699	mysql -u$DB_USER -p$radiuspwd $DB_GAMMU < $DIR_CONF/gammu-smsd-db-vierge.sql
		1700
		1701
		1702	# Creation du fichier de config gammu_smsd_conf
		1703	cat << EOF > /etc/gammu_smsd_conf
		1704	[gammu]
		1705	port = /dev/ttyUSB0
		1706	connection = at115200
		1707
		1708	;########################################################
		1709
		1710	[smsd]
		1711
		1712	PIN = 1234
		1713
		1714	logfile = /var/log/gammu-smsd/gammu-smsd.log
		1715	logformat = textall
		1716	debuglevel = 0
		1717
		1718	service = sql
		1719	driver = native_mysql
		1720	user = $DB_USER
		1721	password = $radiuspwd
		1722	pc = localhost
		1723	database = $DB_GAMMU
		1724
		1725	RunOnReceive = /usr/local/bin/alcasar-sms.sh --new_sms
		1726
		1727	StatusFrequency = 30
		1728	LoopSleep = 2
		1729
		1730	;ResetFrequency = 300
		1731	;HardResetFrequency = 120
		1732
		1733	CheckSecurity = 1
		1734	CheckSignal = 1
		1735	CheckBattery = 0
		1736	EOF
		1737
		1738	chmod 755 /etc/gammu_smsd_conf
		1739
		1740	#Creation dossier de log Gammu-smsd
		1741	mkdir /var/log/gammu-smsd
		1742	chmod 755 /var/log/gammu-smsd
		1743
		1744	#Edition du script sql gammu <-> radius
		1745	$SED "10c u_db=\"$DB_USER\"" $DIR_DEST_BIN/alcasar-sms.sh
		1746	$SED "11c p_db=\"$radiuspwd\"" $DIR_DEST_BIN/alcasar-sms.sh
		1747
		1748	} # END gammu_smsd()
		1749
		1750
		1751
		1752
1	root	1753	#################################
1005	richard	1754	# Main Install loop #
1	root	1755	#################################
832	richard	1756	dir_exec=`dirname "$0"`
		1757	if [ $dir_exec != "." ]
		1758	then
		1759	echo "Lancez ce programme depuis le répertoire de l'archive d'ALCASAR"
		1760	echo "Launch this program from the ALCASAR archive directory"
		1761	exit 0
		1762	fi
		1763	VERSION=`cat $DIR_INSTALL/VERSION`
291	franck	1764	usage="Usage: alcasar.sh {-i or --install} \| {-u or --uninstall}"
1	root	1765	nb_args=$#
		1766	args=$1
		1767	if [ $nb_args -eq 0 ]
		1768	then
		1769	nb_args=1
		1770	args="-h"
		1771	fi
1062	richard	1772	chmod -R u+x $DIR_SCRIPTS/*
1	root	1773	case $args in
		1774	-\? \| -h* \| --h*)
		1775	echo "$usage"
		1776	exit 0
		1777	;;
291	franck	1778	-i \| --install)
959	franck	1779	license
5	franck	1780	header_install
29	richard	1781	testing
1336	richard	1782	# Test if ALCASAR is already installed
1249	richard	1783	if [ -e $CONF_FILE ]
1	root	1784	then
1249	richard	1785	current_version=`cat $CONF_FILE \| grep VERSION \| cut -d"=" -f2`
595	richard	1786	if [ $Lang == "fr" ]
1249	richard	1787	then echo -n "La version "; echo -n $current_version ; echo " d'ALCASAR est déjà installée";
		1788	else echo -n "ALCASAR Version "; echo -n $current_version ; echo " is already installed";
595	richard	1789	fi
5	franck	1790	response=0
460	richard	1791	PTN='^[oOnNyY]$'
580	richard	1792	until [[ $(expr $response : $PTN) -gt 0 ]]
5	franck	1793	do
595	richard	1794	if [ $Lang == "fr" ]
		1795	then echo -n "Voulez-vous effectuer une mise à jour (O/n)? ";
		1796	else echo -n "Do you want to update (Y/n)?";
		1797	fi
5	franck	1798	read response
		1799	done
597	richard	1800	if [ "$response" = "n" ] \|\| [ "$response" = "N" ]
5	franck	1801	then
597	richard	1802	rm -f /tmp/alcasar-conf*
		1803	else
636	richard	1804	# Create a backup of running version importants files
389	franck	1805	$DIR_SCRIPTS/alcasar-conf.sh --create
532	richard	1806	mode="update"
5	franck	1807	fi
1	root	1808	fi
595	richard	1809	# RPMs install
		1810	$DIR_SCRIPTS/alcasar-urpmi.sh
		1811	if [ "$?" != "0" ]
1	root	1812	then
595	richard	1813	exit 0
		1814	fi
1249	richard	1815	if [ -e $CONF_FILE ]
595	richard	1816	then
597	richard	1817	# Uninstall the running version
532	richard	1818	$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
595	richard	1819	fi
636	richard	1820	# Test if manual update
1057	richard	1821	if [ -e /tmp/alcasar-conf*.tar.gz ] && [ "$mode" != "update" ]
595	richard	1822	then
636	richard	1823	header_install
595	richard	1824	if [ $Lang == "fr" ]
636	richard	1825	then echo "Le fichier de configuration d'une ancienne version a été trouvé";
		1826	else echo "The configuration file of an old version has been found";
595	richard	1827	fi
597	richard	1828	response=0
		1829	PTN='^[oOnNyY]$'
		1830	until [[ $(expr $response : $PTN) -gt 0 ]]
		1831	do
		1832	if [ $Lang == "fr" ]
		1833	then echo -n "Voulez-vous l'utiliser (O/n)? ";
		1834	else echo -n "Do you want to use it (Y/n)?";
		1835	fi
		1836	read response
		1837	if [ "$response" = "n" ] \|\| [ "$response" = "N" ]
		1838	then rm -f /tmp/alcasar-conf*
		1839	fi
		1840	done
		1841	fi
636	richard	1842	# Test if update
1057	richard	1843	if [ -e /tmp/alcasar-conf* ]
597	richard	1844	then
		1845	if [ $Lang == "fr" ]
		1846	then echo "#### Installation avec mise à jour ####";
		1847	else echo "#### Installation with update ####";
		1848	fi
636	richard	1849	# Extract the central configuration file
1057	richard	1850	tar -xf /tmp/alcasar-conf* conf/etc/alcasar.conf
637	richard	1851	ORGANISME=`grep ORGANISM conf/etc/alcasar.conf\|cut -d"=" -f2`
1010	richard	1852	PREVIOUS_VERSION=`grep VERSION conf/etc/alcasar.conf\|cut -d"=" -f2`
		1853	MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION\|cut -d"." -f1`
		1854	MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION\|cut -d"." -f2\|cut -c1`
		1855	UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION\|cut -d"." -f3`
5	franck	1856	mode="update"
		1857	else
		1858	mode="install"
1	root	1859	fi
1342	richard	1860	for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install
5	franck	1861	do
		1862	$func
1221	richard	1863	# echo "* 'debug' : end of function $func *"; read a
14	richard	1864	done
5	franck	1865	;;
291	franck	1866	-u \| --uninstall)
5	franck	1867	if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
1	root	1868	then
597	richard	1869	if [ $Lang == "fr" ]
		1870	then echo "ALCASAR n'est pas installé!";
		1871	else echo "ALCASAR isn't installed!";
		1872	fi
1	root	1873	exit 0
		1874	fi
5	franck	1875	response=0
		1876	PTN='^[oOnN]$'
580	richard	1877	until [[ $(expr $response : $PTN) -gt 0 ]]
5	franck	1878	do
597	richard	1879	if [ $Lang == "fr" ]
		1880	then echo -n "Voulez-vous créer le fichier de configuration de la version actuelle (0/n)? ";
854	richard	1881	else echo -n "Do you want to create the running version configuration file (Y/n)? ";
597	richard	1882	fi
5	franck	1883	read response
		1884	done
1103	richard	1885	if [ "$response" = "o" ] \|\| [ "$response" = "O" ] \|\| [ "$response" = "Y" ] \|\| [ "$response" = "y" ]
1	root	1886	then
1103	richard	1887	$DIR_SCRIPTS/alcasar-conf.sh --create
498	richard	1888	else
		1889	rm -f /tmp/alcasar-conf*
1	root	1890	fi
597	richard	1891	# Uninstall the running version
65	richard	1892	$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
1	root	1893	;;
		1894	*)
		1895	echo "Argument inconnu :$1";
460	richard	1896	echo "Unknown argument :$1";
1	root	1897	echo "$usage"
		1898	exit 1
		1899	;;
		1900	esac
10	franck	1901	# end of script
366	franck	1902

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 1359