Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 627 → Rev 628

/alcasar.sh
49,9 → 49,8
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf
FIC_CONF="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
FIC_PARAM="/root/ALCASAR-parameters.txt" # fichier texte résumant les paramètres d'installation
FIC_PASSWD="/root/ALCASAR-passwords.txt" # fichier texte contenant les mots de passe et secrets partagés
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
PASSWD_FILE="/root/ALCASAR-passwords.txt" # fichier texte contenant les mots de passe et secrets partagés
# ******* DBMS parameters - paramètres SGBD ********
DB_RADIUS="radius" # nom de la base de données utilisée par le serveur FreeRadius
DB_USER="radius" # nom de l'utilisateur de la base de données
210,26 → 209,26
done
fi
# On crée aléatoirement les mots de passe et les secrets partagés
rm -f $FIC_PASSWD
rm -f $PASSWD_FILE
grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de protection du menu Grub
echo -n "Password to protect the boot menu (GRUB) : " > $FIC_PASSWD
echo "$grubpwd" >> $FIC_PASSWD
echo -n "Password to protect the boot menu (GRUB) : " > $PASSWD_FILE
echo "$grubpwd" >> $PASSWD_FILE
md5_grubpwd=`/usr/bin/md5pass $grubpwd`
$SED "/^password.*/d" /boot/grub/menu.lst
$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'administrateur Mysqld
echo -n "Name and password of MYSQL administrator : " >> $FIC_PASSWD
echo "root / $mysqlpwd" >> $FIC_PASSWD
echo -n "Name and password of MYSQL administrator : " >> $PASSWD_FILE
echo "root / $mysqlpwd" >> $PASSWD_FILE
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
echo -n "Name and password of MYSQL user : " >> $FIC_PASSWD
echo "$DB_USER / $radiuspwd" >> $FIC_PASSWD
echo -n "Name and password of MYSQL user : " >> $PASSWD_FILE
echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre intercept.php et coova-chilli
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $FIC_PASSWD
echo "$secretuam" >> $FIC_PASSWD
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
echo "$secretuam" >> $PASSWD_FILE
secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre coova-chilli et FreeRadius
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $FIC_PASSWD
echo "$secretradius" >> $FIC_PASSWD
chmod 640 $FIC_PASSWD
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
echo "$secretradius" >> $PASSWD_FILE
chmod 640 $PASSWD_FILE
# On installe les scripts et fichiers de configuration d'ALCASAR
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,mondo.sh,watchdog.sh}
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
241,8 → 240,8
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
# generate FIC_PARAM and FIC_CONF
cat <<EOF > $FIC_PARAM
# generate central conf file
cat <<EOF > $CONF_FILE
##########################################
## ##
## ALCASAR Parameters ##
249,22 → 248,11
## ##
##########################################
 
- Install date : $DATE
- Version : $VERSION
- Organism : $ORGANISME
EOF
cat <<EOF > $FIC_CONF
##########################################
## ##
## ALCASAR Parameters ##
## ##
##########################################
 
INSTALL_DATE=$DATE
VERSION=$VERSION
ORGANISM=$ORGANISME
EOF
chmod o-rwx $FIC_PARAM $FIC_CONF
chmod o-rwx $CONF_FILE
} # End of init ()
 
##################################################################
311,7 → 299,6
fi
# Définition de la config réseau côté "LAN de consultation"
hostname $HOSTNAME
echo "- Hostname : $HOSTNAME" >> $FIC_PARAM
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # masque réseau de consultation (ex.: 255.255.255.0)
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # @ip du portail (côté réseau de consultation)
342,19 → 329,14
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
echo -e "- WAN IP address ($EXTIF) :\t$PUBLIC_IP/$PUBLIC_PREFIX" >> $FIC_PARAM
echo -e "- Gateway IP address :\t\t$PUBLIC_GATEWAY" >> $FIC_PARAM
echo -e "- DNS servers :\t\t\t$DNS1 and $DNS2" >> $FIC_PARAM
echo -e "- LAN IP address ($INTIF) :\t$PRIVATE_IP_MASK" >> $FIC_PARAM
echo -e "- Dynamic IP addresses (DHCP) :\tfrom $PRIVATE_DYN_FIRST_IP to $PRIVATE_DYN_LAST_IP" >> $FIC_PARAM
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $FIC_CONF
echo "GW=$PUBLIC_GATEWAY" >> $FIC_CONF
echo "DNS1=$DNS1" >> $FIC_CONF
echo "DNS2=$DNS2" >> $FIC_CONF
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $FIC_CONF
echo "DHCP=on" >> $FIC_CONF
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $FIC_CONF
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $FIC_CONF
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
echo "DNS1=$DNS1" >> $CONF_FILE
echo "DNS2=$DNS2" >> $CONF_FILE
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
echo "DHCP=on" >> $CONF_FILE
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $CONF_FILE
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $CONF_FILE
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
# Configuration réseau
cat <<EOF > /etc/sysconfig/network
462,7 → 444,6
$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
$SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/index.php
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
chown -R apache:apache $DIR_WEB/*
494,7 → 475,6
</body>
</html>
EOF
echo "- ALCASAR Control Center URL : http://$HOSTNAME" >> $FIC_PARAM
# Définition du premier compte lié au profil 'admin'
header_install
if [ "$mode" = "install" ]
522,7 → 502,6
admin_portal=!
fi
done
echo "- Name of the first account of the admin profile : $admin_portal" >> $FIC_PARAM
# Création du fichier de clés de ce compte dans le profil "admin"
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
mkdir -p $DIR_DEST_ETC/digest
546,7 → 525,6
echo -n "Account : "
fi
read admin_portal
echo "- Name of the first account of the admin profile : $admin_portal" >> $FIC_PARAM
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
mkdir -p $DIR_DEST_ETC/digest
chmod 755 $DIR_DEST_ETC/digest
794,7 → 772,6
ErrorDocument 404 https://$HOSTNAME
</Directory>
EOF
echo "- User change password URL : https://$HOSTNAME/pass/" >> $FIC_PARAM
} # End of param_web_radius ()
 
##########################################################################################
857,7 → 834,6
touch $DIR_DEST_ETC/alcasar-macallowed $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
chown root:apache $DIR_DEST_ETC/alcasar-*
chmod 660 $DIR_DEST_ETC/alcasar-*
echo "- User disconnect URL : http://alcasar:3990/logoff" >> $FIC_PARAM
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli et nom d'organisme)
$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
1277,12 → 1253,12
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
# Put the default value in conf file (sshd, QOS, protocols filter and dns filter are off)(web antivirus is on)
/sbin/chkconfig --del sshd
echo "SSH=off" >> $FIC_CONF
echo "QOS=off" >> $FIC_CONF
echo "LDAP=off" >> $FIC_CONF
echo "PROTOCOLS_FILTERING=off" >> $FIC_CONF
echo "DNS_FILTERING=off" >> $FIC_CONF
echo "WEB_ANTIVIRUS=on" >> $FIC_CONF
echo "SSH=off" >> $CONF_FILE
echo "QOS=off" >> $CONF_FILE
echo "LDAP=off" >> $CONF_FILE
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
echo "DNS_FILTERING=off" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
# Coloration des prompts
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
1401,10 → 1377,13
/usr/sbin/userdel -f $rm_users
fi
done
# Load the previous conf file
# Load and update the previous conf file
if [ "$mode" = "update" ]
then
$DIR_DEST_BIN/alcasar-conf.sh --load
$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
$SED "s?^ORGANISM=.*?ORGANISM=$ORGANISM?g" $CONF_FILE
fi
rm -f /tmp/alcasar-conf*
chown -R root:apache $DIR_DEST_ETC/*
/scripts/alcasar-conf.sh
8,7 → 8,11
DIR_BIN="/usr/local/bin" # répertoire des scripts d'admin
DIR_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
DIR_ETC="/usr/local/etc" # répertoire des fichiers de conf
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file
VERSION="/var/www/html/VERSION" # contient la version en cours
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation
HOSTNAME="alcasar"
DB_USER="radius"
radiuspwd=""
SED="/bin/sed -i"
16,8 → 20,30
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1`
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1`
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3`
DATE=`date '+%d %B %Y - %Hh%M'`
private_network_calc ()
{
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24)
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C)
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # @ broadcast réseau de consultation (ex.: 192.168.182.255)
tmp_mask=`echo $PRIVATE_NETWORK_MASK|cut -d"/" -f2`; half_mask=`expr $tmp_mask + 1` # masque du 1/2 réseau de consultation (ex.: 25)
PRIVATE_STAT_IP=$PRIVATE_NETWORK/$half_mask # plage des adresses statiques (ex.: 192.168.182.0/25)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # dernier octet de l'@ de réseau
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # dernier octet de l'@ de broadcast
private_plage=`expr $private_broadcast_ending - $private_network_ending + 1`
private_half_plage=`expr $private_plage / 2`
private_dyn=`expr $private_half_plage + $private_network_ending`
private_dyn_ip_network=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`"."$private_dyn"."`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup_sup-5`
PRIVATE_DYN_IP=`echo $private_dyn_ip_network | cut -d"." -f1-4`/$half_mask # @ réseau (CIDR) de la plage des adresses dynamiques (ex.: 192.168.182.128/25)
private_dyn_ip_ending=`echo $private_dyn_ip_network | cut -d"." -f4`
PRIVATE_DYN_FIRST_IP=`echo $private_dyn_ip_network | cut -d"." -f1-3`"."`expr $private_dyn_ip_ending + 1` # 1ère adresse de la plage dynamique (ex.: 192.168.182.129)
PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage dynamique (ex.: 192.168.182.254)
}
 
usage="Usage: alcasar-conf.sh --create | --load"
usage="Usage: alcasar-conf.sh --create | --load | --apply"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
78,8 → 104,54
# si version < 2.2
if ([ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ]))
then
rm -f $DIR_UPDATE/etc/alcasar-ethers # ce fichier doit être lisse de commentaires
rm -f $DIR_UPDATE/etc/alcasar-ethers # This file doesn't contain comments
# Create the initial conf file (doesn't exist in earlier versions)
cat <<EOF > $CONF_FILE
##########################################
## ##
## ALCASAR Parameters ##
## ##
##########################################
 
INSTALL_DATE=$DATE
VERSION=$RUNNING_VERSION
ORGANISM=
EOF
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # @ip du portail (côté Internet)
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS
DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 2ème DNS
DNS1=${DNS1:=208.67.220.220}
DNS2=${DNS2:=208.67.222.222}
PRIVATE_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2` # @ip du portail (côté LAN)
PRIVATE_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2`
private_network_calc
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
echo "DNS1=$DNS1" >> $CONF_FILE
echo "DNS2=$DNS2" >> $CONF_FILE
echo "PRIVATE_IP=$PRIVATE_IP/$PRIVATE_PREFIX" >> $CONF_FILE
echo "DHCP=on" >> $CONF_FILE
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $CONF_FILE
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $CONF_FILE
if [ -r /var/run/sshd.pid ]; then
echo "SSH=on" >> $CONF_FILE
else
echo "SSH=off" >> $CONF_FILE
fi
echo "QOS=off" >> $CONF_FILE
if [ `grep ^ldap /etc/raddb/sites-available/alcasar | wc -l` -eq "0" ]; then
echo "LDAP=off" >> $CONF_FILE
else
echo "LDAP=on" >> $CONF_FILE
fi
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
echo "DNS_FILTERING=off" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
fi
cp $CONF_FILE $DIR_UPDATE/etc/
# création de l'archive
cd /tmp
tar -cf alcasar-conf.tar conf/
116,11 → 188,93
$DIR_SBIN/alcasar-bl.sh -conf
# Prise en compte des comptes de gestion (admin + manager + backup)
$DIR_SBIN/alcasar-profil.sh --list
# On applique les paramètres réseau
...
# Effacement du répertoire d'update
rm -rf $DIR_UPDATE
;;
--apply|-apply)
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/[012]?[0-9]\b"
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
exit 0
fi
PUBLIC_IP_MASK=`grep PUBLIC_IP $CONF_FILE|cut -d"=" -f2`
check=$(echo $PUBLIC_IP_MASK | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
exit 0
fi
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
PUBLIC_GATEWAY=`grep GW $CONF_FILE|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
exit 0
fi
DNS1=`grep DNS1 $CONF_FILE|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for the IP address of the first DNS server ($DNS1)"
exit 0
fi
DNS2=`grep DNS2 $CONF_FILE|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for the IP address of the second DNS server ($DNS2)"
exit 0
fi
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # @ réseau de consultation (ex.: 192.168.182.0)
PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK | cut -d"/" -f2` # @ + masque du réseau de consult (192.168.182.0/24)
private_network_calc
 
# /etc/hosts
cat <<EOF > /etc/hosts
127.0.0.1 localhost
$PRIVATE_IP $HOSTNAME
EOF
 
# Networt Cards config
$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/ifcfg-$INTIF
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$INTIF
 
# NTP server
$SED "s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap\nrestrict 127.0.0.1?" /etc/ntp.conf
 
# host.allow
cat <<EOF > /etc/hosts.allow
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
sshd: ALL
ntpd: $PRIVATE_NETWORK_SHORT
EOF
 
# Alcasar control center
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
#...
 
 
# Start / Stop SSH Daemon
ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2`
if [ $ssh_active = "on" ]
then
/sbin/chkconfig --add sshd
else
/sbin/chkconfig --del sshd
fi
 
 
$DIR_DEST_BIN/alcasar-iptables.sh
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
/scripts/sbin/alcasar-network.sh
File deleted
Property changes:
Deleted: svn:eol-style
-native
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
/web/index.php
1,5 → 1,4
<?php
$private_ip = "192.168.182.1";
$hostname = "alcasar";
$network_pb = False;
$cert_add = "http://alcasar/certs";
11,7 → 10,7
$nb_connection_history = 3;
 
# on discrimine les accès directs sur Alcasar par rapport aux redirections (blacklist ou pannes rso)
if (($_SERVER['HTTP_HOST'] == $private_ip) || preg_match ("/^alcasar/", $_SERVER['HTTP_HOST']) || preg_match ("/^$hostname/", $_SERVER['HTTP_POST']))
if (($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_ADDR']) || preg_match ("/^alcasar/", $_SERVER['HTTP_HOST']) || preg_match ("/^$hostname/", $_SERVER['HTTP_POST']))
{
$direct_access=True;
exec ("sudo /usr/sbin/chilli_query list|grep $remote_ip" , $tab);