/alcasar.sh |
---|
393,7 → 393,6 |
USERCTL=no |
EOF |
# Configuration du serveur de temps |
echo "synchronisation horaire ..." |
[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default |
cat <<EOF > /etc/ntp.conf |
server 0.fr.pool.ntp.org |
406,7 → 405,6 |
logfile /var/log/ntp.log |
EOF |
chown -R ntp:ntp /etc/ntp |
ntpd -q -g & |
# Configuration du serveur dhcpd de secours (mode bypass) |
[ -e /etc/dhcpd.conf.default ] || cp /etc/dhcpd.conf /etc/dhcpd.conf.default 2> /dev/null |
cat <<EOF > /etc/dhcpd.conf |
511,6 → 509,8 |
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte |
$DIR_DEST_SBIN/alcasar-profil.sh -list |
fi |
# synchronisation horaire |
ntpd -q -g & |
# Sécurisation du centre |
rm -f /etc/httpd/conf/webapps.d/* |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf |
933,27 → 933,29 |
################################################################## |
## Fonction antivirus ## |
## - mise en place havp + clamav ## |
## - configuration havp + clamav ## |
################################################################## |
antivirus () |
{ |
# création de la partition de stockage temporaire (100Mo) |
useradd -r havp |
dd if=/dev/zero of=/tmp/havp-disk bs=1024k count=30 |
mkfs.ext4 -qF /tmp/havp-disk |
mkdir /var/tmp/havp /var/log/havp /var/run/havp |
mkdir /var/tmp/havp |
echo "# Entry for havp tmp files scan partition" >> /etc/fstab |
echo "/tmp/havp-disk /var/tmp/havp ext4 loop,mand,noatime,async" >> /etc/fstab |
mount /var/tmp/havp |
# copie et configuration d'HAVP |
cp $DIR_CONF/havp/havp $DIR_DEST_SBIN |
cp -r $DIR_CONF/havp/etc/havp $DIR_DEST_ETC |
cp $DIR_CONF/havp/etc/init.d/havp /etc/init.d/ |
chkconfig --level 345 havp on |
chkconfig --level 01267 havp off |
chown -R havp.havp /var/tmp/havp /var/log/havp /var/run/havp |
chown -R havp.apache $DIR_DEST_ETC/havp |
chmod 770 $DIR_DEST_ETC/havp |
chown -R havp /var/tmp/havp |
# configuration d'HAVP |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config |
$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config |
$SED "s?^# PARENTPORT.*?PARENTPORT 3128?g" /etc/havp/havp.config |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config |
# mise à jour de la base antivirale de clamav toutes les 2 heures |
$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf |
} |
################################################################################## |
1168,7 → 1170,7 |
chmod 644 /etc/logrotate.d/* |
# processus lancés par défaut au démarrage |
$SED "s?^# chkconfig:.*?# chkconfig: 345 11 90?g" /etc/init.d/mysqld # pour éviter les alertes de dépendance de services (netfs) |
for i in netfs ntpd iptables ulogd squid chilli httpd radiusd mysqld dansguardian named |
for i in netfs ntpd iptables ulogd squid chilli httpd radiusd mysqld dansguardian named havp freshclam |
do |
/sbin/chkconfig --add $i |
done |
/conf/rpms/i586/havp-0.91-1.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/havp-0.91-1.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/CHANGELOG |
---|
1,5 → 1,6 |
# $Id$ |
************ CHANGELOG *********** |
10/05/10 - création RPM 35b et 64b d'havp. Adaptation des scripts. |
15/04/10 - intégration havp + clamav |
14/04/10 - remplacement de valeur DNS1 et DNS2 quand valeur= vide ; testé |
05/04/10 - Réécriture de la procédure d'installation des RPM (téléchargement et test avant install) |
/scripts/alcasar-conf.sh |
---|
90,8 → 90,6 |
cp -rf $DIR_UPDATE/etc/* $DIR_DEST_ETC/ |
chown root:apache $DIR_DEST_ETC/* |
chmod 660 $DIR_DEST_ETC/* |
chown havp:apache $DIR_DEST_ETC/havp |
chmod 770 $DIR_DEST_ETC/havp |
rm -rf $DIR_UPDATE |
;; |
*) |
/scripts/sbin/alcasar-uninstall.sh |
---|
99,17 → 99,22 |
[ -d /etc/dansguardian/lists/blacklists.default ] && mv -f /etc/dansguardian/lists/blacklists.default /etc/dansguardian/lists/blacklists && echo -n "10" |
sleep 1 |
#antivirus |
echo -en "\n-11 antivirus(6) : " |
echo -en "\n-11 antivirus(5) : " |
if [ -e /etc/init.d/havp ] |
then |
chkconfig --del havp && echo -n "1, " |
umount /var/tmp/havp && echo -n "2, " |
umount /var/tmp/havp && echo -n "1, " |
sleep 1 |
rm -rf /var/tmp/havp /var/log/havp /var/run/havp /usr/local/etc/havp && echo -n "3, " |
rm -f /tmp/havp-disk && echo -n "4, " |
rm -rf /var/tmp/havp && echo -n "2, " |
rm -f /tmp/havp-disk && echo -n "3, " |
$SED "/^# Entry for havp/d" /etc/fstab |
$SED "/^\/tmp\/havp-disk/d" /etc/fstab && echo -n "5, " |
userdel havp && echo -n "6" |
$SED "/^\/tmp\/havp-disk/d" /etc/fstab && echo -n "4, " |
[ -e /etc/havp/havp.conf.default ] && mv /etc/havp/havp.conf.default /etc/havp/havp.conf && echo -n "5" |
if [ -e /usr/local/sbin/havp ] # on traite la version 1.9a |
then |
rm -rf /usr/local/etc/havp |
rm -rf /usr/local/sbin/havp |
userdel -r havp |
fi |
else echo -n "non installé" |
fi |
sleep 1 |
/scripts/alcasar-watchdog.sh |
---|
18,7 → 18,7 |
do |
noresponse_ip=`echo $noresponse | cut -d" " -f1` |
noresponse_mac=`echo $noresponse | cut -d" " -f2` |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 $noresponse_ip|grep response|cut -d" " -f2` |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep response|cut -d" " -f2` |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |
logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) reste muette. On déconnecte." |
33,10 → 33,10 |
active_ip=`echo $system |cut -d" " -f2` |
active_session=`echo $system |cut -d" " -f5` |
active_mac=`echo $system | cut -d" " -f1` |
# on ne traite que les équipements exploitées par un usager authentifié |
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes) |
if [[ $(expr $active_session) -eq 1 ]] |
then |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 $active_ip|grep response|cut -d" " -f2` |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep response|cut -d" " -f2` |
# on stocke les adresses IP des stations muettes |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |