20,7 → 20,7 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal) |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares : |
# |
# Coovachilli, freeradius, mariaDB, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump |
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump |
|
# Options : |
# -i or --install |
36,7 → 36,6 |
# param_radius : FreeRadius initialisation |
# param_web_radius : copy ans modifiy original "freeradius web" in ACC |
# param_chilli : coovachilli initialisation (+authentication page) |
# param_squid : Squid cache proxy configuration |
# param_dansguardian : DansGuardian filtering HTTP proxy configuration |
# antivirus : HAVP + libclamav configuration |
# param_nfsen : Configuration du grapheur nfsen pour apache |
101,11 → 100,21 |
|
################################################################## |
## Function "testing" ## |
## - Test of free space on /var (>10G) ## |
## - Test of Internet access ## |
################################################################## |
testing () |
{ |
free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G` |
if [ $free_space -lt 10 ] |
then |
if [ $Lang == "fr" ] |
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)" |
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)" |
fi |
exit 0 |
fi |
if [ $Lang == "fr" ] |
then echo -n "Tests des paramètres réseau : " |
else echo -n "Network parameters tests : " |
fi |
502,7 → 511,7 |
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php |
chown -R apache:apache $DIR_WEB/* |
for i in system_backup base logs/firewall logs/httpd logs/squid logs/security; |
for i in system_backup base logs/firewall logs/httpd logs/security; |
do |
[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i |
done |
977,45 → 986,6 |
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli |
} # End of param_chilli () |
|
########################################################## |
## Fonction "param_squid" ## |
## - Paramètrage du proxy 'squid' en mode 'cache' ## |
## - Initialisation de la base de données ## |
########################################################## |
param_squid () |
{ |
# paramètrage de Squid (connecté en série derrière Dansguardian) |
[ -e /etc/squid/squid.conf.default ] || cp /etc/squid/squid.conf /etc/squid/squid.conf.default |
# suppression des références 'localnet', 'icp', 'htcp' et 'always_direct' |
$SED "/^acl localnet/d" /etc/squid/squid.conf |
$SED "/^icp_access allow localnet/d" /etc/squid/squid.conf |
$SED "/^icp_port 3130/d" /etc/squid/squid.conf |
$SED "/^http_access allow localnet/d" /etc/squid/squid.conf |
$SED "/^htcp_access allow localnet/d" /etc/squid/squid.conf |
$SED "/^always_direct allow localnet/d" /etc/squid/squid.conf |
# mode 'proxy transparent local' |
$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf |
# Configuration du cache local |
$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf |
# désactivation des "access log" |
echo '#Disable access log' >> /etc/squid/squid.conf |
echo "access_log none" >> /etc/squid/squid.conf |
# anonymisation of squid version |
echo "via off" >> /etc/squid/squid.conf |
# remove the 'X_forwarded' http option |
echo "forwarded_for delete" >> /etc/squid/squid.conf |
# linked squid output in HAVP input |
echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf |
echo "never_direct allow all" >> /etc/squid/squid.conf |
# avoid error messages on network interfaces state changes |
$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid |
# reduce squid shutdown time (100 to 50) |
$SED "s?^SQUID_SHUTDOWN_TIMEOUT.*?SQUID_SHUTDOWN_TIMEOUT=50?g" /etc/sysconfig/squid |
|
# Squid cache init |
/usr/sbin/squid -z |
} # End of param_squid () |
|
################################################################## |
## Fonction "param_dansguardian" ## |
## - Paramètrage du gestionnaire de contenu Dansguardian ## |
1031,8 → 1001,8 |
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf |
# Listen only on LAN side |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf |
# DG send its flow to SQUID |
$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf |
# DG send its flow to HAVP |
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf |
# replace the default deny HTML page |
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/ |
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html |
1471,13 → 1441,13 |
[ -e /etc/sudoers.default ] || cp /etc/sudoers /etc/sudoers.default |
cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers |
$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers |
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, squid, radiusd, ulogd) |
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, radiusd, ulogd) |
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/ |
chmod 644 /etc/logrotate.d/* |
# rectification sur versions précédentes de la compression des logs |
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf |
# actualisation des fichiers logs compressés |
for dir in firewall squid dansguardian httpd |
for dir in firewall dansguardian httpd |
do |
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \; |
done |
1507,7 → 1477,7 |
WantedBy=multi-user.target |
EOF |
# processes launched at boot time (SYSV) |
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam |
for i in ntpd iptables ulogd dnsmasq chilli httpd radiusd netfs mysqld dansguardian havp freshclam |
do |
/sbin/chkconfig --add $i |
done |
1744,12 → 1714,12 |
fi |
fi |
# RPMs install |
echo "STOP" ; read a |
$DIR_SCRIPTS/alcasar-urpmi.sh |
if [ "$?" != "0" ] |
then |
exit 0 |
fi |
echo "STOP" ; read a |
if [ -e $CONF_FILE ] |
then |
# Uninstall the running version |
1795,7 → 1765,7 |
else |
mode="install" |
fi |
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install |
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install |
do |
$func |
# echo "*** 'debug' : end of function $func ***"; read a |