BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 2719

  → / @ 2724

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Regard whitespace Rev 2719 → Rev 2724

/CHANGELOG
3,7 → 3,7
********** ALCASAR CHANGELOG **********
-------------------- 3.4.0 --------------------
NEWS
- Replace DNSmasq server with Unbound
- Replace 4 DNSmasq servers with Unbound
- Add LDAPS (LDAP SSL) support.
- Add a global group named "default" for all users (the "ldap" group still exists for users authenticated through LDAP).
- Add LDAP filter.

/VERSION
1,0 → 0,0
3.3.3
3.4b

/alcasar.sh
106,7 → 106,7
then
exit 1
fi
}
} # End of license()
header_install ()
{
115,7 → 115,7
echo " ALCASAR V$VERSION Installation"
echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
echo "-----------------------------------------------------------------------------"
}
} # End of header_install()
########################################################
## Function "testing" ##
255,7 → 255,7
if [ -z "$INTIF" ]; then
interfacesList=$(/usr/sbin/ip -br link show | cut -d' ' -f1 | grep -v "^\(lo\|tun0\|$EXTIF\)\$")
interfacesCount=$(echo "$interfacesList" | wc -l)
interfacesCount=$(echo "$interfacesList" | wc -w)
if [ $interfacesCount -eq 0 ]; then
if [ "$Lang" == 'fr' ]
then echo "Aucune interface de disponible pour le réseau interne"
267,7 → 267,6
else
interfacesSorted=$(/usr/sbin/ip -br addr | grep -v "^\(lo\|tun0\|$EXTIF\) " | sort -b -k3n -k2r -k1)
interfacePreferred=$(echo "$interfacesSorted" | head -1 | cut -d' ' -f1)
if [ "$Lang" == 'fr' ]
then echo 'Liste des interfaces disponible :'
else echo 'List of available interfaces:'
416,7 → 415,7
exit 1
fi
echo ". : ok"
} # end of testing ()
} # End of testing()
#######################################################################
## Function "init" ##
941,6 → 940,7
$SED "s?^;collation_server =.*?collation_server = utf8_unicode_ci?g" /etc/my.cnf
$SED "s?^;character_set_server =.*?character_set_server = utf8?g" /etc/my.cnf # accentuated user names are allowed
[ -e /etc/my.cnf.d/feedback.cnf ] && $SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/feedback.cnf # remove the feedback plugin (ALCASAR doesn't report anything !)
[ -e /etc/my.cnf.d/auth_gssapi.cnf ] && $SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/auth_gssapi.cnf # remove GSS plugin (ALCASAR doesn't use Kerberos)
/usr/sbin/mysqld-prepare-db-dir > /dev/null 2>&1
/usr/bin/systemctl set-environment MYSQLD_OPTS="--skip-grant-tables --skip-networking"
/usr/bin/systemctl start mysqld
957,7 → 957,6
fi
# Secure the server
/usr/bin/mysql --execute "GRANT ALL PRIVILEGES ON *.* TO root@'localhost' IDENTIFIED BY '$mysqlpwd';"
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"
$MYSQL "DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
$MYSQL "CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"
1049,7 → 1048,7
/usr/bin/systemctl daemon-reload
# Allow apache to change some conf files (ie : ldap on/off)
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
} # End freeradius ()
} # End of freeradius()
#############################################################################
## Function "chilli" ##
1417,11 → 1416,12
WantedBy=multi-user.target
EOF
} # end of tinyproxy
##############################################################################
} # end of tinyproxy()
##############################################################
## function "ulogd" ##
## - Ulog config for multi-log files ##
##############################################################################
##############################################################
ulogd ()
{
# Three instances of ulogd (three different logfiles)
1446,7 → 1446,6
chmod 640 /var/log/firewall/*
} # End of ulogd ()
##########################################################
## Function "nfsen" ##
## - install the nfsen grapher ##
1512,7 → 1511,7
# cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/
# tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/
# cd /tmp/
# /usr/bin/sh SURFmap/install.sh
# /usr/bin/sh SURFmap/install.sh (no more used since Google sells the access to googleMap API)
# clear the installation
# rm -rf /tmp/SURFmap*
rm -rf /tmp/nfsen-*
1533,18 → 1532,17
$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
/usr/bin/vnstat -i $EXTIF -u --force
} # End of vnstat
} # End of vnstat()
##################################################################
###################################################################
## Function "dnsmasq" ##
## - creation of the conf files of the 4 intances of dnsmasq ##
## - creation of the file managing domain name (local & remote) ##
##################################################################
## - creation of the conf files of dnsmasq (whitelist for ipset )##
###################################################################
dnsmasq ()
{
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
[ -e /etc/dnsmasq.conf.default ] || mv /etc/dnsmasq.conf /etc/dnsmasq.conf.default
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
# dnsmasq listen on udp 55 ("dnsmasq with whitelist")
cat << EOF > /etc/dnsmasq-whitelist.conf
# Configuration file for "dnsmasq with whitelist"
# ADD Toulouse university whitelist domains
1562,17 → 1560,18
server=$DNS1
server=$DNS2
EOF
# Create dnsmasq-whitelist unit
mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
} # End dnsmasq
} # End of dnsmasq()
##################################################
#########################################################
## Function "unbound" ##
##################################################
## - create the conf files for 4 unbound services ##
## - create the systemd files for 4 unbound services ##
#########################################################
unbound ()
{
[ -d /etc/unbound/conf.d ] || mkdir -p /etc/unbound/conf.d
1585,7 → 1584,6
[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole
[ -d /var/log/unbound ] || { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; }
[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
# Local static DNS configuration
[ -e /etc/unbound/conf.d/common/local-dns/global.conf ] || touch /etc/unbound/conf.d/common/local-dns/global.conf
1661,7 → 1659,6
hide-version: yes
hide-identity: yes
do-ip6: no
include: /etc/unbound/conf.d/common/forward-zone.conf
include: /etc/unbound/conf.d/common/local-forward/*
include: /etc/unbound/conf.d/common/local-dns/*
1689,12 → 1686,10
chroot: ""
define-tag: "blacklist"
log-local-actions: yes
include: /etc/unbound/conf.d/common/forward-zone.conf
include: /etc/unbound/conf.d/common/local-forward/*
include: /etc/unbound/conf.d/common/local-dns/*
include: /etc/unbound/conf.d/blacklist/*
include: /usr/local/share/unbound-bl-enabled/*
EOF
1717,15 → 1712,12
do-ip6: no
do-not-query-localhost: no
define-tag: "whitelist"
local-zone: "." transparent
local-zone-tag: "." "whitelist"
include: /usr/local/share/unbound-wl-enabled/*
include: /etc/unbound/conf.d/whitelist/*
include: /etc/unbound/conf.d/common/local-dns/*
include: /etc/unbound/conf.d/common/local-forward/*
forward-zone:
name: "."
forward-addr: 127.0.0.1@55
1750,7 → 1742,6
hide-version: yes
hide-identity: yes
do-ip6: no
include: /etc/unbound/conf.d/blackhole/*
include: /etc/unbound/conf.d/common/local-dns/*
include: /etc/unbound/conf.d/common/local-forward/*
1762,7 → 1753,6
fi
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /lib/systemd/system/unbound.service
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/unbound.service
for list in blacklist blackhole whitelist
do
cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound-$list.service
1769,9 → 1759,8
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /lib/systemd/system/unbound-$list.service
$SED "s?^PIDFile=.*?PIDFile=/var/run/unbound-$list.pid?g" /lib/systemd/system/unbound-$list.service
done
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /lib/systemd/system/unbound-whitelist.service
} # End unbound
} # End of unbound()
##################################################
## Function "dhcpd" ##
1779,7 → 1768,6
dhcpd ()
{
[ -e /etc/dhcpd.conf.default ] || cp /etc/dhcpd.conf /etc/dhcpd.conf.default
cat <<EOF > /etc/dhcpd.conf
ddns-update-style none;
subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {
1786,13 → 1774,12
option routers $PRIVATE_IP;
option subnet-mask $PRIVATE_NETMASK;
option domain-name-servers $PRIVATE_IP;
range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
default-lease-time 21600;
max-lease-time 43200;
}
EOF
}
} # End of dhcpd()
##########################################################
## Function "BL" ##
1857,7 → 1844,7
# enable the default categories
$DIR_DEST_BIN/alcasar-bl.sh --cat_choice
rm -rf /tmp/blacklists
} # End BL()
} # End of BL()
#######################################################
## Function "cron" ##
1939,7 → 1926,7
# removing the users crons
rm -f /var/spool/cron/*
} # End cron()
} # End of cron()
######################################################################
## Fonction "Fail2Ban" ##
1960,7 → 1947,7
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service
$SED '/Type=/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service
} # End fail2ban()
} # End of fail2ban()
#########################################################
## Fonction "gammu_smsd" ##
2049,7 → 2036,7
# Udev rule for fixing the enumeration of ttyUSB port on some MODEM (when they switch randomly the order of their ports at boot time)
# example : http://hintshop.ludvig.co.nz/show/persistent-names-usb-serial-devices/
} # End gammu_smsd()
} # End of gammu_smsd()
############################################################
## Fonction "msec" ##
2084,9 → 2071,8
/usr/sbin/msec
/etc/cron.weekly/msec
} # End msec()
} # End of msec()
##################################################################
## Fonction "letsencrypt" ##
## - Install Let's Encrypt client ##
2138,7 → 2124,7
cd $pwdInstall || { echo "Unable to find $pwdInstall directory"; exit 1; }
rm -rf /tmp/acme.sh-*
} # END letsencrypt()
} # End of letsencrypt()
##################################################################
## Fonction "post_install" ##
2352,7 → 2338,7
fi
clear
reboot
} # End post_install ()
} # End of post_install()
#####################################################################################
# Main Install loop #
2386,10 → 2372,16
exit 0
;;
-i | --install)
for func in license testing
do
header_install
license
header_install
testing
$func
if [ $DEBUG_ALCASAR == "on" ]
then
echo "*** 'debug' : end of install '$func' ***"
read
fi
done
# RPMs install
$DIR_SCRIPTS/alcasar-urpmi.sh
if [ "$?" != "0" ]

/readme.txt
1,22 → 1,22
$Id: readme-2.0.txt 581 2011-04-21 16:59:59Z richard $
Alcasar-3.3.3
ALCASAR-3.4
*********** English **********
- New installation : Need the DVD of Linux Mageia6 (Mageia-6-x86_64-DVD.iso) or the ISO file of ALCASAR (Mageiar).
- New installation : Boot your system with the ISO file of ALCASAR. This ISO is a dedicated version of Linux Mageia (Linux Mageia + ALCASAR = Mageiar).
--> Follow ALCASAR installation documentation.
- Update a 3.2 or higher
--> On your running ALCASAR, retrieve the last version of ALCASAR archive file (lftp http://ftp.alcasar.net)
--> Run the installation of the new version & choose "update"
- Update ALCASAR 3.2 or higher
--> On your running ALCASAR, retrieve the last version of ALCASAR archive file "alcasar-x.y.z.tar.gz" (for example, with the command "lftp http://ftp.alcasar.net")
--> uncompress this archive and run it. During the installation process of this new version, choose "update"
- Update an older version
--> Write network parameters of your running ALCASAR. Save the users database
--> Install the new version & import the old users database
--> Save and store the users database of your current ALCASAR
--> Install the new version. Import the previous saved users database
*********** Français ********
- Nouvelle installation : elle s'effectue sur la base du DVD de Linux Mageia6 (Mageia-6-x86_64-DVD.iso) ou de l'image ISO d'ALCASAR (Mageiar).
--> Suivez la procédure d'installation d'ALCASAR.
- Nouvelle installation : Démarrez votre système avec l'image ISO d'ALCASAR. Cette ISO est une version dédiée de Linux Mageia (Linux MAgeia + ALCASAR = Mageiar).
--> Suivez la documentation d'installation d'ALCASAR.
- Mise à jour d'une version 3.2 ou supérieure
--> Sur votre ALCASAR en fonctionnement, récupérez la dernière version du fichier archive d'ALCASAR (lftp http://ftp.alcasar.net)
--> Lancez l'installation de la nouvelle version et choisissez "mise à jour"
--> Sur votre ALCASAR en fonctionnement, copiez la dernière version du fichier archive d'ALCASAR "alcasar-x.y.z.tar.gz" (par exemple avec la commande "lftp http://ftp.alcasar.net")
--> Décompressez cette archive et lancez l'installation. Pendant le processus d'installation, choisissez "mise à jour"
- Mise à jour d'une version plus ancienne
--> Notez les paramètres réseau de votre ALCASAR en fonctionnement. Sauvegardez la base des utilisateurs
--> Installez la nouvelle version et importez l'ancienne base des utilisateurs
--> Sauvegardez et archivez la base des utilisateurs de votre ALCASAR
--> Installez la nouvelle version. Importez la base des utilisateurs précédemment archivée.

/web/acc/admin/services.php
170,7 → 170,7
$MainServiceStatus['radiusd'] = checkServiceStatus("radiusd");
$MainServiceStatus['mysqld'] = checkServiceStatus("mysqld");
$MainServiceStatus['lighttpd'] = checkServiceStatus("lighttpd");
$MainServiceStatus['unbound'] = checkServiceStatus("unbound-forward");
$MainServiceStatus['unbound'] = checkServiceStatus("unbound");
$MainServiceStatus['ulogd_ssh'] = checkServiceStatus("ulogd-ssh");
$MainServiceStatus['ulogd_ext_access'] = checkServiceStatus("ulogd-ext-access");
$MainServiceStatus['ulogd_traceability'] = checkServiceStatus("ulogd-traceability");