/CHANGELOG |
---|
12,7 → 12,6 |
- adapt CA certificate to edge/chrome (add the "Subject Alt Name" - SAN) |
- improve "alcasar-CA.sh" script : can create server certificate for every hostname (not only alcasar.localdomain) |
- kernel 5.10.14 + coova-chilli 1.6 + nfdump 1.6.22 |
- move all alcasar systemd units in "/etc/systemd" (compliant with Linux file-hierarchy) |
BUGS |
- Fix a display bug in ACC activity & stat page |
- Add the CA chain certificates in Coova in order to allow authentication with the last versions of Chrome/Edge |
/scripts/alcasar-urpmi.sh |
---|
272,4 → 272,5 |
echo "/^wkhtmltopdf/" >> /etc/urpmi/skip.list |
echo "/^clamd/" >> /etc/urpmi/skip.list |
echo "/^clamav/" >> /etc/urpmi/skip.list |
echo "/^unbound/" >> /etc/urpmi/skip.list |
exit 0 |
/scripts/alcasar-uninstall.sh |
---|
22,7 → 22,7 |
ACC () |
{ |
echo -en "(11) : " |
echo -en "(10) : " |
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-web && echo -n "2, " |
[ -e /etc/php.d/05_date.ini.default ] && mv -f /etc/php.d/05_date.ini.default /etc/php.d/05_date.ini && echo -n "3, " |
32,8 → 32,7 |
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv -f /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "7, " |
[ -e /etc/php-fpm.conf.default ] && mv -f /etc/php-fpm.conf.default /etc/php-fpm.conf && echo -n "8, " |
[ -d /etc/lighttpd/vhosts.d ] && rm -rf /etc/lighttpd/vhosts.d && echo -n "9, " |
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "10, " |
[ -e /etc/systemd/system/lighttpd.service ] && rm -f /etc/systemd/system/lighttpd.service && echo -n "11" |
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "10" |
} |
CA () |
57,17 → 56,7 |
{ |
echo -en "(2) : " |
[ -e /etc/my.cnf.default ] && mv -f /etc/my.cnf.default /etc/my.cnf && echo -n "1, " |
if [ -e /lib/systemd/system/mysqld.service.default ] |
then |
mv -f /lib/systemd/system/mysqld.service.default /lib/systemd/system/mysqld.service |
echo -n "2" |
else |
if [ -e /etc/systemd/system/mysqld.service ] |
then |
rm /etc/systemd/system/mysqld.service |
echo -n "2" |
fi |
fi |
[ -e /lib/systemd/system/mysqld.service.default ] && mv -f /lib/systemd/system/mysqld.service.default /lib/systemd/system/mysqld.service && echo -n "2" |
/usr/bin/systemctl daemon-reload |
rm -rf /var/lib/mysql |
} |
75,7 → 64,7 |
freeradius () |
{ |
echo -en "(22) : " |
[ -e /etc/raddb/empty-radiusd-db.sql ] && rm /etc/raddb/empty-radiusd-db.sql && echo -n "1, " |
[ -e /etc/raddb/empty-radiusd-db.sql ] && rm -f /etc/raddb/empty-radiusd-db.sql && echo -n "1, " |
[ -e /etc/raddb/radiusd.conf.default ] && mv /etc/raddb/radiusd.conf.default /etc/raddb/radiusd.conf && echo -n "2, " |
[ -e /etc/raddb/dictionary.default ] && mv /etc/raddb/dictionary.default /etc/raddb/dictionary && echo -n "3, " |
[ -e /etc/raddb/dictionary.alcasar ] && rm /etc/raddb/dictionary.alcasar && echo -n "4, " |
84,27 → 73,17 |
[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar && echo -n "7, " |
[ -e /etc/raddb/sites-available/alcasar ] && rm /etc/raddb/sites-available/alcasar && echo -n "8, " |
[ -e /etc/raddb/sites-available/alcasar-with-ldap ] && rm /etc/raddb/sites-available/alcasar-with-ldap && echo -n "9, " |
[ -e /etc/raddb/mods-available/ldap-alcasar ] && rm /etc/raddb/mods-enabled/ldap-alcasar && rm -f /etc/raddb/mods-available/ldap-alcasar && echo -n "10, " |
[ -e /etc/raddb/mods-available/ldap-alcasar ] && rm -f /etc/raddb/mods-enabled/ldap-alcasar && rm -f /etc/raddb/mods-available/ldap-alcasar && echo -n "10, " |
i=10 |
for mods in sql sqlcounter attr_filter expiration logintime pap expr always |
do |
i=`expr $i + 1` |
[ -e /etc/raddb/mods-enabled/$mods ] && rm /etc/raddb/mods-enabled/$mods && echo -n "$i, " |
rm /etc/raddb/mods-enabled/$mods && echo -n "$i, " |
done |
[ -e /etc/raddb/mods-available/sql.default ] && mv /etc/raddb/mods-available/sql.default /etc/raddb/mods-available/sql && echo -n "19, " |
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] && mv /etc/raddb/mods-config/sql/main/mysql/queries.conf.default /etc/raddb/mods-config/sql/main/mysql/queries.conf && echo -n "20, " |
[ -e /etc/raddb/mods-available/sqlcounter.default ] && mv /etc/raddb/mods-available/sqlcounter.default /etc/raddb/mods-available/sqlcounter && echo -n "21, " |
if [ -e /lib/systemd/system/radiusd.service.default ] |
then |
mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service |
echo -n "22" |
else |
if [ -e /etc/systemd/system/radiusd.service ] |
then |
rm -f /etc/systemd/system/radiusd.service |
echo -n "22" |
fi |
fi |
[ -e /lib/systemd/system/radiusd.service.default ] && mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service && echo -n "22" |
} |
chilli () |
113,7 → 92,7 |
[ -e /etc/init.d/chilli.default ] && mv /etc/init.d/chilli.default /etc/init.d/chilli && echo -n "1, " |
[ -e /usr/libexec/chilli ] && rm /usr/libexec/chilli && echo -n "2, " |
[ -e /etc/chilli.conf.default ] && mv /etc/chilli.conf.default /etc/chilli.conf && echo -n "3, " |
[ -e /etc/systemd/system/chilli.service ] && rm /etc/systemd/system/chilli.service && echo -n "4" |
[ -e /lib/systemd/system/chilli.service ] && rm /lib/systemd/system/chilli.service && echo -n "4" |
} |
e2guardian () |
121,23 → 100,13 |
echo -en "(15) : " |
[ -d /var/e2guardian ] && rm -rf /var/e2guardian |
[ -d /var/dansguardian ] && rm -rf /var/dansguardian |
if [ -e /lib/systemd/system/e2guardian.service.default ] |
then |
mv /lib/systemd/system/e2guardian.service.default /lib/systemd/system/e2guardian.service |
echo -n "1, " |
else |
if [ -e /etc/systemd/system/e2guardian.service ] |
then |
rm -f /etc/systemd/system/e2guardian.service |
echo -n "1, " |
fi |
fi |
[ -e /lib/systemd/system/e2guardian.service.default ] && mv /lib/systemd/system/e2guardian.service.default /lib/systemd/system/e2guardian.service && echo -n "1, " |
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, " |
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, " |
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, " |
[ -e /etc/e2guardian/e2guardianf2.conf ] && rm -f /etc/e2guardian/e2guardianf2.conf && echo -n "5, " |
[ -e /usr/share/e2guardian/languages/french/alcasar-e2g.html ] && rm /usr/share/e2guardian/languages/french/alcasar-e2g.html && echo -n "6, " |
[ -e /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html ] && rm /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html && echo -n "7, " |
[ -e /usr/share/e2guardian/languages/french/template.html.default ] && mv /usr/share/e2guardian/languages/french/template.html.default /usr/share/e2guardian/languages/french/template.html && echo -n "6, " |
[ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] && mv /usr/share/e2guardian/languages/ukenglish/template.html.default /usr/share/e2guardian/languages/ukenglish/template.html && echo -n "7, " |
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "8, " |
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "9, " |
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "10, " |
151,28 → 120,8 |
antivirus () |
{ |
echo -en "(4) : " |
if [ -e /lib/systemd/system/clamav-daemon.service.default ] |
then |
mv /lib/systemd/system/clamav-daemon.service.default /lib/systemd/system/clamav-daemon.service |
echo -n "1, " |
else |
if [ -e /etc/systemd/system/clamav-daemon.service ] |
then |
rm -f /etc/systemd/system/clamav-daemon.service |
echo -n "1, " |
fi |
fi |
if [ -e /lib/systemd/system/clamav-daemon.socket.default ] |
then |
mv /lib/systemd/system/clamav-daemon.socket.default /lib/systemd/system/clamav-daemon.socket |
echo -n "2, " |
else |
if [ -e /etc/systemd/system/clamav-daemon.socket ] |
then |
rm -f /etc/systemd/system/clamav-daemon.socket |
echo -n "2, " |
fi |
fi |
[ -e /lib/systemd/system/clamav-daemon.service.default ] && mv /lib/systemd/system/clamav-daemon.service.default /lib/systemd/system/clamav-daemon.service && echo -n "1, " |
[ -e /lib/systemd/system/clamav-daemon.socket.default ] && mv /lib/systemd/system/clamav-daemon.socket.default /lib/systemd/system/clamav-daemon.socket && echo -n "2, " |
[ -e /etc/clamd.conf.default ] && mv /etc/clamd.conf.default /etc/clamd.conf && echo -n "3, " |
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "4" |
} |
186,7 → 135,7 |
i=`expr $i + 1` |
[ -e /etc/ulogd-$log_type.conf ] && rm -f /etc/ulogd-$log_type.conf && echo -n "$i, " |
i=`expr $i + 1` |
[ -e /etc/systemd/system/ulogd-$log_type.service ] && rm -f /etc/systemd/system/ulogd-$log_type.service && echo -n "$i, " |
[ -e /lib/systemd/system/ulogd-$log_type.service ] && rm -f /lib/systemd/system/ulogd-$log_type.service && echo -n "$i, " |
done |
} |
194,7 → 143,7 |
{ |
# we don't remove user "nfcapd" & nfcapd folders in order to keep data when updating |
echo -en "(1) : " |
[ -e /etc/systemd/system/nfcapd.service ] && rm -f /etc/systemd/system/nfcapd.service && echo -n "1" |
[ -e /lib/systemd/system/nfcapd.service ] && rm -f /lib/systemd/system/nfcapd.service && echo -n "1" |
} |
vnstat () |
201,72 → 150,26 |
{ |
echo -en "(2) : " |
[ -e /etc/vnstat.conf.default ] && mv /etc/vnstat.conf.default /etc/vnstat.conf && echo -n "1, " |
if [ -e /lib/systemd/system/vnstat.service.default ] |
then |
mv /lib/systemd/system/vnstat.service.default /lib/systemd/system/vnstat.service |
echo -n "2" |
else |
if [ -e /etc/systemd/system/vnstat.service ] |
then |
rm -f /etc/systemd/system/vnstat.service |
echo -n "2" |
fi |
fi |
[ -e /lib/systemd/system/vnstat.service.default ] && mv /lib/systemd/system/vnstat.service.default /lib/systemd/system/vnstat.service && echo -n "2" |
} |
dnsmasq () |
{ |
echo -en "(3) : " |
echo -en "(4) : " |
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "1, " |
[ -e /etc/dnsmasq-whitelist.conf ] && rm /etc/dnsmasq-whitelist.conf && echo -n "2, " |
if [ -e /lib/systemd/system/dnsmasq.service.default ] |
then |
mv /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq.service |
echo -n "3, " |
else |
if [ -e /etc/systemd/system/dnsmasq-whitelist.service ] |
then |
rm -f /etc/systemd/system/dnsmasq-whitelist.service |
echo -n "3, " |
fi |
fi |
[ -e /lib/systemd/system/dnsmasq.service.default ] && mv /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq.service && echo -n "3, " |
[ -e /lib/systemd/system/dnsmasq-whitelist.service ] && rm /lib/systemd/system/dnsmasq-whitelist.service && echo -n "4" |
} |
unbound () |
{ |
echo -en "(9) : " |
echo -en "(5) : " |
[ -e /etc/unbound/unbound.conf.default ] && mv /etc/unbound/unbound.conf.default /etc/unbound/unbound.conf && echo -n "1, " |
[ -e /etc/unbound/unbound-blacklist.conf ] && rm -f /etc/unbound/unbound-blacklist.conf && echo -n "2, " |
[ -e /etc/unbound/unbound-whitelist.conf ] && rm -f /etc/unbound/unbound-whitelist.conf && echo -n "3, " |
[ -e /etc/unbound/unbound-blackhole.conf ] && rm -f /etc/unbound/unbound-blackhole.conf && echo -n "4, " |
[ -e /etc/unbound/conf.d ] && rm -rf /etc/unbound/conf.d && echo -n "5, " |
i=6 |
for list in blacklist blackhole whitelist |
do |
if [ -e /lib/systemd/system/unbound-$list.service ] |
then |
rm -f /lib/systemd/system/unbound-$list.service |
echo -n "$i, " |
else |
if [ -e /etc/systemd/system/unbound-$list.service ] |
then |
rm -f /etc/systemd/system/unbound-$list.service |
echo -n "$i, " |
fi |
fi |
i=`expr $i + 1` |
done |
if [ -e /lib/systemd/system/unbound.service.default ] |
then |
mv /lib/systemd/system/unbound.service.default /lib/systemd/system/unbound.service |
echo -n "9" |
else |
if [ -e /etc/systemd/system/unbound.service ] |
then |
rm -f /etc/systemd/system/unbound.service |
echo -n "9" |
fi |
fi |
[ -e /etc/unbound/conf.d ] && rm -rf /etc/unbound/conf.d && echo -n "5" |
} |
dhcpd () |
305,26 → 208,15 |
i=`expr $i + 1` |
rm $jail && echo -n "$i, " |
done |
if [ -e /lib/systemd/system/fail2ban.service.default ] |
then |
mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service |
echo -n "11" |
else |
if [ -e /etc/systemd/system/fail2ban.service ] |
then |
rm -f /etc/systemd/system/fail2ban.service |
echo -n "11" |
fi |
fi |
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "11" |
} |
gammu_smsd () |
{ |
echo -en "(4) : " |
echo -en "(3) : " |
[ -e /etc/gammu_smsd_conf ] && rm -f /etc/gammu_smsd_conf && echo -n "1, " |
[ -e /etc/systemd/system/gammu_smsd.service ] && rm -f /etc/systemd/system/gammu_smsd.service && echo -n "2, " |
[ -e /var/log/gammu-smsd ] && rm -rf /var/log/gammu-smsd && echo -n "3, " |
userdel -r gammu_smsd 2>/dev/null && echo -n "4" |
[ -e /var/log/gammu-smsd ] && rm -rf /var/log/gammu-smsd && echo -n "2, " |
userdel -r gammu_smsd 2>/dev/null && echo -n "3" |
#[ -e /lib/udev/rules.d/66-huawei.rules ] && rm -f /lib/udev/rules.d/66-huawei.rules && echo -n "4" |
} |
355,17 → 247,7 |
[ -e /etc/ssh/sshd_config.default ] && mv -f /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, " |
[ -e /etc/bashrc.default ] && mv -f /etc/bashrc.default /etc/bashrc && echo -n "4, " |
[ -e /etc/sudoers.default ] && mv -f /etc/sudoers.default /etc/sudoers && echo -n "5, " |
if [ -e /lib/systemd/system/alcasar-load_balancing.service ] |
then |
rm -f /lib/systemd/system/alcasar-load_balancing.service |
echo -n "6, " |
else |
if [ -e /etc/systemd/system/alcasar-load_balancing.service ] |
then |
rm -f /etc/systemd/system/alcasar-load_balancing.service |
echo -n "6, " |
fi |
fi |
[ -e /lib/systemd/system/alcasar-load_balancing.service ] && rm -f /lib/systemd/system/alcasar-load_balancing.service && echo -n "6, " |
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "7, " |
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "8" |
} |
420,8 → 302,7 |
/usr/local/bin/alcasar-sms.sh --stop |
for i in $services |
do |
service_exist=`systemctl list-unit-files | grep ^$i.service | wc -l` |
if [ $service_exist -eq 1 ] |
if [ -e /lib/systemd/system/$i.service ] |
then |
/usr/bin/systemctl disable $i.service |
/usr/bin/systemctl stop $i.service 1>/dev/null |
472,17 → 353,7 |
[ -e /etc/hosts.allow.default ] && mv -f /etc/hosts.allow.default /etc/hosts.allow && echo -n "5, " |
[ -e /etc/hosts.deny.default ] && mv -f /etc/hosts.deny.default /etc/hosts.deny && echo -n "6, " |
[ -e /etc/modprobe.preload.default ] && mv -f /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "7, " |
if [ -e /lib/systemd/system/iptables.service.default ] |
then |
mv -f /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service |
echo -n "8, " |
else |
if [ -e /etc/systemd/system/iptables.service ] |
then |
rm -f /etc/systemd/system/iptables.service |
echo -n "8, " |
fi |
fi |
[ -e /lib/systemd/system/iptables.service.default ] && mv -f /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo -n "8, " |
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "9" |
/usr/bin/systemctl restart network |
sleep 1 |
/alcasar.sh |
---|
735,8 → 735,8 |
# load ipt_NETFLOW module |
echo "ipt_NETFLOW" >> /etc/modprobe.preload |
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush) |
cp /lib/systemd/system/iptables.service /etc/systemd/system/iptables.service |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /etc/systemd/system/iptables.service |
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service |
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default |
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies) |
# |
803,7 → 803,7 |
done |
chown -R root:apache $DIR_SAVE |
# Configuring & securing php |
[ -e /etc/php.d/05_date.ini.default ] || cp /etc/php.d/05_date.ini /etc/php.d/05_date.ini.default |
[ -e /etc/php.d/05_date.ini ] || cp /etc/php.d/05_date.ini /etc/php.d/05_date.ini.default |
timezone=`timedatectl show --property=Timezone|cut -d"=" -f2` |
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.d/05_date.ini |
[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default |
873,8 → 873,7 |
[ -d /var/www/html/certs ] || mkdir /var/www/html/certs |
ln -s /etc/pki/CA/alcasar-ca.crt /var/www/html/certs/certificat_alcasar_ca.crt |
# Run lighttpd after coova (in order waiting tun0 to be up) |
cp /lib/systemd/system/lighttpd.service /etc/systemd/system/lighttpd.service |
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /etc/systemd/system/lighttpd.service |
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/lighttpd.service |
# Log file for ACC access imputability |
[ -e $DIR_SAVE/security/acc_access.log ] || touch $DIR_SAVE/security/acc_access.log |
chown root:apache $DIR_SAVE/security/acc_access.log |
960,9 → 959,9 |
# Add an empty radius database structure |
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/empty-radiusd-db.sql |
# modify the start script in order to close accounting connexion when the system is comming down or up |
cp /lib/systemd/system/mysqld.service /etc/systemd/system/mysqld.service |
$SED "/^ExecStart=/a ExecStop=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /etc/systemd/system/mysqld.service |
$SED "/^ExecStop=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /etc/systemd/system/mysqld.service |
[ -e /lib/systemd/system/mysqld.service.default ] || cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default |
$SED "/^ExecStart=/a ExecStop=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service |
$SED "/^ExecStop=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service |
/usr/bin/systemctl unset-environment MYSQLD_OPTS |
/usr/bin/systemctl daemon-reload |
} # End of init_db() |
1045,8 → 1044,8 |
cp -f $DIR_CONF/radius/sqlcounter /etc/raddb/mods-available/sqlcounter |
chown -R radius:radius /etc/raddb/mods-available/sqlcounter |
# make certain that mysql is up before freeradius start |
cp /lib/systemd/system/radiusd.service /etc/systemd/system/radiusd.service |
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /etc/systemd/system/radiusd.service |
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default |
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service |
/usr/bin/systemctl daemon-reload |
# Allow apache to change some conf files (ie : ldap on/off) |
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available |
1061,7 → 1060,7 |
chilli() |
{ |
# chilli unit for systemd |
cat << EOF > /etc/systemd/system/chilli.service |
cat << EOF > /lib/systemd/system/chilli.service |
# This file is part of systemd. |
# |
# systemd is free software; you can redistribute it and/or modify it |
1261,11 → 1260,11 |
e2guardian() |
{ |
# Adapt systemd unit |
cp /lib/systemd/system/e2guardian.service /etc/systemd/system/e2guardian.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /etc/systemd/system/e2guardian.service |
$SED "s?^After=.*?After=network.target chilli.service?g" /etc/systemd/system/e2guardian.service |
[ -e /lib/systemd/system/e2guardian.service.default ] || cp /lib/systemd/system/e2guardian.service /lib/systemd/system/e2guardian.service.default |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /lib/systemd/system/e2guardian.service |
$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/e2guardian.service |
[ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default |
# Adapt the main conf file |
[ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default |
# French deny HTML page |
$SED "s?^language =.*?language = 'french'?g" $DIR_DG/e2guardian.conf |
# 2 filtergroups (8080 & 8090) |
1371,14 → 1370,14 |
################################################################## |
antivirus() |
{ |
# Clamd unit adaptation to e2guardian |
cp /lib/systemd/system/clamav-daemon.service /etc/systemd/system/clamav-daemon.service |
$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /etc/systemd/system/clamav-daemon.service |
$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /etc/systemd/system/clamav-daemon.service |
cp /lib/systemd/system/clamav-daemon.socket /etc/systemd/system/clamav-daemon.socket |
$SED "s?^SocketUser=.*?SocketUser=e2guardian?g" /etc/systemd/system/clamav-daemon.socket |
$SED "s?^SocketGroup=.*?SocketGroup=e2guardian?g" /etc/systemd/system/clamav-daemon.socket |
# Clamd conf adaptation to e2guardian |
# Clamd adaptation to e2guardian |
[ -e /lib/systemd/system/clamav-daemon.service.default ] || cp /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-daemon.service.default |
$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /lib/systemd/system/clamav-daemon.service |
$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /lib/systemd/system/clamav-daemon.service |
[ -e /lib/systemd/system/clamav-daemon.socket.default ] || cp /lib/systemd/system/clamav-daemon.socket /lib/systemd/system/clamav-daemon.socket.default |
$SED "s?^SocketUser=.*?SocketUser=e2guardian?g" /lib/systemd/system/clamav-daemon.socket |
$SED "s?^SocketGroup=.*?SocketGroup=e2guardian?g" /lib/systemd/system/clamav-daemon.socket |
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default |
$SED "s?^MaxThreads.*?MaxThreads 32?g" /etc/clamd.conf |
$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message |
1411,7 → 1410,7 |
nl=1 |
for log_type in traceability ssh ext-access |
do |
cp -f /lib/systemd/system/ulogd.service /etc/systemd/system/ulogd-$log_type.service |
[ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service |
[ -e /var/log/firewall/$log_type.log ] || echo "" > /var/log/firewall/$log_type.log |
cp -f $DIR_CONF/ulogd-sample.conf /etc/ulogd-$log_type.conf |
$SED "s?^group=.*?group=$nl?g" /etc/ulogd-$log_type.conf |
1420,7 → 1419,7 |
file="/var/log/firewall/$log_type.log" |
sync=1 |
EOF |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -u ulogd -c /etc/ulogd-$log_type.conf $ULOGD_OPTIONS?g" /etc/systemd/system/ulogd-$log_type.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -u ulogd -c /etc/ulogd-$log_type.conf $ULOGD_OPTIONS?g" /lib/systemd/system/ulogd-$log_type.service |
nl=`expr $nl + 1` |
done |
chown -R root:apache /var/log/firewall |
1438,7 → 1437,7 |
groupadd -f nfcapd |
id -u nfcapd >/dev/null 2>&1 || useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd |
# nfcapd unit for systemd |
cat << EOF > /etc/systemd/system/nfcapd.service |
cat << EOF > /lib/systemd/system/nfcapd.service |
# This file is part of systemd. |
# |
# systemd is free software; you can redistribute it and/or modify it |
1480,8 → 1479,8 |
$SED "s?^MaxBandwidth.*?MaxBandwidth 10000?g" /etc/vnstat.conf |
# vnstat-dashboard |
$SED "s?^\$thisInterface.*?\$thisInterface = \"$EXTIF\";?" $DIR_ACC/manager/vnstat/index.php |
cp /lib/systemd/system/vnstat.service /etc/systemd/system/vnstat.service |
$SED "s?^PIDFILE=.*?PIDFILE=/run/vnstat/vnstat.pid?g" /etc/systemd/system/vnstat.service |
[ -e /lib/systemd/system/vnstat.service.default ] || cp /lib/systemd/system/vnstat.service /lib/systemd/system/vnstat.service.default |
$SED "s?^PIDFILE=.*?PIDFILE=/run/vnstat/vnstat.pid?g" /lib/systemd/system/vnstat.service |
} # End of vnstat() |
################################################################### |
1510,11 → 1509,11 |
server=$DNS1 |
server=$DNS2 |
EOF |
# Don't run dnsmasq service. Create dnsmasq-whitelist unit |
systemctl disable dnsmasq.service |
cp -f /lib/systemd/system/dnsmasq.service /etc/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /etc/systemd/system/dnsmasq-whitelist.service |
$SED "s?^PIDFile=.*?PIDFile=/run/dnsmasq-whitelist.pid?g" /etc/systemd/system/dnsmasq-whitelist.service |
# Create dnsmasq-whitelist unit |
mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default |
cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^PIDFile=.*?PIDFile=/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service |
} # End of dnsmasq() |
######################################################### |
1683,16 → 1682,19 |
include: /etc/unbound/conf.d/blackhole/* |
EOF |
cp /lib/systemd/system/unbound.service /etc/systemd/system/unbound.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /etc/systemd/system/unbound.service |
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /etc/systemd/system/unbound.service |
if [ ! -e /lib/systemd/system/unbound.service.default ] |
then |
cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound.service.default |
fi |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /lib/systemd/system/unbound.service |
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/unbound.service |
for list in blacklist blackhole whitelist |
do |
cp -f /lib/systemd/system/unbound.service /etc/systemd/system/unbound-$list.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /etc/systemd/system/unbound-$list.service |
$SED "s?^PIDFile=.*?PIDFile=/run/unbound-$list.pid?g" /etc/systemd/system/unbound-$list.service |
cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound-$list.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /lib/systemd/system/unbound-$list.service |
$SED "s?^PIDFile=.*?PIDFile=/run/unbound-$list.pid?g" /lib/systemd/system/unbound-$list.service |
done |
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /etc/systemd/system/unbound-whitelist.service |
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /lib/systemd/system/unbound-whitelist.service |
} # End of unbound() |
################################################## |
1939,10 → 1941,10 |
chmod 644 $DIR_SAVE/security/watchdog.log |
/usr/bin/touch /var/log/auth.log |
# fail2ban unit |
cp /lib/systemd/system/fail2ban.service /etc/systemd/system/fail2ban.service |
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /etc/systemd/system/fail2ban.service |
$SED '/Type=/a\PIDFile=/run/fail2ban/fail2ban.pid' /etc/systemd/system/fail2ban.service |
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /etc/systemd/system/fail2ban.service |
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default |
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service |
$SED '/Type=/a\PIDFile=/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service |
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service |
} # End of fail2ban() |
######################################################### |
2003,7 → 2005,7 |
chmod 755 /etc/gammu_smsd_conf /etc/gammurc |
# Create the systemd unit |
cat << EOF > /etc/systemd/system/gammu-smsd.service |
cat << EOF > /lib/systemd/system/gammu-smsd.service |
[Unit] |
Description=SMS daemon for Gammu |
Documentation=man:gammu-smsd(1) |
2191,7 → 2193,7 |
find /var/log/$dir -type f -name "*.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]" -exec gzip {} \; |
done |
# create the alcasar-load_balancing unit |
cat << EOF > /etc/systemd/system/alcasar-load_balancing.service |
cat << EOF > /lib/systemd/system/alcasar-load_balancing.service |
# This file is part of systemd. |
# |
# systemd is free software; you can redistribute it and/or modify it |
2373,7 → 2375,7 |
exit 0 |
;; |
-i | --install) |
for func in license testing_system testing_network |
for func in license testing_system |
do |
header_install |
$func |
2449,7 → 2451,7 |
fi |
mode="update" |
fi |
for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install |
for func in testing_network init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install |
do |
$func |
if [ $DEBUG_ALCASAR == "on" ] |