BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /alcasar.sh @ 2724

  → /alcasar.sh @ 2723

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Regard whitespace Rev 2724 → Rev 2723

/alcasar.sh
106,7 → 106,7
then
exit 1
fi
} # End of license()
}
header_install()
{
115,7 → 115,7
echo " ALCASAR V$VERSION Installation"
echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
echo "-----------------------------------------------------------------------------"
} # End of header_install()
}
########################################################
## Function "testing" ##
255,7 → 255,7
if [ -z "$INTIF" ]; then
interfacesList=$(/usr/sbin/ip -br link show | cut -d' ' -f1 | grep -v "^\(lo\|tun0\|$EXTIF\)\$")
interfacesCount=$(echo "$interfacesList" | wc -w)
interfacesCount=$(echo "$interfacesList" | wc -l)
if [ $interfacesCount -eq 0 ]; then
if [ "$Lang" == 'fr' ]
then echo "Aucune interface de disponible pour le réseau interne"
267,6 → 267,7
else
interfacesSorted=$(/usr/sbin/ip -br addr | grep -v "^\(lo\|tun0\|$EXTIF\) " | sort -b -k3n -k2r -k1)
interfacePreferred=$(echo "$interfacesSorted" | head -1 | cut -d' ' -f1)
if [ "$Lang" == 'fr' ]
then echo 'Liste des interfaces disponible :'
else echo 'List of available interfaces:'
415,7 → 416,7
exit 1
fi
echo ". : ok"
} # End of testing()
} # end of testing ()
#######################################################################
## Function "init" ##
940,7 → 941,6
$SED "s?^;collation_server =.*?collation_server = utf8_unicode_ci?g" /etc/my.cnf
$SED "s?^;character_set_server =.*?character_set_server = utf8?g" /etc/my.cnf # accentuated user names are allowed
[ -e /etc/my.cnf.d/feedback.cnf ] && $SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/feedback.cnf # remove the feedback plugin (ALCASAR doesn't report anything !)
[ -e /etc/my.cnf.d/auth_gssapi.cnf ] && $SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/auth_gssapi.cnf # remove GSS plugin (ALCASAR doesn't use Kerberos)
/usr/sbin/mysqld-prepare-db-dir > /dev/null 2>&1
/usr/bin/systemctl set-environment MYSQLD_OPTS="--skip-grant-tables --skip-networking"
/usr/bin/systemctl start mysqld
957,6 → 957,7
fi
# Secure the server
/usr/bin/mysql --execute "GRANT ALL PRIVILEGES ON *.* TO root@'localhost' IDENTIFIED BY '$mysqlpwd';"
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"
$MYSQL "DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
$MYSQL "CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"
1048,7 → 1049,7
/usr/bin/systemctl daemon-reload
# Allow apache to change some conf files (ie : ldap on/off)
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
} # End of freeradius()
} # End freeradius ()
#############################################################################
## Function "chilli" ##
1416,12 → 1417,11
WantedBy=multi-user.target
EOF
} # end of tinyproxy()
##############################################################
} # end of tinyproxy
##############################################################################
## function "ulogd" ##
## - Ulog config for multi-log files ##
##############################################################
##############################################################################
ulogd()
{
# Three instances of ulogd (three different logfiles)
1446,6 → 1446,7
chmod 640 /var/log/firewall/*
} # End of ulogd()
##########################################################
## Function "nfsen" ##
## - install the nfsen grapher ##
1511,7 → 1512,7
# cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/
# tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/
# cd /tmp/
# /usr/bin/sh SURFmap/install.sh (no more used since Google sells the access to googleMap API)
# /usr/bin/sh SURFmap/install.sh
# clear the installation
# rm -rf /tmp/SURFmap*
rm -rf /tmp/nfsen-*
1532,17 → 1533,18
$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
/usr/bin/vnstat -i $EXTIF -u --force
} # End of vnstat()
} # End of vnstat
###################################################################
##################################################################
## Function "dnsmasq" ##
## - creation of the conf files of dnsmasq (whitelist for ipset )##
###################################################################
## - creation of the conf files of the 4 intances of dnsmasq ##
## - creation of the file managing domain name (local & remote) ##
##################################################################
dnsmasq()
{
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
[ -e /etc/dnsmasq.conf.default ] || mv /etc/dnsmasq.conf /etc/dnsmasq.conf.default
# dnsmasq listen on udp 55 ("dnsmasq with whitelist")
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
cat << EOF > /etc/dnsmasq-whitelist.conf
# Configuration file for "dnsmasq with whitelist"
# ADD Toulouse university whitelist domains
1560,18 → 1562,17
server=$DNS1
server=$DNS2
EOF
# Create dnsmasq-whitelist unit
mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
} # End of dnsmasq()
} # End dnsmasq
#########################################################
##################################################
## Function "unbound" ##
## - create the conf files for 4 unbound services ##
## - create the systemd files for 4 unbound services ##
#########################################################
##################################################
unbound ()
{
[ -d /etc/unbound/conf.d ] || mkdir -p /etc/unbound/conf.d
1584,6 → 1585,7
[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole
[ -d /var/log/unbound ] || { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; }
[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
# Local static DNS configuration
[ -e /etc/unbound/conf.d/common/local-dns/global.conf ] || touch /etc/unbound/conf.d/common/local-dns/global.conf
1659,6 → 1661,7
hide-version: yes
hide-identity: yes
do-ip6: no
include: /etc/unbound/conf.d/common/forward-zone.conf
include: /etc/unbound/conf.d/common/local-forward/*
include: /etc/unbound/conf.d/common/local-dns/*
1686,10 → 1689,12
chroot: ""
define-tag: "blacklist"
log-local-actions: yes
include: /etc/unbound/conf.d/common/forward-zone.conf
include: /etc/unbound/conf.d/common/local-forward/*
include: /etc/unbound/conf.d/common/local-dns/*
include: /etc/unbound/conf.d/blacklist/*
include: /usr/local/share/unbound-bl-enabled/*
EOF
1712,12 → 1717,15
do-ip6: no
do-not-query-localhost: no
define-tag: "whitelist"
local-zone: "." transparent
local-zone-tag: "." "whitelist"
include: /usr/local/share/unbound-wl-enabled/*
include: /etc/unbound/conf.d/whitelist/*
include: /etc/unbound/conf.d/common/local-dns/*
include: /etc/unbound/conf.d/common/local-forward/*
forward-zone:
name: "."
forward-addr: 127.0.0.1@55
1742,6 → 1750,7
hide-version: yes
hide-identity: yes
do-ip6: no
include: /etc/unbound/conf.d/blackhole/*
include: /etc/unbound/conf.d/common/local-dns/*
include: /etc/unbound/conf.d/common/local-forward/*
1753,6 → 1762,7
fi
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /lib/systemd/system/unbound.service
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/unbound.service
for list in blacklist blackhole whitelist
do
cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound-$list.service
1759,8 → 1769,9
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /lib/systemd/system/unbound-$list.service
$SED "s?^PIDFile=.*?PIDFile=/var/run/unbound-$list.pid?g" /lib/systemd/system/unbound-$list.service
done
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /lib/systemd/system/unbound-whitelist.service
} # End of unbound()
} # End unbound
##################################################
## Function "dhcpd" ##
1768,6 → 1779,7
dhcpd()
{
[ -e /etc/dhcpd.conf.default ] || cp /etc/dhcpd.conf /etc/dhcpd.conf.default
cat <<EOF > /etc/dhcpd.conf
ddns-update-style none;
subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {
1774,12 → 1786,13
option routers $PRIVATE_IP;
option subnet-mask $PRIVATE_NETMASK;
option domain-name-servers $PRIVATE_IP;
range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
default-lease-time 21600;
max-lease-time 43200;
}
EOF
} # End of dhcpd()
}
##########################################################
## Function "BL" ##
1844,7 → 1857,7
# enable the default categories
$DIR_DEST_BIN/alcasar-bl.sh --cat_choice
rm -rf /tmp/blacklists
} # End of BL()
} # End BL()
#######################################################
## Function "cron" ##
1926,7 → 1939,7
# removing the users crons
rm -f /var/spool/cron/*
} # End of cron()
} # End cron()
######################################################################
## Fonction "Fail2Ban" ##
1947,7 → 1960,7
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service
$SED '/Type=/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service
} # End of fail2ban()
} # End fail2ban()
#########################################################
## Fonction "gammu_smsd" ##
2036,7 → 2049,7
# Udev rule for fixing the enumeration of ttyUSB port on some MODEM (when they switch randomly the order of their ports at boot time)
# example : http://hintshop.ludvig.co.nz/show/persistent-names-usb-serial-devices/
} # End of gammu_smsd()
} # End gammu_smsd()
############################################################
## Fonction "msec" ##
2071,8 → 2084,9
/usr/sbin/msec
/etc/cron.weekly/msec
} # End of msec()
} # End msec()
##################################################################
## Fonction "letsencrypt" ##
## - Install Let's Encrypt client ##
2124,7 → 2138,7
cd $pwdInstall || { echo "Unable to find $pwdInstall directory"; exit 1; }
rm -rf /tmp/acme.sh-*
} # End of letsencrypt()
} # END letsencrypt()
##################################################################
## Fonction "post_install" ##
2338,7 → 2352,7
fi
clear
reboot
} # End of post_install()
} # End post_install ()
#####################################################################################
# Main Install loop #
2372,16 → 2386,10
exit 0
;;
-i | --install)
for func in license testing
do
header_install
$func
if [ $DEBUG_ALCASAR == "on" ]
then
echo "*** 'debug' : end of install '$func' ***"
read
fi
done
license
header_install
testing
# RPMs install
$DIR_SCRIPTS/alcasar-urpmi.sh
if [ "$?" != "0" ]