/scripts/alcasar-conf.sh |
---|
287,7 → 287,7 |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
DEVICE=$EXTIF |
BOOTPROTO=dhcp |
DNS1=127.0.0.1 |
DNS1=$DNS1 |
PEERDNS=no |
RESOLV_MODS=yes |
ONBOOT=yes |
307,7 → 307,7 |
IPADDR=$PUBLIC_IP |
NETMASK=$PUBLIC_NETMASK |
GATEWAY=$PUBLIC_GATEWAY |
DNS1=127.0.0.1 |
DNS1=$DNS1 |
RESOLV_MODS=yes |
ONBOOT=yes |
METRIC=10 |
389,8 → 389,9 |
access-control-view: 127.0.0.1/8 lo |
view: |
name: "lo" |
local-zone: "$DOMAIN" static |
local-data: "$HOSTNAME A 127.0.0.1" |
local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1" |
local-data-ptr: "127.0.0.1 $HOSTNAME.$DOMAIN" |
view-first: yes |
EOF |
# Configuration file for $INTIF of forward |
/scripts/alcasar-daemon.sh |
---|
62,7 → 62,7 |
echo "$nb_srv services needed by ALCASAR are started." |
fi |
if [ `lsmod|grep ^ipt_NETFLOW|wc -l` == 0 ] |
if [ `cat /proc/modules|grep -c ^ipt_NETFLOW` == 0 ] |
then |
logger -t alcasar-daemon -i "ipt_netflow is inactive." |
echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)" |
/scripts/alcasar-rpm-download.sh |
---|
11,9 → 11,9 |
VERSION="7" |
ARCH="x86_64" |
# The kernel version we compile netflow for |
KERNEL="kernel-server-5.3.7-4.mga7-1-1.mga7" |
KERNEL="kernel-server-5.7.14-1.mga7-1-1.mga7" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamd perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron usbutils locales-en usb_modeswitch vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server netcat-traditional" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-rrd unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo" |
rpm_repository_sync () |
{ |
/scripts/alcasar-uninstall.sh |
---|
192,9 → 192,9 |
fail2ban () |
{ |
echo -en "(7) : " |
echo -en "(6) : " |
[ -e /etc/fail2ban/jail.conf.default ] && mv /etc/fail2ban/jail.conf.default /etc/fail2ban/jail.conf && echo -n "1, " |
[ -e /etc/fail2ban/action.d/iptables-allports.conf.default ] && mv /etc/fail2ban/action.d/iptables-allports.conf.default /etc/fail2ban/action.d/iptables-allports.conf && echo -n "2, " |
[ -e /etc/fail2ban/action.d/iptables-allports.conf.default ] && mv /etc/fail2ban/action.d/iptables-allports.conf.default /etc/fail2ban/action.d/iptables-allports.conf # only for ALCASAR version <= V3.5.1 |
i=2 |
for filter in `ls /etc/fail2ban/filter.d/alcasar_* 2>/dev/null` |
do |
201,7 → 201,7 |
i=`expr $i + 1` |
rm $filter && echo -n "$i, " |
done |
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "7" |
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "6" |
} |
gammu_smsd () |
234,7 → 234,7 |
post_install () |
{ |
echo -en "(7) : " |
echo -en "(8) : " |
[ -e /etc/mageia-release.default ] && mv -f /etc/mageia-release.default /etc/mageia-release && echo -n "1, " |
[ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, " |
[ -e /etc/ssh/sshd_config.default ] && mv -f /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, " |
241,7 → 241,8 |
[ -e /etc/bashrc.default ] && mv -f /etc/bashrc.default /etc/bashrc && echo -n "4, " |
[ -e /etc/sudoers.default ] && mv -f /etc/sudoers.default /etc/sudoers && echo -n "5, " |
[ -e /lib/systemd/system/alcasar-load_balancing.service ] && rm -f /lib/systemd/system/alcasar-load_balancing.service && echo -n "6, " |
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "7" |
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "7, " |
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "8" |
} |
/scripts/alcasar-urpmi.sh |
---|
12,7 → 12,7 |
VERSION="7" |
ARCH="x86_64" |
# The kernel version we compile netflow for |
KERNEL="kernel-server-5.6.14-2.mga7-1-1.mga7" |
KERNEL="kernel-server-5.7.14-1.mga7-1-1.mga7" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
# (old) perl-Socket6 : needed by nfsen |
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf |
/scripts/alcasar-watchdog.sh |
---|
17,8 → 17,8 |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1` # @ip du portail (côté LAN) |
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1} |
PRIVATE_IP="192.168.182.1" |
PRIVATE_IP="192.168.182.1" |
current_users_file="/tmp/current_users.txt" # file containing active users with their "status.php" tab open |
DIR_WEB="/var/www/html" |
Index_Page="$DIR_WEB/index.php" |
41,6 → 41,11 |
echo "can't contact the default router" |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page |
;; |
"3") |
logger -t alcasar-watchdog "can't resolv DNS queries" |
echo "can't resolv DNS queries" |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't resolv DNS queries\";?g" $Index_Page |
;; |
esac |
net_pb=`grep "network_pb = true;" $Index_Page|wc -l` |
if [ $net_pb = "0" ] # user alert (only the first time) |
81,6 → 86,15 |
fi |
fi |
fi |
# DNS request testing |
if [ $LAN_DOWN -eq "0" ] |
then |
dns_reply=`/usr/bin/host -W1 free.fr|grep SERVFAIL|wc -l` |
if [ $dns_reply -eq "1" ] |
then |
LAN_DOWN="3" |
fi |
fi |
# if LAN pb detected, users are warned |
if [ $LAN_DOWN != "0" ] |
then |