35,10 → 35,6 |
DB_USER=$(grep '^db_user=' $PASSWD_FILE | cut -d'=' -f 2-) |
DB_PASS=$(grep '^db_password=' $PASSWD_FILE | cut -d'=' -f 2-) |
SED="/bin/sed -i" |
RUNNING_VERSION=`grep ^VERSION= $CONF_FILE|cut -d'=' -f2` |
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1` |
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3` |
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2` # server DNS1 (for WL domain names) |
DOMAIN=${DOMAIN:=localdomain} |
DATE=`date '+%d %B %Y - %Hh%M'` |
46,16 → 42,16 |
private_network_calc () |
{ |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C) |
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.) |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4` # last octet of LAN address |
PRIVATE_FIRST_IP=$PRIVATE_IP # First network address (ex.: 192.168.182.1) |
PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1` # second network address (ex.: 192.168.182.2) |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4` # last octet of LAN address |
PRIVATE_FIRST_IP=$PRIVATE_IP # First network address (ex.: 192.168.182.1) |
PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1` # second network address (ex.: 192.168.182.2) |
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'` # MAC address of INTIF |
} |
89,21 → 85,20 |
mkdir $DIR_UPDATE/custom_bl |
for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist |
do |
if [ -d /etc/dansguardian ]; then # remove when no more dansguardian migrations needed |
if [ -d /etc/dansguardian ]; then # before V3.3 |
cp /etc/dansguardian/lists/$i $DIR_UPDATE/custom_bl/ |
else |
cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/ |
cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/ # since V3.3 |
fi |
done |
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null |
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.) |
mkdir $DIR_UPDATE/etc/ |
[ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/ |
cp /etc/hosts $DIR_UPDATE/etc/ |
# backup of the security certificates (server & CA) |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE |
cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE |
if [ -e /etc/pki/tls/certs/server-chain.crt ]; then |
121,12 → 116,17 |
--load|-load) |
cd /var/tmp |
tar -xf alcasar-conf*.tar.gz |
# Extract the previous version |
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2` |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1` |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2` |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1` |
# Retrieve the logo |
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/ |
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php |
# Retrieve the security certificates (CA and server) |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/ |
(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem |
136,7 → 136,7 |
# Import of the users database |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS |
# Retrieve local parameters |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
mv -f $DIR_ETC/hosts /etc/hosts |
# Retrieve BL/WL custom files |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/ |
166,13 → 166,8 |
# Remove the update folder |
rm -rf $DIR_UPDATE |
######################### modifications between versions ####################### |
# Extract the curent version |
CURRENT_VERSION=`grep ^VERSION= $CONF_FILE|cut -d"=" -f2` |
MAJ_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f1` |
MIN_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f2` |
UPD_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f3|cut -c1` |
## From 3.2.0 & 3.2.1 ## |
if [ [ $MAJ_CURRENT_VERSION == "3" ] && [ $MIN_CURRENT_VERSION == "2" ] ] |
if [ $MAJ_PREVIOUS_VERSION == "3" ] && [ $MIN_PREVIOUS_VERSION == "2" ] |
then |
## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts |
cat << EOF > $DIR_ETC/alcasar-dns-name |
196,12 → 191,11 |
127.0.0.1 localhost |
$PRIVATE_IP $HOSTNAME |
EOF |
# apache is removed (lighttpd instead) |
rm -rf /etc/httpd/ |
rm -rf /var/log/httpd/ |
# dansguardian is removed (E²guardian instead) |
rm -rf /var/dansguardian/ |
rm -rf /etc/dansguardian/ |
# apache & dansguardian are replaced with lighttpd & E²guardian |
rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian" |
/usr/sbin/urpme --auto -a $rm_rpm |
/usr/sbin/urpme --auto --auto-orphans |
rm -rf /etc/httpd/ /var/log/httpd/ /var/dansguardian/ /etc/dansguardian/ |
fi |
;; |
|
426,7 → 420,7 |
/usr/bin/systemctl stop sshd.service |
fi |
fi |
echo |
echo |
;; |
*) |
echo "Argument inconnu :$1"; |