| /alcasar.sh |
|---|
| 18,9 → 18,9 |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau) |
| # ALCASAR est architecturé autour d'une distribution Linux Mandriva minimaliste et les logiciels libres suivants : |
| # ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants : |
| # Install script for ALCASAR (a secured and authenticated Internet access control captive portal) |
| # ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares : |
| # ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares : |
| # |
| # Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes |
| 1137,6 → 1137,10 |
| $SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously |
| $SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files |
| $SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files |
| # skip checking of youtube flow (too heavy load / risk too low) |
| [ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default |
| echo "# Whitelist youtube flow" >> /etc/havp/whitelist |
| echo "*.youtube.com/*" >> /etc/havp/whitelist |
| # remplacement du fichier d'initialisation |
| [ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default |
| # if keep old init file : $SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp |
| 1458,11 → 1462,11 |
| $SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh |
| $SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh |
| # création de la bannière locale |
| [ -e /etc/mandriva-release.default ] || cp /etc/mandriva-release /etc/mandriva-release.default |
| cp -f $DIR_CONF/banner /etc/mandriva-release |
| echo " V$VERSION" >> /etc/mandriva-release |
| [ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default |
| cp -f $DIR_CONF/banner /etc/mageia-release |
| echo " V$VERSION" >> /etc/mageia-release |
| # création de la bannière SSH |
| cp /etc/mandriva-release /etc/ssh/alcasar-banner-ssh |
| cp /etc/mageia-release /etc/ssh/alcasar-banner-ssh |
| chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh |
| [ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default |
| $SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config |
| 1603,12 → 1607,17 |
| $SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst |
| $SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst |
| $SED "/^kernel/s/vga=.*/vga=791/" /boot/grub/menu.lst |
| $SED "/^gfxmenu/d" /boot/grub/menu.lst |
| # Remove unused services and users |
| for svc in alsa sound dm |
| for old_svc in alsa sound dm |
| do |
| /sbin/chkconfig --del $svc |
| /sbin/chkconfig --del $old_svc |
| done |
| for svc in snmpd |
| do |
| /bin/systemctl -q disable $svc |
| done |
| for rm_users in avahi-autoipd avahi icapd |
| do |
| user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1` |
| 1785,7 → 1794,7 |
| for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install |
| do |
| $func |
| echo "*** 'debug' : end of function $func ***"; read a |
| # echo "*** 'debug' : end of function $func ***"; read a |
| done |
| ;; |
| -u | --uninstall) |
| /CHANGELOG |
|---|
| 3,8 → 3,10 |
| ************ CHANGELOG *********** |
| ---------------------- 2.7 ----------------- |
| NEWS |
| - Migration to Mageia2 (in progress) |
| - Installation with Mageia2 |
| - The URL filter works with the new google safesearch regex ('safe=strict' instead of 'safe=vss') |
| Improve core |
| - HAVP doesn't scan youtube flows any more (too heavy load / no risk) |
| ---------------------- 2.6.1 ----------------- |
| Bugs |
| /scripts/alcasar-urpmi.sh |
|---|
| 11,7 → 11,7 |
| VERSION="2" |
| ARCH="i586" |
| # ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
| PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy" |
| PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy" |
| rpm_repository_sync () |
| { |
| 115,7 → 115,7 |
| done |
| # delete unused RPMs |
| echo "Cleaning the system : " |
| for rm_rpm in shorewall dhcp-server distcache-server avahi mandi radeontool mondo mindi task-x11 x11-server-common |
| for rm_rpm in shorewall mandi radeontool |
| do |
| /usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null |
| echo -n "." |
| 170,21 → 170,16 |
| exit 1 |
| fi |
| # delete old alcasar RPMs and unused services |
| for rm_rpm in c-icap-server lib64chilli0 libchilli0 python-coova-chilli cyrus-sasl net-snmp |
| for rm_rpm in c-icap-server lib64chilli0 libchilli0 python-coova-chilli cyrus-sasl mageia-gfxboot-theme |
| do |
| /usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null |
| done |
| # Save chilli launch script (erase with new rpm one) |
| cp /etc/chilli.conf /tmp/ |
| [ -e /etc/chilli.conf ] && cp /etc/chilli.conf /tmp/ |
| # Install home made RPMs |
| urpmi --no-verify --auto conf/rpms/$ARCH/*.rpm |
| # restore chilli launch script |
| mv -f /tmp/chilli.conf /etc/ |
| # Don't upgrade coova-chilli and freeradius via repository |
| for rpmskip in coova-chilli freeradius |
| do |
| echo -n "/^$rpmskip/" >> /etc/urpmi/skip.list |
| done |
| [ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/ |
| # Clean the RPM cache |
| urpmi --clean |
| exit 0 |
| /scripts/sbin/alcasar-rpm-download.sh |
|---|
| 6,12 → 6,12 |
| # This script is distributed under the Gnu General Public License (GPL) |
| # récupération des RPM nécessaire dans un fichier tarball |
| # retrieve needed RPM in a yarball file |
| # retrieve needed RPM in a tarball file |
| VERSION="2010.2" |
| VERSION="2" |
| ARCH="i586" |
| # ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
| PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats buffer vim-enhanced bind-utils arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo syslinux rsync cronie-anacron pciutils clamav pm-fallback-policy " |
| PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy" |
| rpm_repository_sync () |
| { |
| 20,10 → 20,8 |
| downloader: wget |
| } |
| EOF |
| urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} main /media/main/release |
| urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} main_updates /media/main/updates |
| urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib /media/contrib/release |
| urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib_updates /media/contrib/updates |
| urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} core /media/core/release |
| urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} core_updates /media/core/updates |
| } |
| rpm_error () |
| 53,9 → 51,9 |
| # Set the RPM repository |
| MIRROR_NBR=2 |
| # For french ALCASARistes |
| MIRRORLIST1="http://ftp.free.fr/pub/Distributions_Linux/MandrivaLinux/official/$VERSION/$ARCH" |
| MIRRORLIST1="http://www.mirrorservice.org/sites/mageia.org/pub/mageia/distrib/$VERSION/$ARCH" |
| # For International install |
| MIRRORLIST2="http://api.mandriva.com/mirrors/basic.$VERSION.$ARCH.list" |
| MIRRORLIST2="http://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list" |
| try_nb="0"; nb_repository="0" |
| while [ "$nb_repository" != "4" ] |
| do |
| /scripts/sbin/alcasar-uninstall.sh |
|---|
| 203,7 → 203,7 |
| #post_install |
| echo -en "\n- post_install(11) : " |
| [ -e /etc/mandriva-release.default ] && mv /etc/mandriva-release.default /etc/mandriva-release && echo -n "1, " |
| [ -e /etc/mageia-release.default ] && mv /etc/mageia-release.default /etc/mageia-release && echo -n "1, " |
| [ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, " |
| [ -e /etc/ssh/sshd_config.default ] && mv /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, " |
| [ -e /etc/bashrc.default ] && mv /etc/bashrc.default /etc/bashrc && echo -n "4, " |