/alcasar.sh |
---|
18,9 → 18,9 |
# This script is distributed under the Gnu General Public License (GPL) |
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau) |
# ALCASAR est architecturé autour d'une distribution Linux Mandriva minimaliste et les logiciels libres suivants : |
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants : |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal) |
# ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares : |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares : |
# |
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes |
1137,6 → 1137,10 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files |
# skip checking of youtube flow (too heavy load / risk too low) |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist |
echo "*.youtube.com/*" >> /etc/havp/whitelist |
# remplacement du fichier d'initialisation |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default |
# if keep old init file : $SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp |
1458,11 → 1462,11 |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh |
# création de la bannière locale |
[ -e /etc/mandriva-release.default ] || cp /etc/mandriva-release /etc/mandriva-release.default |
cp -f $DIR_CONF/banner /etc/mandriva-release |
echo " V$VERSION" >> /etc/mandriva-release |
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default |
cp -f $DIR_CONF/banner /etc/mageia-release |
echo " V$VERSION" >> /etc/mageia-release |
# création de la bannière SSH |
cp /etc/mandriva-release /etc/ssh/alcasar-banner-ssh |
cp /etc/mageia-release /etc/ssh/alcasar-banner-ssh |
chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh |
[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default |
$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config |
1603,12 → 1607,17 |
$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst |
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst |
$SED "/^kernel/s/vga=.*/vga=791/" /boot/grub/menu.lst |
$SED "/^gfxmenu/d" /boot/grub/menu.lst |
# Remove unused services and users |
for svc in alsa sound dm |
for old_svc in alsa sound dm |
do |
/sbin/chkconfig --del $svc |
/sbin/chkconfig --del $old_svc |
done |
for svc in snmpd |
do |
/bin/systemctl -q disable $svc |
done |
for rm_users in avahi-autoipd avahi icapd |
do |
user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1` |
1785,7 → 1794,7 |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install |
do |
$func |
echo "*** 'debug' : end of function $func ***"; read a |
# echo "*** 'debug' : end of function $func ***"; read a |
done |
;; |
-u | --uninstall) |
/CHANGELOG |
---|
3,8 → 3,10 |
************ CHANGELOG *********** |
---------------------- 2.7 ----------------- |
NEWS |
- Migration to Mageia2 (in progress) |
- Installation with Mageia2 |
- The URL filter works with the new google safesearch regex ('safe=strict' instead of 'safe=vss') |
Improve core |
- HAVP doesn't scan youtube flows any more (too heavy load / no risk) |
---------------------- 2.6.1 ----------------- |
Bugs |
/scripts/alcasar-urpmi.sh |
---|
11,7 → 11,7 |
VERSION="2" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy" |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy" |
rpm_repository_sync () |
{ |
115,7 → 115,7 |
done |
# delete unused RPMs |
echo "Cleaning the system : " |
for rm_rpm in shorewall dhcp-server distcache-server avahi mandi radeontool mondo mindi task-x11 x11-server-common |
for rm_rpm in shorewall mandi radeontool |
do |
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null |
echo -n "." |
170,21 → 170,16 |
exit 1 |
fi |
# delete old alcasar RPMs and unused services |
for rm_rpm in c-icap-server lib64chilli0 libchilli0 python-coova-chilli cyrus-sasl net-snmp |
for rm_rpm in c-icap-server lib64chilli0 libchilli0 python-coova-chilli cyrus-sasl mageia-gfxboot-theme |
do |
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null |
done |
# Save chilli launch script (erase with new rpm one) |
cp /etc/chilli.conf /tmp/ |
[ -e /etc/chilli.conf ] && cp /etc/chilli.conf /tmp/ |
# Install home made RPMs |
urpmi --no-verify --auto conf/rpms/$ARCH/*.rpm |
# restore chilli launch script |
mv -f /tmp/chilli.conf /etc/ |
# Don't upgrade coova-chilli and freeradius via repository |
for rpmskip in coova-chilli freeradius |
do |
echo -n "/^$rpmskip/" >> /etc/urpmi/skip.list |
done |
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/ |
# Clean the RPM cache |
urpmi --clean |
exit 0 |
/scripts/sbin/alcasar-rpm-download.sh |
---|
6,12 → 6,12 |
# This script is distributed under the Gnu General Public License (GPL) |
# récupération des RPM nécessaire dans un fichier tarball |
# retrieve needed RPM in a yarball file |
# retrieve needed RPM in a tarball file |
VERSION="2010.2" |
VERSION="2" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats buffer vim-enhanced bind-utils arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo syslinux rsync cronie-anacron pciutils clamav pm-fallback-policy " |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy" |
rpm_repository_sync () |
{ |
20,10 → 20,8 |
downloader: wget |
} |
EOF |
urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} main /media/main/release |
urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} main_updates /media/main/updates |
urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib /media/contrib/release |
urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib_updates /media/contrib/updates |
urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} core /media/core/release |
urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} core_updates /media/core/updates |
} |
rpm_error () |
53,9 → 51,9 |
# Set the RPM repository |
MIRROR_NBR=2 |
# For french ALCASARistes |
MIRRORLIST1="http://ftp.free.fr/pub/Distributions_Linux/MandrivaLinux/official/$VERSION/$ARCH" |
MIRRORLIST1="http://www.mirrorservice.org/sites/mageia.org/pub/mageia/distrib/$VERSION/$ARCH" |
# For International install |
MIRRORLIST2="http://api.mandriva.com/mirrors/basic.$VERSION.$ARCH.list" |
MIRRORLIST2="http://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list" |
try_nb="0"; nb_repository="0" |
while [ "$nb_repository" != "4" ] |
do |
/scripts/sbin/alcasar-uninstall.sh |
---|
203,7 → 203,7 |
#post_install |
echo -en "\n- post_install(11) : " |
[ -e /etc/mandriva-release.default ] && mv /etc/mandriva-release.default /etc/mandriva-release && echo -n "1, " |
[ -e /etc/mageia-release.default ] && mv /etc/mageia-release.default /etc/mageia-release && echo -n "1, " |
[ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, " |
[ -e /etc/ssh/sshd_config.default ] && mv /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, " |
[ -e /etc/bashrc.default ] && mv /etc/bashrc.default /etc/bashrc && echo -n "4, " |