BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 1240

  → / @ 1243

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 1240 → Rev 1243

/alcasar.sh
64,16 → 64,16
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # central ALCASAR conf file
PASSWD_FILE="/root/ALCASAR-passwords.txt" # text file with the passwords and shared secrets
# ******* DBMS parameters - paramètres SGBD ********
DB_RADIUS="radius" # nom de la base de données utilisée par le serveur FreeRadius
DB_USER="radius" # nom de l'utilisateur de la base de données
DB_RADIUS="radius" # database name used by FreeRadius server
DB_USER="radius" # user name allows to request the users database
# ******* Network parameters - paramètres réseau *******
HOSTNAME="alcasar" #
DOMAIN="localdomain" # domaine local
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)
DOMAIN="localdomain" # default local domain
EXTIF="eth0" # ETH0 is connected to the ISP broadband modem/router (In France : Box-FAI )
MTU="1500"
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation
INTIF="eth1" # ETH1 is connected to the consultation network
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # Default ALCASAR IP address
# ****** Paths - chemin des commandes *******
SED="/bin/sed -i"
# ****************** End of global parameters *********************
361,8 → 361,8
rm -rf conf/etc/alcasar.conf
fi
# Define LAN side global parameters
hostname $HOSTNAME
echo $HOSTNAME > /etc/hostname
hostname $HOSTNAME.$DOMAIN
echo $HOSTNAME.$DOMAIN > /etc/hostname
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)
402,7 → 402,7
# config network
cat <<EOF > /etc/sysconfig/network
NETWORKING=yes
HOSTNAME="$HOSTNAME"
HOSTNAME="$HOSTNAME.$DOMAIN"
FORWARD_IPV4=true
EOF
# config /etc/hosts
525,7 → 525,7
$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME.$DOMAIN\";?g" $DIR_WEB/index.php
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
chown -R apache:apache $DIR_WEB/*
for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;
544,7 → 544,7
# Configuration et sécurisation Apache
rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
$SED "s?^#ServerName.*?ServerName $HOSTNAME?g" /etc/httpd/conf/httpd.conf
$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
597,7 → 597,7
chmod 755 $DIR_DEST_ETC/digest
until [ -s $DIR_DEST_ETC/digest/key_admin ]
do
/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
done
$DIR_DEST_SBIN/alcasar-profil.sh --list
else # mise à jour des versions < 2.1
619,7 → 619,7
chmod 755 $DIR_DEST_ETC/digest
until [ -s $DIR_DEST_ETC/digest/key_admin ]
do
/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
done
$DIR_DEST_SBIN/alcasar-profil.sh --list
fi
639,10 → 639,10
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME
AuthName $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_all
ErrorDocument 404 https://$HOSTNAME/
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_ACC/admin>
SSLRequireSSL
654,10 → 654,10
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME
AuthName $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_admin
ErrorDocument 404 https://$HOSTNAME/
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_ACC/manager>
SSLRequireSSL
669,10 → 669,10
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME
AuthName $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_manager
ErrorDocument 404 https://$HOSTNAME/
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_ACC/backup>
SSLRequireSSL
684,10 → 684,10
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME
AuthName $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_backup
ErrorDocument 404 https://$HOSTNAME/
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
Alias /save/ "$DIR_SAVE/"
<Directory $DIR_SAVE>
700,9 → 700,9
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME
AuthName $HOSTNAME.$DOMAIN
AuthUserFile $DIR_DEST_ETC/digest/key_backup
ErrorDocument 404 https://$HOSTNAME/
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
EOF
} # End of ACC()
868,7 → 868,7
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
ErrorDocument 404 https://$HOSTNAME
ErrorDocument 404 https://$HOSTNAME.$DOMAIN
</Directory>
EOF
} # End of param_web_radius ()
984,14 → 984,14
uamport 3990
macauth
macpasswd password
locationname $HOSTNAME
locationname $HOSTNAME.$DOMAIN
radiusserver1 127.0.0.1
radiusserver2 127.0.0.1
radiussecret $secretradius
radiusauthport 1812
radiusacctport 1813
uamserver https://$HOSTNAME/intercept.php
radiusnasid $HOSTNAME
uamserver https://$HOSTNAME.$DOMAIN/intercept.php
radiusnasid $HOSTNAME.$DOMAIN
uamsecret $secretuam
uamallowed alcasar
coaport 3799