BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 1341

  → / @ 1342

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

No changes between revisions

Ignore whitespace Rev 1341 → Rev 1342

/alcasar.sh
20,7 → 20,7
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
#
# Coovachilli, freeradius, mariaDB, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump
# Options :
# -i or --install
36,7 → 36,6
# param_radius : FreeRadius initialisation
# param_web_radius : copy ans modifiy original "freeradius web" in ACC
# param_chilli : coovachilli initialisation (+authentication page)
# param_squid : Squid cache proxy configuration
# param_dansguardian : DansGuardian filtering HTTP proxy configuration
# antivirus : HAVP + libclamav configuration
# param_nfsen : Configuration du grapheur nfsen pour apache
101,11 → 100,21
##################################################################
## Function "testing" ##
## - Test of free space on /var (>10G) ##
## - Test of Internet access ##
##################################################################
testing ()
{
if [ $Lang == "fr" ]
free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G`
if [ $free_space -lt 10 ]
then
if [ $Lang == "fr" ]
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
fi
exit 0
fi
if [ $Lang == "fr" ]
then echo -n "Tests des paramètres réseau : "
else echo -n "Network parameters tests : "
fi
502,7 → 511,7
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
chown -R apache:apache $DIR_WEB/*
for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;
for i in system_backup base logs/firewall logs/httpd logs/security;
do
[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
done
976,45 → 985,6
groupadd -f chilli
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
} # End of param_chilli ()
##########################################################
## Fonction "param_squid" ##
## - Paramètrage du proxy 'squid' en mode 'cache' ##
## - Initialisation de la base de données ##
##########################################################
param_squid ()
{
# paramètrage de Squid (connecté en série derrière Dansguardian)
[ -e /etc/squid/squid.conf.default ] || cp /etc/squid/squid.conf /etc/squid/squid.conf.default
# suppression des références 'localnet', 'icp', 'htcp' et 'always_direct'
$SED "/^acl localnet/d" /etc/squid/squid.conf
$SED "/^icp_access allow localnet/d" /etc/squid/squid.conf
$SED "/^icp_port 3130/d" /etc/squid/squid.conf
$SED "/^http_access allow localnet/d" /etc/squid/squid.conf
$SED "/^htcp_access allow localnet/d" /etc/squid/squid.conf
$SED "/^always_direct allow localnet/d" /etc/squid/squid.conf
# mode 'proxy transparent local'
$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf
# Configuration du cache local
$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf
# désactivation des "access log"
echo '#Disable access log' >> /etc/squid/squid.conf
echo "access_log none" >> /etc/squid/squid.conf
# anonymisation of squid version
echo "via off" >> /etc/squid/squid.conf
# remove the 'X_forwarded' http option
echo "forwarded_for delete" >> /etc/squid/squid.conf
# linked squid output in HAVP input
echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf
echo "never_direct allow all" >> /etc/squid/squid.conf
# avoid error messages on network interfaces state changes
$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid
# reduce squid shutdown time (100 to 50)
$SED "s?^SQUID_SHUTDOWN_TIMEOUT.*?SQUID_SHUTDOWN_TIMEOUT=50?g" /etc/sysconfig/squid
# Squid cache init
/usr/sbin/squid -z
} # End of param_squid ()
##################################################################
## Fonction "param_dansguardian" ##
1031,8 → 1001,8
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
# Listen only on LAN side
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
# DG send its flow to SQUID
$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf
# DG send its flow to HAVP
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
# replace the default deny HTML page
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1471,13 → 1441,13
[ -e /etc/sudoers.default ] || cp /etc/sudoers /etc/sudoers.default
cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, squid, radiusd, ulogd)
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, radiusd, ulogd)
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
chmod 644 /etc/logrotate.d/*
# rectification sur versions précédentes de la compression des logs
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
# actualisation des fichiers logs compressés
for dir in firewall squid dansguardian httpd
for dir in firewall dansguardian httpd
do
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
done
1507,7 → 1477,7
WantedBy=multi-user.target
EOF
# processes launched at boot time (SYSV)
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
for i in ntpd iptables ulogd dnsmasq chilli httpd radiusd netfs mysqld dansguardian havp freshclam
do
/sbin/chkconfig --add $i
done
1744,12 → 1714,12
fi
fi
# RPMs install
echo "STOP" ; read a
$DIR_SCRIPTS/alcasar-urpmi.sh
if [ "$?" != "0" ]
then
exit 0
fi
echo "STOP" ; read a
if [ -e $CONF_FILE ]
then
# Uninstall the running version
1795,7 → 1765,7
else
mode="install"
fi
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install
do
$func
# echo "*** 'debug' : end of function $func ***"; read a

/conf/rpms/i586/ulogd-1.24-18-mdv2011.0.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property

/conf/rpms/i586/wget-1.13.4-2.mga2.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property

/conf/rpms/i586/ipt_netflow-kmod-1.8-0.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property

/conf/rpms/i586/wget-1.14-4.mga4.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property

/conf/rpms/x86_64/ulogd-1.24-18-mdv2011.0.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property

/conf/rpms/x86_64/wget-1.13.4-2.mga2.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property

/conf/rpms/x86_64/ipt_netflow-kmod-1.8-0.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property

/conf/rpms/x86_64/wget-1.14-4.mga4.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property

/scripts/alcasar-urpmi.sh
11,11 → 11,8
Lang=`echo $LANG|cut -c 1-2`
VERSION="4"
ARCH="i586"
# The kernel version we compile netflow for
#KERNEL="kernel-desktop-3.4.52-1.mga2-1-1.mga2"
#ModuleTree="kernel-desktop-3.4.52-1.mga2"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mbstring php-sockets rng-utils dnsmasq rsync clamav pm-fallback-policy perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg man ipset"
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mbstring php-sockets rng-utils dnsmasq rsync clamav pm-fallback-policy perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg man ipset ulogd"
rpm_repository_sync ()
{
151,17 → 148,6
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
echo -n "."
done
# download the kernel used by ALCASAR and fix its version
#if [ $Lang == "fr" ]
#then
# echo "Récupération du noyau Linux exploité par ALCASAR. Veuillez patienter ..."
#else
# echo "Download the Linux kernel used by ALCASAR. Please wait ..."
#fi
#urpmi --auto --quiet $KERNEL
#echo "/^kernel/" > /etc/urpmi/skip.list
# download "timezone" to avoid a mageia issue --> should be remove with mageia3
#urpmi timezone
# download updated RPM in cache
if [ $Lang == "fr" ]
then
234,17 → 220,8
rpm_error
exit 1
fi
# Keep only the last kernel version
#kernelVersion=$(rpm -qa | grep "kernel-desktop")
#for i in $kernelVersion
#do
# if [ ! $i = $KERNEL ];then
# urpme --auto $i
# fi
#done
echo "STOP"; read a
# delete unused services
for rm_rpm in c-icap-server mageia-gfxboot-theme
for rm_rpm in mageia-gfxboot-theme
do
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
done
257,5 → 234,4
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/
# Clean the RPM cache
urpmi --clean
exit 0